certusone
/
wormhole
mirror of https://github.com/certusone/wormhole.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ntt-accountant: update comment and add test

This commit is contained in:
Evan Gray 2024-03-15 15:50:39 -04:00 committed by Evan Gray
parent fa187bcf73
commit 3a8aec6217
2 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cosmwasm/contracts/ntt-global-accountant/src/contract.rs
View File

@ -209,9 +209,9 @@ fn handle_observation(
)
.map_err(|_| ContractError::MissingDestinationPeerRegistration(o.emitter_chain.into()))?;
if destination_peer != sender {
// SECURITY defense-in-depth:
// should never get here due to strict registration ordering restrictions
// the lookups above would have failed instead
// SECURITY:
// ensure that both peers are cross-registered
// this prevents a rogue transceiver from registering with and altering the balance of an existing network
bail!("peers are not cross-registered")
}
@ -517,9 +517,9 @@ fn handle_ntt_vaa(
.load(deps.storage, (destination_chain, source_peer, source_chain))
.map_err(|_| ContractError::MissingDestinationPeerRegistration(source_chain.into()))?;
if destination_peer != sender {
// SECURITY defense-in-depth:
// should never get here due to strict registration ordering restrictions
// the lookups above would have failed instead
// SECURITY:
// ensure that both peers are cross-registered
// this prevents a rogue transceiver from registering with and altering the balance of an existing network
bail!("peers are not cross-registered")
}

24
wormchain/contracts/tools/__tests__/test_ntt_accountant.ts
View File

@ -61,6 +61,7 @@ if (process.env.INIT_SIGNERS_KEYS_CSV === "undefined") {
* h. Ensure a token sent to a destination chain without a known transceiver is rejected
* i. Ensure a token sent to a destination chain without a matching transceiver is rejected
* j. Ensure spoofed tokens for more than the outstanding amount rejects successfully
* k. Ensure a rogue endpoint cannot complete a transfer
* 4. Relayers
* a. Ensure a relayer registration is saved
* b. Ensure a valid NTT transfer works
@ -111,6 +112,7 @@ const HUB_CHAIN = 2;
const HUB_TRANSCEIVER = `0000000000000000000000000000000000000000000000000000000000000042`;
const SPOKE_CHAIN_A = 4;
const SPOKE_TRANSCEIVER_A = `0000000000000000000000000000000000000000000000000000000000000043`;
const ROGUE_TRANSCEIVER_A = `ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff43`;
const SPOKE_CHAIN_B = 5;
const SPOKE_TRANSCEIVER_B = `0000000000000000000000000000000000000000000000000000000000000044`;
const FAUX_HUB_CHAIN = 420;
@ -675,6 +677,28 @@ describe("NTT Global Accountant Tests", () => {
"insufficient balance in source account: Overflow: Cannot Sub"
);
});
test("k. Ensure a rogue endpoint cannot complete a transfer", async () => {
{
// set faux spoke registration to legit hub but not vice-versa
{
const vaa = makeVAA(
SPOKE_CHAIN_A,
ROGUE_TRANSCEIVER_A,
`18fc67c2${chainToHex(HUB_CHAIN)}${HUB_TRANSCEIVER}`
);
const result = await submitVAA(vaa);
expect(result.code).toEqual(0);
}
}
const vaa = makeVAA(
SPOKE_CHAIN_A,
ROGUE_TRANSCEIVER_A,
mockTransferPayload(8, 1, HUB_CHAIN)
);
const result = await submitVAA(vaa);
expect(result.code).toEqual(5);
expect(result.rawLog).toMatch("peers are not cross-registered");
});
});
describe("4. Relayers", () => {
test("a. Ensure a relayer registration is saved", async () => {