algo/patch: wormhole security patches for algorand
This commit is contained in:
parent
ca43f8629a
commit
d3d68fde26
|
@ -366,7 +366,7 @@ class PortalCore:
|
|||
b += self.encoder("uint16", 8)
|
||||
|
||||
b += decode_address(approval["hash"]).hex()
|
||||
print("core " + decode_address(approval["hash"]).hex())
|
||||
print("core hash: " + decode_address(approval["hash"]).hex())
|
||||
|
||||
ret = [b]
|
||||
|
||||
|
@ -389,7 +389,7 @@ class PortalCore:
|
|||
b += self.encoder("uint8", 2) # action
|
||||
b += self.encoder("uint16", 8) # target chain
|
||||
b += decode_address(approval["hash"]).hex()
|
||||
print("token " + decode_address(approval["hash"]).hex())
|
||||
print("token hash: " + decode_address(approval["hash"]).hex())
|
||||
|
||||
ret.append(b)
|
||||
return ret
|
||||
|
|
|
@ -94,7 +94,8 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
|
|||
return MagicAssert(And(
|
||||
e.rekey_to() == Global.zero_address(),
|
||||
e.close_remainder_to() == Global.zero_address(),
|
||||
e.asset_close_to() == Global.zero_address()
|
||||
e.asset_close_to() == Global.zero_address(),
|
||||
e.on_completion() == OnComplete.NoOp
|
||||
))
|
||||
|
||||
@Subroutine(TealType.none)
|
||||
|
@ -240,6 +241,7 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
|
|||
verifyVAA.application_id() == App.globalGet(Bytes("coreid")),
|
||||
verifyVAA.application_args[0] == Bytes("verifyVAA"),
|
||||
verifyVAA.sender() == Txn.sender(),
|
||||
verifyVAA.on_completion() == OnComplete.NoOp,
|
||||
|
||||
# Lets see if the vaa we are about to process was actually verified by the core
|
||||
verifyVAA.application_args[1] == Txn.application_args[1],
|
||||
|
@ -305,12 +307,14 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
|
|||
checkForDuplicate(),
|
||||
|
||||
tidx.store(Txn.group_index() - Int(4)),
|
||||
|
||||
MagicAssert(And(
|
||||
# Lets see if the vaa we are about to process was actually verified by the core
|
||||
Gtxn[tidx.load()].type_enum() == TxnType.ApplicationCall,
|
||||
Gtxn[tidx.load()].application_id() == App.globalGet(Bytes("coreid")),
|
||||
Gtxn[tidx.load()].application_args[0] == Bytes("verifyVAA"),
|
||||
Gtxn[tidx.load()].sender() == Txn.sender(),
|
||||
Gtxn[tidx.load()].on_completion() == OnComplete.NoOp,
|
||||
|
||||
# we are all taking about the same vaa?
|
||||
Gtxn[tidx.load()].application_args[1] == Txn.application_args[1],
|
||||
|
@ -466,6 +470,7 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
|
|||
Gtxn[tidx.load()].application_id() == App.globalGet(Bytes("coreid")),
|
||||
Gtxn[tidx.load()].application_args[0] == Bytes("verifyVAA"),
|
||||
Gtxn[tidx.load()].sender() == Txn.sender(),
|
||||
Gtxn[tidx.load()].on_completion() == OnComplete.NoOp,
|
||||
|
||||
# Lets see if the vaa we are about to process was actually verified by the core
|
||||
Gtxn[tidx.load()].application_args[1] == Txn.application_args[1],
|
||||
|
@ -981,7 +986,12 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
|
|||
algo_seed.amount() == Int(seed_amt),
|
||||
# Check that its an opt in to us
|
||||
optin.type_enum() == TxnType.ApplicationCall,
|
||||
optin.on_completion() == OnComplete.OptIn
|
||||
optin.on_completion() == OnComplete.OptIn,
|
||||
|
||||
optin.application_id() == Global.current_application_id(),
|
||||
|
||||
algo_seed.receiver() == optin.sender(),
|
||||
optin.rekey_to() == Global.current_application_address()
|
||||
)
|
||||
|
||||
return Seq(
|
||||
|
|
|
@ -132,6 +132,9 @@ def getCoreContracts( genTeal, approve_name, clear_name,
|
|||
optin.on_completion() == OnComplete.OptIn,
|
||||
# Not strictly necessary since we wouldn't be seeing this unless it was us, but...
|
||||
optin.application_id() == Global.current_application_id(),
|
||||
|
||||
algo_seed.receiver() == optin.sender(),
|
||||
optin.rekey_to() == Global.current_application_address()
|
||||
)
|
||||
|
||||
return Seq(
|
||||
|
@ -314,10 +317,7 @@ def getCoreContracts( genTeal, approve_name, clear_name,
|
|||
])
|
||||
|
||||
def verifySigs():
|
||||
return Seq([
|
||||
Approve(),
|
||||
])
|
||||
|
||||
return Return (Txn.sender() == STATELESS_LOGIC_HASH)
|
||||
|
||||
@Subroutine(TealType.none)
|
||||
def checkForDuplicate():
|
||||
|
@ -513,6 +513,7 @@ def getCoreContracts( genTeal, approve_name, clear_name,
|
|||
Gtxn[Txn.group_index() - Int(1)].application_args[0] == Bytes("verifyVAA"),
|
||||
Gtxn[Txn.group_index() - Int(1)].sender() == Txn.sender(),
|
||||
Gtxn[Txn.group_index() - Int(1)].rekey_to() == Global.zero_address(),
|
||||
Gtxn[Txn.group_index() - Int(1)].on_completion() == OnComplete.NoOp,
|
||||
|
||||
# Lets see if the vaa we are about to process was actually verified by the core
|
||||
Gtxn[Txn.group_index() - Int(1)].application_args[1] == Txn.application_args[1],
|
||||
|
|
Loading…
Reference in New Issue