algo/patch: wormhole security patches for algorand

2022-08-22 15:27:16 -05:00 · 2022-08-22 15:27:16 -05:00 · d3d68fde26
parent ca43f8629a
commit d3d68fde26
3 changed files with 19 additions and 8 deletions
--- a/algorand/admin.py
+++ b/algorand/admin.py
@ -366,7 +366,7 @@ class PortalCore:
        b += self.encoder("uint16", 8)

        b += decode_address(approval["hash"]).hex()
-        print("core " + decode_address(approval["hash"]).hex())
+        print("core hash: " + decode_address(approval["hash"]).hex())

        ret = [b]

@ -389,7 +389,7 @@ class PortalCore:
        b += self.encoder("uint8", 2)  # action
        b += self.encoder("uint16", 8) # target chain
        b += decode_address(approval["hash"]).hex()
-        print("token " + decode_address(approval["hash"]).hex())
+        print("token hash: " + decode_address(approval["hash"]).hex())

        ret.append(b)
        return ret
--- a/algorand/token_bridge.py
+++ b/algorand/token_bridge.py
@ -94,7 +94,8 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
        return MagicAssert(And(
            e.rekey_to() == Global.zero_address(),
            e.close_remainder_to() == Global.zero_address(),
-            e.asset_close_to() == Global.zero_address()
+            e.asset_close_to() == Global.zero_address(),
+            e.on_completion() == OnComplete.NoOp
        ))

    @Subroutine(TealType.none)
@ -240,6 +241,7 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
                verifyVAA.application_id() == App.globalGet(Bytes("coreid")),
                verifyVAA.application_args[0] == Bytes("verifyVAA"),
                verifyVAA.sender() == Txn.sender(),
+                verifyVAA.on_completion() == OnComplete.NoOp,

                # Lets see if the vaa we are about to process was actually verified by the core
                verifyVAA.application_args[1] == Txn.application_args[1],
@ -305,12 +307,14 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
            checkForDuplicate(),

            tidx.store(Txn.group_index() - Int(4)),
+
            MagicAssert(And(
                # Lets see if the vaa we are about to process was actually verified by the core
                Gtxn[tidx.load()].type_enum() == TxnType.ApplicationCall,
                Gtxn[tidx.load()].application_id() == App.globalGet(Bytes("coreid")),
                Gtxn[tidx.load()].application_args[0] == Bytes("verifyVAA"),
                Gtxn[tidx.load()].sender() == Txn.sender(),
+                Gtxn[tidx.load()].on_completion() == OnComplete.NoOp,

                # we are all taking about the same vaa?
                Gtxn[tidx.load()].application_args[1] == Txn.application_args[1],
@ -466,6 +470,7 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
                Gtxn[tidx.load()].application_id() == App.globalGet(Bytes("coreid")),
                Gtxn[tidx.load()].application_args[0] == Bytes("verifyVAA"),
                Gtxn[tidx.load()].sender() == Txn.sender(),
+                Gtxn[tidx.load()].on_completion() == OnComplete.NoOp,

                # Lets see if the vaa we are about to process was actually verified by the core
                Gtxn[tidx.load()].application_args[1] == Txn.application_args[1],
@ -981,7 +986,12 @@ def approve_token_bridge(seed_amt: int, tmpl_sig: TmplSig, devMode: bool):
            algo_seed.amount() == Int(seed_amt),
            # Check that its an opt in to us
            optin.type_enum() == TxnType.ApplicationCall,
-            optin.on_completion() == OnComplete.OptIn
+            optin.on_completion() == OnComplete.OptIn,
+
+            optin.application_id() == Global.current_application_id(),
+
+            algo_seed.receiver() == optin.sender(),
+            optin.rekey_to() == Global.current_application_address()
        )

        return Seq(
--- a/algorand/wormhole_core.py
+++ b/algorand/wormhole_core.py
@ -132,6 +132,9 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
                optin.on_completion() == OnComplete.OptIn,
                # Not strictly necessary since we wouldn't be seeing this unless it was us, but...
                optin.application_id() == Global.current_application_id(),
+
+                algo_seed.receiver() == optin.sender(),
+                optin.rekey_to() == Global.current_application_address()
            )
    
            return Seq(
@ -314,10 +317,7 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
            ])

        def verifySigs():
-            return Seq([
-                Approve(),
-            ])
-
+            return Return (Txn.sender() == STATELESS_LOGIC_HASH)

        @Subroutine(TealType.none)
        def checkForDuplicate():
@ -513,6 +513,7 @@ def getCoreContracts(   genTeal, approve_name, clear_name,
                    Gtxn[Txn.group_index() - Int(1)].application_args[0] == Bytes("verifyVAA"),
                    Gtxn[Txn.group_index() - Int(1)].sender() == Txn.sender(),
                    Gtxn[Txn.group_index() - Int(1)].rekey_to() == Global.zero_address(),
+                    Gtxn[Txn.group_index() - Int(1)].on_completion() == OnComplete.NoOp,

                    # Lets see if the vaa we are about to process was actually verified by the core
                    Gtxn[Txn.group_index() - Int(1)].application_args[1] == Txn.application_args[1],