Add canonical address registry contract + fixed circuit #437
Conversation
🦋 Changeset detectedLatest commit: ceb405d The changes in this PR will be included in the next version bump. This PR includes changesets to release 17 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
Current dependencies on/for this PR: This comment was auto-generated by Graphite. |
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: MIT OR Apache-2.0 | |||
| // SPDX-License-Identifier: MIT OR Apache-2.0 OR Apache-2.0 | |||
packages/core/src/snapJsonRpc.ts
Outdated
| import { CanonAddrSigCheckInputs } from "./proof"; | ||
| import { CanonAddress, NocturneSignature, SpendPk, ViewingKey } from "./crypto"; | ||
|
|
||
| export interface SignCanonAddrRegistryEntry { |
There was a problem hiding this comment.
nit: SignCanonAddrRegistryEntryMethod
| // Deposit manager proxy admin matches deployment proxy admin | ||
| const depositManagerProxyAdmin = await proxyAdmin( | ||
| provider, | ||
| deployment.depositManagerProxy.proxy | ||
| ); | ||
| assertOrErr( | ||
| depositManagerProxyAdmin === deployment.proxyAdmin, | ||
| "deposit manager proxy admin incorrectly set" | ||
| ); |
There was a problem hiding this comment.
was this not there previously?
There was a problem hiding this comment.
Yeah I think it was just forgotten way back when
| try { | ||
| await register(aliceEoa, compressedCanonAddr, proof); | ||
| throw new Error("invalid proof, should have reverted"); | ||
| } catch {} |
There was a problem hiding this comment.
nit: use expect().to.eventually.be.rejected
| await canonAddrRegistry | ||
| .connect(aliceEoa) | ||
| .setCanonAddr(compressedCanonAddr, packToSolidityProof(proof)); | ||
| throw new Error("invalid digest, should have reverted"); | ||
| } catch {} |
There was a problem hiding this comment.
ditto expect(...).to.eventually.be.rejected
| "https://frontend-sdk-circuit-artifacts.s3.us-east-2.amazonaws.com/canonAddrSigCheck/canonAddrSigCheck.wasm"; | ||
| const CANON_ADDR_SIG_CHECK_ZKEY_PATH = | ||
| "https://frontend-sdk-circuit-artifacts.s3.us-east-2.amazonaws.com/canonAddrSigCheck/canonAddrSigCheck.zkey"; |
There was a problem hiding this comment.
Oh right I need to upload these - will do right after I finish reviewing
| @@ -285,6 +299,47 @@ export class NocturneSdk implements NocturneSdkApi { | |||
| ); | |||
| } | |||
|
|
|||
| // TODO: use this method in interface | |||
| async registerCanonicalAddress(): Promise<ethers.ContractTransaction> { | |||
| @@ -1,12 +1,11 @@ | |||
| // SPDX-License-Identifier: MIT OR Apache-2.0 | |||
| // SPDX-License-Identifier: MIT OR Apache-2.0 OR Apache-2.0 | |||
| @@ -1,4 +1,4 @@ | |||
| // SPDX-License-Identifier: MIT OR Apache-2.0 | |||
| // SPDX-License-Identifier: MIT OR Apache-2.0 OR Apache-2.0 | |||
There was a problem hiding this comment.
Same as above. Also applies to couple of files below.
| @@ -9,7 +9,7 @@ | |||
| // added requiere error messages | |||
| // | |||
| // | |||
| // SPDX-License-Identifier: GPL-3.0 | |||
| // SPDX-License-Identifier: MIT OR Apache-2.0 | |||
There was a problem hiding this comment.
But original source is in MIT! https://gist.github.com/chriseth/f9be9d9391efc5beb9704255a8e2989d
| bytes32 domainSeparator = _domainSeparatorV4(); | ||
| bytes32 structHash = _hashCanonAddrRegistryEntry(entry); | ||
|
|
||
| bytes32 digest = ECDSAUpgradeable.toTypedDataHash( |
There was a problem hiding this comment.
Are we using the latest library here? It seems this function has moved to MessageHashUtils in the main branch of openzepplin contracts.
There was a problem hiding this comment.
It was the latest published version on npm. We use 4.9.2 but last month came out with 4.9.3. Main is probably not stable
| ); | ||
|
|
||
| // mod digest by 2^252 to fit compressed addr sign bit in 253rd PI bit | ||
| return uint256(digest) % MODULUS_252; |
There was a problem hiding this comment.
This is very minor: but we can also XOR with a mask here. Not sure if we want to keep that convention
There was a problem hiding this comment.
If we want to be consistent, we should do uint256(digest) & (1 << 252 - 1)
| /// @param entry Canon addr registry entry | ||
| function _computeDigest( | ||
| CanonAddrRegistryEntry memory entry | ||
| ) public view returns (uint256) { |
There was a problem hiding this comment.
Should we document here that this return a uint256 whose top 4 bits is guaranteed to be zero?
luketchang
force-pushed
the
seb/canon-addr-sig-check-r2
branch
from
2aada30 to
f23d974
Compare
…fix fe-sdk and snap
luketchang
force-pushed
the
seb/canon-addr-sig-check-r2
branch
from
703d2c1 to
ceb405d
Compare
luketchang
changed the title
Motivation
Fix canon addr frontrunning vulnerability due to fact that signed message didn't include eth address. Need EIP712 for general replay protection across chains.
Solution
Proof
Unnecessary. Didn't change anything that would break this
PR Checklist