terra: Check that bytes32 fits into 20 bytes before truncating (#1458)

terra/contracts/token-bridge/src/contract.rs

@@ -679,12 +679,7 @@ fn handle_complete_transfer_with_payload(
     }
 }
 
-fn submit_vaa(
+fn submit_vaa(deps: DepsMut, env: Env, info: MessageInfo, data: &Binary) -> StdResult<Response> {
-    deps: DepsMut,
-    env: Env,
-    info: MessageInfo,
-    data: &Binary,
-) -> StdResult<Response> {
     let state = config_read(deps.storage).load()?;
 
     let vaa = parse_vaa(deps.as_ref(), env.block.time.seconds(), data)?;
@@ -793,8 +788,10 @@ fn handle_complete_transfer(
     relayer_address: &HumanAddr,
 ) -> StdResult<Response> {
     let transfer_info = TransferInfo::deserialize(&data)?;
-    if transfer_info.token_address.as_slice()[0] == 1 && transfer_info.token_chain == CHAIN_ID {
+    let marker_byte = transfer_info.token_address.as_slice()[0];
-        handle_complete_transfer_token_native(
+    if transfer_info.token_chain == CHAIN_ID {
+        match marker_byte {
+            1 => handle_complete_transfer_token_native(
                 deps,
                 env,
                 info,
@@ -803,7 +800,19 @@ fn handle_complete_transfer(
                 transfer_type,
                 data,
                 relayer_address,
-        )
+            ),
+            0 => handle_complete_transfer_token(
+                deps,
+                env,
+                info,
+                emitter_chain,
+                emitter_address,
+                transfer_type,
+                data,
+                relayer_address,
+            ),
+            b => Err(StdError::generic_err(format!("Unknown marker byte: {}", b))),
+        }
     } else {
         handle_complete_transfer_token(
             deps,

terra/contracts/wormhole/src/byte_utils.rs

@@ -44,6 +44,9 @@ impl ByteUtils for &[u8] {
     }
     fn get_address(&self, index: usize) -> CanonicalAddr {
         // 32 bytes are reserved for addresses, but only the last 20 bytes are taken by the actual address
+        if self.get_u128_be(index) >> 32 != 0 {
+            panic!("invalid Terra address");
+        }
         CanonicalAddr::from(&self[index + 32 - 20..index + 32])
     }
     fn get_bytes32(&self, index: usize) -> &[u8] {

terra/contracts/wormhole/src/testing/tests.rs

@@ -1,6 +1,7 @@
-use cosmwasm_std::StdResult;
+use cosmwasm_std::{StdResult, CanonicalAddr};
 
 use crate::state::{GuardianAddress, GuardianSetInfo, ParsedVAA};
+use crate::byte_utils::ByteUtils;
 
 #[test]
 fn quardian_set_quorum() {
@@ -160,3 +161,28 @@ fn deserialize_round_2() -> StdResult<()> {
 
     Ok(())
 }
+
+#[test]
+fn get_address_test() -> StdResult<()> {
+    let zeros_32: &[u8] = &[0;32];
+    let zeros_20: &[u8] = &[0;20];
+    assert_eq!(zeros_32.get_address(0), CanonicalAddr::from(zeros_20));
+    Ok(())
+}
+
+#[test]
+#[should_panic]
+fn get_address_test_panic() -> () {
+    // panics because of junk in first 12 bytes
+    let ones_32: &[u8] = &[1;32];
+    ones_32.get_address(0);
+}
+
+
+#[test]
+#[should_panic]
+fn get_address_test_panic_2() -> () {
+    // panics because not enough bytes (need at least 32)
+    let short_address: &[u8] = &[0;31];
+    short_address.get_address(0);
+}