feat: check that order.maker != zero

thesandboxgame · Oct 2, 2023 · 37e6c63 · 37e6c63 · github-actions · Oct 2, 2023
1 parent 8a33e64
commit 37e6c63
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 42 deletions.
diff --git a/packages/marketplace/contracts/exchange/ExchangeCore.sol b/packages/marketplace/contracts/exchange/ExchangeCore.sol
@@ -134,13 +134,14 @@ abstract contract ExchangeCore is Initializable, TransferExecutor, ITransferMana
         LibOrder.Order memory orderRight,
         bytes memory signatureRight
     ) internal view {
+        // validate must force order.maker != address(0)
         orderValidator.validate(orderLeft, signatureLeft, sender);
         orderValidator.validate(orderRight, signatureRight, sender);
         if (orderLeft.taker != address(0)) {
-            if (orderRight.maker != address(0)) require(orderRight.maker == orderLeft.taker, "leftOrder.taker failed");
+            require(orderRight.maker == orderLeft.taker, "leftOrder.taker failed");
         }
         if (orderRight.taker != address(0)) {
-            if (orderLeft.maker != address(0)) require(orderRight.taker == orderLeft.maker, "rightOrder.taker failed");
+            require(orderRight.taker == orderLeft.maker, "rightOrder.taker failed");
         }
     }
 
@@ -150,8 +151,8 @@ abstract contract ExchangeCore is Initializable, TransferExecutor, ITransferMana
     /// @param orderRight the right order of the match
     function _matchAndTransfer(
         address sender,
-        LibOrder.Order memory orderLeft,
-        LibOrder.Order memory orderRight
+        LibOrder.Order calldata orderLeft,
+        LibOrder.Order calldata orderRight
     ) internal {
         (LibAsset.AssetType memory makeMatch, LibAsset.AssetType memory takeMatch) = _matchAssets(
             orderLeft,
@@ -188,8 +189,8 @@ abstract contract ExchangeCore is Initializable, TransferExecutor, ITransferMana
     /// @return newFill fill result
     function _parseOrdersSetFillEmitMatch(
         address sender,
-        LibOrder.Order memory orderLeft,
-        LibOrder.Order memory orderRight
+        LibOrder.Order calldata orderLeft,
+        LibOrder.Order calldata orderRight
     )
         internal
         returns (
@@ -201,13 +202,6 @@ abstract contract ExchangeCore is Initializable, TransferExecutor, ITransferMana
         bytes32 leftOrderKeyHash = LibOrder.hashKey(orderLeft);
         bytes32 rightOrderKeyHash = LibOrder.hashKey(orderRight);
 
-        if (orderLeft.maker == address(0)) {
-            orderLeft.maker = sender;
-        }
-        if (orderRight.maker == address(0)) {
-            orderRight.maker = sender;
-        }
-
         leftOrderData = LibOrderDataGeneric.parse(orderLeft);
         rightOrderData = LibOrderDataGeneric.parse(orderRight);
 
@@ -231,8 +225,8 @@ abstract contract ExchangeCore is Initializable, TransferExecutor, ITransferMana
     ///    @return newFill returns change in orders' fills by the match
     function _setFillEmitMatch(
         address sender,
-        LibOrder.Order memory orderLeft,
-        LibOrder.Order memory orderRight,
+        LibOrder.Order calldata orderLeft,
+        LibOrder.Order calldata orderRight,
         bytes32 leftOrderKeyHash,
         bytes32 rightOrderKeyHash,
         bool leftMakeFill,

diff --git a/packages/marketplace/contracts/exchange/OrderValidator.sol b/packages/marketplace/contracts/exchange/OrderValidator.sol
@@ -44,35 +44,37 @@ contract OrderValidator is IOrderValidator, Initializable, EIP712Upgradeable, Wh
     /// @param order order to be validated
     /// @param signature signature of order
     /// @param sender order sender
-    function validate(LibOrder.Order memory order, bytes memory signature, address sender) public view {
+    function validate(LibOrder.Order calldata order, bytes memory signature, address sender) public view {
+        require(order.maker != address(0), "no maker");
+
         LibOrder.validateOrderTime(order);
 
         address makeToken = abi.decode(order.makeAsset.assetType.data, (address));
         verifyWhiteList(makeToken);
 
         if (order.salt == 0) {
-            if (order.maker != address(0)) {
-                require(sender == order.maker, "maker is not tx sender");
-            }
-        } else {
-            if (sender != order.maker) {
-                bytes32 hash = LibOrder.hash(order);
-                // if maker is contract checking ERC1271 signature
-                if (order.maker.isContract()) {
-                    require(
-                        IERC1271Upgradeable(order.maker).isValidSignature(_hashTypedDataV4(hash), signature) ==
-                            MAGICVALUE,
-                        "contract order signature verification error"
-                    );
-                } else {
-                    // if maker is not contract then checking ECDSA signature
-                    if (_hashTypedDataV4(hash).recover(signature) != order.maker) {
-                        revert("order signature verification error");
-                    } else {
-                        require(order.maker != address(0), "no maker");
-                    }
-                }
-            }
+            require(sender == order.maker, "maker is not tx sender");
+            // No partial fill the order is reusable forever
+            return;
+        }
+
+        if (sender == order.maker) {
+            return;
+        }
+
+        bytes32 hash = LibOrder.hash(order);
+        // if maker is contract checking ERC1271 signature
+        if (order.maker.isContract()) {
+            require(
+                IERC1271Upgradeable(order.maker).isValidSignature(_hashTypedDataV4(hash), signature) == MAGICVALUE,
+                "contract order signature verification error"
+            );
+            return;
+        }
+
+        // if maker is not contract then checking ECDSA signature
+        if (_hashTypedDataV4(hash).recover(signature) != order.maker) {
+            revert("order signature verification error");
         }
     }
 

diff --git a/packages/marketplace/contracts/exchange/libraries/LibFill.sol b/packages/marketplace/contracts/exchange/libraries/LibFill.sol
@@ -27,8 +27,8 @@ library LibFill {
     /// @dev 2nd: right order should be fully filled or 3d: both should be fully filled if required values are the same
     /// @return the fill result of both orders
     function fillOrder(
-        LibOrder.Order memory leftOrder,
-        LibOrder.Order memory rightOrder,
+        LibOrder.Order calldata leftOrder,
+        LibOrder.Order calldata rightOrder,
         uint256 leftOrderFill,
         uint256 rightOrderFill,
         bool leftIsMakeFill,

diff --git a/packages/marketplace/contracts/lib-order/LibOrder.sol b/packages/marketplace/contracts/lib-order/LibOrder.sol
@@ -50,7 +50,7 @@ library LibOrder {
     /// @notice calculate hash key from order
     /// @param order object to be hashed
     /// @return hash key of order
-    function hashKey(Order memory order) internal pure returns (bytes32) {
+    function hashKey(Order calldata order) internal pure returns (bytes32) {
         if (order.dataType == DEFAULT_ORDER_TYPE) {
             return
                 keccak256(
@@ -79,7 +79,7 @@ library LibOrder {
     /// @notice calculate hash from order
     /// @param order object to be hashed
     /// @return hash of order
-    function hash(Order memory order) internal pure returns (bytes32) {
+    function hash(Order calldata order) internal pure returns (bytes32) {
         return
             keccak256(
                 // solhint-disable-next-line func-named-parameters

diff --git a/packages/marketplace/test/exchange/OrderValidator.test.ts b/packages/marketplace/test/exchange/OrderValidator.test.ts
@@ -79,6 +79,46 @@ describe('OrderValidator.sol', function () {
       .to.not.be.reverted;
   });
 
+  it('should validate when salt is non zero and Order maker is sender', async function () {
+    const {OrderValidatorAsUser, ERC20Contract, ERC721Contract, user1} =
+      await loadFixture(deployFixtures);
+    const makerAsset = await AssetERC721(ERC721Contract, 100);
+    const takerAsset = await AssetERC20(ERC20Contract, 100);
+    const order = await OrderDefault(
+      user1,
+      makerAsset,
+      ZeroAddress,
+      takerAsset,
+      1,
+      0,
+      0
+    );
+    const signature = await signOrder(order, user1, OrderValidatorAsUser);
+
+    await expect(OrderValidatorAsUser.validate(order, signature, user1.address))
+      .to.not.be.reverted;
+  });
+  it('should not validate when maker is address zero', async function () {
+    const {OrderValidatorAsUser, ERC20Contract, ERC721Contract, user1, user2} =
+      await loadFixture(deployFixtures);
+    const makerAsset = await AssetERC721(ERC721Contract, 100);
+    const takerAsset = await AssetERC20(ERC20Contract, 100);
+    const order = await OrderDefault(
+      user1,
+      makerAsset,
+      ZeroAddress,
+      takerAsset,
+      1,
+      0,
+      0
+    );
+    order.maker = ZeroAddress;
+    const signature = await signOrder(order, user2, OrderValidatorAsUser);
+    await expect(
+      OrderValidatorAsUser.validate(order, signature, user2.address)
+    ).to.be.revertedWith('no maker');
+  });
+
   it('should not validate when sender and signature signer is not Order maker', async function () {
     const {OrderValidatorAsUser, ERC20Contract, ERC721Contract, user1, user2} =
       await loadFixture(deployFixtures);
@@ -349,4 +389,7 @@ describe('OrderValidator.sol', function () {
       )
     ).to.be.equal(false);
   });
+  // TODO:
+  // it('should check start / end', async function () {});
+  // it('should check validate through the whitelist', async function () {});
 });
File	Stmts	Branches	Funcs	Lines	Uncovered Lines
packages/marketplace/contracts/exchange
AssetMatcher.sol	100%	100%	100%	100%
Exchange.sol	83.58%	78.57%	87.50%	86.96%	176, 66, 82, 92, 92–93, 93, 93–94
ExchangeCore.sol	83.17%	63.89%	100%	92.59%	116, 140–141, 141, 141, 144, 239, 241–243, 249–251, 274–275, 292, 76
OrderValidator.sol	71.70%	58.33%	100%	79.17%	38, 67–68, 68, 68, 72, 84–85, 90, 92, 92, 92, 92–93, 95
WhiteList.sol	97.73%	93.75%	100%	100%	57
packages/marketplace/contracts/exchange/libraries
LibFill.sol	55%	33.33%	66.67%	63.64%	48–49, 61, 71–72, 72, 72–73
LibOrderDataGeneric.sol	22.81%	22.22%	40%	20.59%	16–23, 25–26, 28, 41, 43, 43, 43–44, 46–47, 50, 50, 50–51, 53, 56, 56, 56–57, 59, 62, 66, 68, 68, 68–70, 73, 82, 82, 82–84
packages/marketplace/contracts/interfaces
IAssetMatcher.sol	100%	100%	100%	100%
IOrderValidator.sol	100%	100%	100%	100%
IRoyaltiesProvider.sol	100%	100%	100%	100%
IWhiteList.sol	100%	100%	100%	100%
packages/marketplace/contracts/lib-asset
LibAsset.sol	100%	100%	100%	100%
packages/marketplace/contracts/lib-bp
BpLibrary.sol	100%	100%	100%	100%
packages/marketplace/contracts/lib-order
LibMath.sol	27.50%	18.75%	50%	30%	100–103, 17–18, 33–34, 50, 50, 50–51, 72, 72, 72–73, 75, 88, 88, 88–89, 93, 93, 93, 93, 93, 97
LibOrder.sol	66.67%	50%	100%	72.73%	105, 105, 107, 107, 41–43, 54, 66
LibOrderData.sol	100%	100%	100%	100%
packages/marketplace/contracts/lib-part
LibPart.sol	0%	100%	0%	0%	21
packages/marketplace/contracts/royalties
IERC2981.sol	100%	100%	100%	100%
LibRoyalties2981.sol	78.57%	50%	100%	88.89%	19–20, 23
packages/marketplace/contracts/royalties-registry
IMultiRoyaltyRecipients.sol	100%	100%	100%	100%
RoyaltiesRegistry.sol	79.20%	79.41%	100%	75%	166–167, 170–171, 212, 216, 232–233, 236–244, 247, 247, 247–248, 250, 256, 259, 276, 60
packages/marketplace/contracts/transfer-manager
TransferExecutor.sol	75.76%	64.29%	100%	81.25%	49–51, 58–59, 63, 66–67
TransferManager.sol	82.58%	71.43%	100%	87.36%	110, 114–115, 195, 202–203, 203, 203–204, 208, 248, 265, 269–271, 271, 271–273, 278–279, 302, 306–307, 62, 82–83
packages/marketplace/contracts/transfer-manager/interfaces
IRoyaltyUGC.sol	100%	100%	100%	100%
ITransferExecutor.sol	100%	100%	100%	100%
ITransferManager.sol	100%	100%	100%	100%
packages/marketplace/contracts/transfer-manager/lib
LibDeal.sol	100%	100%	100%	100%
LibFeeSide.sol	44.44%	37.50%	100%	44.44%	21, 24, 24, 24–25, 27, 27, 27–28, 30
LibTransfer.sol	0%	0%	0%	0%	7–8, 8, 8