[entropy] audit - 2. lack of contract existence check (#1177)
* contract existence check * better comment
This commit is contained in:
parent
245cc231fd
commit
941ee777f0
|
@ -76,8 +76,16 @@ contract Executor {
|
||||||
gi.executorAddress != address(this)
|
gi.executorAddress != address(this)
|
||||||
) revert ExecutorErrors.DeserializationError();
|
) revert ExecutorErrors.DeserializationError();
|
||||||
|
|
||||||
|
// Check if the gi.callAddress is a contract account.
|
||||||
|
uint len;
|
||||||
|
address callAddress = address(gi.callAddress);
|
||||||
|
assembly {
|
||||||
|
len := extcodesize(callAddress)
|
||||||
|
}
|
||||||
|
if (len == 0) revert ExecutorErrors.InvalidContractTarget();
|
||||||
|
|
||||||
bool success;
|
bool success;
|
||||||
(success, response) = address(gi.callAddress).call(gi.callData);
|
(success, response) = address(callAddress).call(gi.callData);
|
||||||
|
|
||||||
// Check if the call was successful or not.
|
// Check if the call was successful or not.
|
||||||
if (!success) {
|
if (!success) {
|
||||||
|
|
|
@ -14,4 +14,6 @@ library ExecutorErrors {
|
||||||
error DeserializationError();
|
error DeserializationError();
|
||||||
// The message is not intended for this contract.
|
// The message is not intended for this contract.
|
||||||
error InvalidGovernanceTarget();
|
error InvalidGovernanceTarget();
|
||||||
|
// The target address for the contract call is not a contract
|
||||||
|
error InvalidContractTarget();
|
||||||
}
|
}
|
||||||
|
|
|
@ -344,6 +344,30 @@ contract ExecutorTest is Test, WormholeTestUtils {
|
||||||
vm.expectRevert("call should revert");
|
vm.expectRevert("call should revert");
|
||||||
executor.execute(vaa);
|
executor.execute(vaa);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function testCallToEoaReverts() public {
|
||||||
|
bytes memory payload = abi.encodePacked(
|
||||||
|
uint32(0x5054474d),
|
||||||
|
PythGovernanceInstructions.GovernanceModule.EvmExecutor,
|
||||||
|
Executor.ExecutorAction.Execute,
|
||||||
|
CHAIN_ID,
|
||||||
|
address(executor),
|
||||||
|
address(100),
|
||||||
|
abi.encodeWithSelector(ICallable.foo.selector)
|
||||||
|
);
|
||||||
|
|
||||||
|
bytes memory vaa = generateVaa(
|
||||||
|
uint32(block.timestamp),
|
||||||
|
OWNER_CHAIN_ID,
|
||||||
|
OWNER_EMITTER,
|
||||||
|
1,
|
||||||
|
payload,
|
||||||
|
NUM_SIGNERS
|
||||||
|
);
|
||||||
|
|
||||||
|
vm.expectRevert(ExecutorErrors.InvalidContractTarget.selector);
|
||||||
|
executor.execute(vaa);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
interface ICallable {
|
interface ICallable {
|
||||||
|
|
Loading…
Reference in New Issue