check ForeignBridge transfer() overflow

2017-10-24 13:23:17 +08:00 · 2017-10-24 13:23:17 +08:00 · e4f9f24792
parent d721b1ff2b
commit e4f9f24792
8 changed files with 51 additions and 7 deletions
--- a/contracts/Authorities.bin
+++ b/contracts/Authorities.bin
@ -1 +1 @@
-60606040523415600e57600080fd5b603580601b6000396000f3006060604052600080fd00a165627a7a723058201dad5c43bba0bffc89ca5cf275cee04095a323df75058b9e5cfb736e54381f790029
+60606040523415600e57600080fd5b603580601b6000396000f3006060604052600080fd00a165627a7a723058204bf4d2e61d7c2ef77bafcb00f90ad3edc7c14ae1e5f6b5b77b535347a1e649050029
--- a/contracts/ForeignBridge.bin
+++ b/contracts/ForeignBridge.bin
--- a/contracts/HomeBridge.bin
+++ b/contracts/HomeBridge.bin
--- a/contracts/Signer.bin
+++ b/contracts/Signer.bin
@ -1 +1 @@
-60606040523415600e57600080fd5b603580601b6000396000f3006060604052600080fd00a165627a7a723058204971c18e0e1ddf69fded6644effcdb50c80ccc6d5a8aa81fe9fbfa53e1b68d100029
+60606040523415600e57600080fd5b603580601b6000396000f3006060604052600080fd00a165627a7a723058200fec83d497c5208128bec78c672d8aac3fed9559fdefa94abd436d5f580c9f1b0029
--- a/contracts/SignerTest.bin
+++ b/contracts/SignerTest.bin
@ -1 +1 @@
-6060604052341561000f57600080fd5b6105818061001e6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680631c7ede5f1461003d57600080fd5b6100d0600480803590602001908201803590602001908080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050509190803590602001908201803590602001908080601f01602080910402602001604051908101604052809392919081815260200183838082843782019150505050505091905050610112565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b600061011e8383610126565b905092915050565b6000806000806041865114151561013c57600080fd5b602086015192506040860151915060608601519050600161015c8661020e565b827f010000000000000000000000000000000000000000000000000000000000000090048585604051600081526020016040526000604051602001526040518085600019166000191681526020018460ff1660ff16815260200183600019166000191681526020018260001916600019168152602001945050505050602060405160208103908084039060008661646e5a03f115156101fa57600080fd5b505060206040510351935050505092915050565b600061021861052d565b6040805190810160405280601a81526020017f19457468657265756d205369676e6564204d6573736167653a0a00000000000081525090508061025b845161036e565b846040518084805190602001908083835b602083101515610291578051825260208201915060208101905060208303925061026c565b6001836020036101000a03801982511681845116808217855250505050505090500183805190602001908083835b6020831015156102e457805182526020820191506020810190506020830392506102bf565b6001836020036101000a03801982511681845116808217855250505050505090500182805190602001908083835b6020831015156103375780518252602082019150602081019050602083039250610312565b6001836020036101000a03801982511681845116808217855250505050505090500193505050506040518091039020915050919050565b610376610541565b61037e61052d565b60008061038961052d565b6000600860405180591061039a5750595b90808252806020026020018201604052509450600093505b60008714151561044957600a878115156103c857fe5b069250600a878115156103d757fe5b049650826030017f010000000000000000000000000000000000000000000000000000000000000002858580600101965081518110151561041457fe5b9060200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a9053506103b2565b836040518059106104575750595b90808252806020026020018201604052509150600090505b83811015610520578460018286030381518110151561048a57fe5b9060200101517f010000000000000000000000000000000000000000000000000000000000000090047f01000000000000000000000000000000000000000000000000000000000000000282828151811015156104e357fe5b9060200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a905350808060010191505061046f565b8195505050505050919050565b602060405190810160405280600081525090565b6020604051908101604052806000815250905600a165627a7a72305820fb76108a72fef4e281cb9e45df4aa8d8c33dcc5bff00ea6f7e5d9719a27745260029
+6060604052341561000f57600080fd5b6105818061001e6000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680631c7ede5f1461003d57600080fd5b6100d0600480803590602001908201803590602001908080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050509190803590602001908201803590602001908080601f01602080910402602001604051908101604052809392919081815260200183838082843782019150505050505091905050610112565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b600061011e8383610126565b905092915050565b6000806000806041865114151561013c57600080fd5b602086015192506040860151915060608601519050600161015c8661020e565b827f010000000000000000000000000000000000000000000000000000000000000090048585604051600081526020016040526000604051602001526040518085600019166000191681526020018460ff1660ff16815260200183600019166000191681526020018260001916600019168152602001945050505050602060405160208103908084039060008661646e5a03f115156101fa57600080fd5b505060206040510351935050505092915050565b600061021861052d565b6040805190810160405280601a81526020017f19457468657265756d205369676e6564204d6573736167653a0a00000000000081525090508061025b845161036e565b846040518084805190602001908083835b602083101515610291578051825260208201915060208101905060208303925061026c565b6001836020036101000a03801982511681845116808217855250505050505090500183805190602001908083835b6020831015156102e457805182526020820191506020810190506020830392506102bf565b6001836020036101000a03801982511681845116808217855250505050505090500182805190602001908083835b6020831015156103375780518252602082019150602081019050602083039250610312565b6001836020036101000a03801982511681845116808217855250505050505090500193505050506040518091039020915050919050565b610376610541565b61037e61052d565b60008061038961052d565b6000600860405180591061039a5750595b90808252806020026020018201604052509450600093505b60008714151561044957600a878115156103c857fe5b069250600a878115156103d757fe5b049650826030017f010000000000000000000000000000000000000000000000000000000000000002858580600101965081518110151561041457fe5b9060200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a9053506103b2565b836040518059106104575750595b90808252806020026020018201604052509150600090505b83811015610520578460018286030381518110151561048a57fe5b9060200101517f010000000000000000000000000000000000000000000000000000000000000090047f01000000000000000000000000000000000000000000000000000000000000000282828151811015156104e357fe5b9060200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a905350808060010191505061046f565b8195505050505050919050565b602060405190810160405280600081525090565b6020604051908101604052806000815250905600a165627a7a72305820e18bf227f2aaaf36d055778c1cbc21cdc35f0958f287389b1112c06ec544ba420029
--- a/contracts/Utils.bin
+++ b/contracts/Utils.bin
@ -1 +1 @@
-60606040523415600e57600080fd5b603580601b6000396000f3006060604052600080fd00a165627a7a723058200905d3e14b8b5697c0ffc99aac06fac68a87f03b29568419dadf089de31f7f130029
+60606040523415600e57600080fd5b603580601b6000396000f3006060604052600080fd00a165627a7a723058206d3f7e0a9ebbb56a42cb01b951446e2f5b7c560091f52168a8f74d141b66f70a0029
--- a/contracts/bridge.sol
+++ b/contracts/bridge.sol
@ -216,6 +216,8 @@ contract ForeignBridge {
    /// Used to transfer money between accounts
    function transfer (address recipient, uint value, bool externalTransfer) {
        require(balances[msg.sender] >= value);
+        // fails if value == 0, or if there is an overflow
+        require(balances[recipient] + value > balances[recipient]);

        balances[msg.sender] -= value;
        if (externalTransfer) {
--- a/truffle/test/foreign.js
+++ b/truffle/test/foreign.js
@ -164,6 +164,49 @@ contract('ForeignBridge', function(accounts) {
    })
  })

+  it("should fail to transfer 0 value", function() {
+    var meta;
+    var requiredSignatures = 1;
+    var authorities = [accounts[0], accounts[1]];
+    var user_account = accounts[2];
+    var user_account2 = accounts[3];
+    var value = web3.toWei(3, "ether");
+    var value2 = web3.toWei(0, "ether");
+    var hash = "0xe55bb43c36cdf79e23b4adc149cdded921f0d482e613c50c6540977c213bc408";
+    return ForeignBridge.new(requiredSignatures, authorities).then(function(instance) {
+      meta = instance;
+      return meta.deposit(user_account, value, hash, { from: authorities[0] });
+    }).then(function(result) {
+      return meta.transfer(user_account2, value2, false, { from: user_account });
+    }).then(function(result) {
+      assert(false, "Transfer of value 0 should fail");
+    }, function (err) {
+    })
+  })
+
+  it("should fail to transfer with value overflow", function() {
+    var meta;
+    var requiredSignatures = 1;
+    var authorities = [accounts[0], accounts[1]];
+    var user_account = accounts[2];
+    var user_account2 = accounts[3];
+    var value = web3.toWei("0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "wei");
+    var value2 = web3.toWei(1, "wei");
+    var hash = "0xe55bb43c36cdf79e23b4adc149cdded921f0d482e613c50c6540977c213bc408";
+    return ForeignBridge.new(requiredSignatures, authorities).then(function(instance) {
+      meta = instance;
+      return Promise.all([
+        meta.deposit(user_account, value, hash, { from: authorities[0] }),
+        meta.deposit(user_account2, value2, hash, { from: authorities[0] }),
+      ])
+    }).then(function(result) {
+      return meta.transfer(user_account2, value, false, { from: user_account });
+    }).then(function(result) {
+      assert(false, "Transfer with overflow should fail");
+    }, function (err) {
+    })
+  })
+
  it("should allow user to trigger withdraw", function() {
    var meta;
    var requiredSignatures = 1;
@ -385,5 +428,4 @@ contract('ForeignBridge', function(accounts) {
      // nothing
    })
  })
-
 })