add check for the zero address in storeGuardianSet

Change-Id: Ic3c5fce71f687d98380d39dc62923d9c6423e194
2022-08-15 15:01:39 +00:00 · 2022-08-15 15:01:39 +00:00 · 6c6b25ab2a
parent 52737f8455
commit 6c6b25ab2a
2 changed files with 60 additions and 1 deletions
--- a/ethereum/contracts/Setters.sol
+++ b/ethereum/contracts/Setters.sol
@ -15,6 +15,10 @@ contract Setters is State {
    }

    function storeGuardianSet(Structs.GuardianSet memory set, uint32 index) internal {
+        uint setLength = set.keys.length;
+        for (uint i = 0; i < setLength; i++) {
+            require(set.keys[i] != address(0), "Invalid key");
+        }
        _state.guardianSets[index] = set;
    }

--- a/ethereum/test/wormhole.js
+++ b/ethereum/test/wormhole.js
@ -490,6 +490,61 @@ contract("Wormhole", function () {
        assert.equal(receiverAfter - receiverBefore, 11);
    })

+    it("should revert when submitting a new guardian set with the zero address", async function () {
+        const initialized = new web3.eth.Contract(ImplementationFullABI, Wormhole.address);
+        const accounts = await web3.eth.getAccounts();
+
+        const timestamp = 1000;
+        const nonce = 1001;
+        const emitterChainId = testGovernanceChainId;
+        const emitterAddress = testGovernanceContract;
+        const zeroAddress = "0x0000000000000000000000000000000000000000";
+
+        let oldIndex = Number(await initialized.methods.getCurrentGuardianSetIndex().call());
+
+        data = [
+            // Core
+            core,
+            // Action 2 (Guardian Set Upgrade)
+            actionGuardianSetUpgrade,
+            web3.eth.abi.encodeParameter("uint16", testChainId).substring(2 + (64 - 4)),
+            web3.eth.abi.encodeParameter("uint32", oldIndex + 1).substring(2 + (64 - 8)),
+            web3.eth.abi.encodeParameter("uint8", 3).substring(2 + (64 - 2)),
+            web3.eth.abi.encodeParameter("address", testSigner1.address).substring(2 + (64 - 40)),
+            web3.eth.abi.encodeParameter("address", testSigner2.address).substring(2 + (64 - 40)),
+            web3.eth.abi.encodeParameter("address", zeroAddress).substring(2 + (64 - 40)),
+        ].join('')
+
+        const vm = await signAndEncodeVM(
+            timestamp,
+            nonce,
+            emitterChainId,
+            emitterAddress,
+            0,
+            data,
+            [
+                testSigner1PK
+            ],
+            0,
+            2
+        );
+
+        // try to submit a new guardian set including the zero address
+        failed = false;
+        try {
+            await initialized.methods.submitNewGuardianSet("0x" + vm).send({
+                value: 0,
+                from: accounts[0],
+                gasLimit: 1000000
+            });
+        } catch (e) {
+            assert.equal(e.message, "Returned error: VM Exception while processing transaction: revert Invalid key");
+            failed = true;
+        }
+
+        assert.ok(failed);
+    })
+
    it("should accept a new guardian set", async function () {
        const initialized = new web3.eth.Contract(ImplementationFullABI, Wormhole.address);
        const accounts = await web3.eth.getAccounts();
@ -681,7 +736,7 @@ contract("Wormhole", function () {
            web3.eth.abi.encodeParameter("uint16", testChainId).substring(2 + (64 - 4)),
            // Amount
            web3.eth.abi.encodeParameter("uint256", 1).substring(2),
-            // Recipient            
+            // Recipient
            web3.eth.abi.encodeParameter("address", "0x0000000000000000000000000000000000000000").substring(2),
        ].join('')