From 4871022fee6608084cd5cdc6a935c7bb7b8d597d Mon Sep 17 00:00:00 2001
From: Hendrik Hofstadt <hendrik@nexantic.com>
Date: Sun, 30 Aug 2020 17:30:43 +0200
Subject: [PATCH] ethereum: prevent invalid guardian sets or same signer
 signatures

Co-authored-by: valentin <valentinvonalbrecht@yahoo.de>
---
 ethereum/contracts/Wormhole.sol | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ethereum/contracts/Wormhole.sol b/ethereum/contracts/Wormhole.sol
index 1157b6d5..237dc3bf 100644
--- a/ethereum/contracts/Wormhole.sol
+++ b/ethereum/contracts/Wormhole.sol
@@ -99,11 +99,16 @@ contract Wormhole is ReentrancyGuard {
         require(!consumedVAAs[hash], "VAA was already executed");
 
         GuardianSet memory guardian_set = guardian_sets[vaa_guardian_set_index];
+        require(guardian_set.keys.length > 0, "invalid guardian set");
         require(guardian_set.expiration_time == 0 || guardian_set.expiration_time > block.timestamp, "guardian set has expired");
         require(((guardian_set.keys.length / 4) * 3) + 1 <= len_signers, "no quorum");
 
+        int16 last_index = - 1;
         for (uint i = 0; i < len_signers; i++) {
             uint8 index = vaa.toUint8(6 + i * 66);
+            require(index > last_index, "signature indices must be ascending");
+            last_index = int16(index);
+
             bytes32 r = vaa.toBytes32(7 + i * 66);
             bytes32 s = vaa.toBytes32(39 + i * 66);
             uint8 v = vaa.toUint8(71 + i * 66);