Merge pull request #606 from getwax/merge-in-contract-updates

Audit Fix 06 Integration branch
getwax · Jun 28, 2023 · 4863733 · 4863733
2 parents abde552 + c72b0ea
commit 4863733
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 288 deletions.
diff --git a/aggregator-proxy/package.json b/aggregator-proxy/package.json
@@ -21,7 +21,7 @@
     "@types/koa__cors": "^3.3.0",
     "@types/koa__router": "^8.0.11",
     "@types/node-fetch": "^2.6.1",
-    "bls-wallet-clients": "0.9.0-2a20bfe",
+    "bls-wallet-clients": "0.9.0-3251dec",
     "fp-ts": "^2.12.1",
     "io-ts": "^2.2.16",
     "io-ts-reporters": "^2.0.1",

diff --git a/aggregator-proxy/yarn.lock b/aggregator-proxy/yarn.lock
@@ -569,16 +569,6 @@
   version "5.7.0"
   resolved "https://registry.yarnpkg.com/@ethersproject/transactions/-/transactions-5.7.0.tgz#91318fc24063e057885a6af13fdb703e1f993d3b"
   integrity sha512-kmcNicCp1lp8qanMTC3RIikGgoJ80ztTyvtsFvCYpSCfkjhD0jZ2LOrnbcuxuToLIUYYf+4XwD1rP+B/erDIhQ==
-  dependencies:
-    "@ethersproject/address" "^5.7.0"
-    "@ethersproject/bignumber" "^5.7.0"
-    "@ethersproject/bytes" "^5.7.0"
-    "@ethersproject/constants" "^5.7.0"
-    "@ethersproject/keccak256" "^5.7.0"
-    "@ethersproject/logger" "^5.7.0"
-    "@ethersproject/properties" "^5.7.0"
-    "@ethersproject/rlp" "^5.7.0"
-    "@ethersproject/signing-key" "^5.7.0"
 
 "@ethersproject/units@5.6.0":
   version "5.6.0"
@@ -887,10 +877,10 @@ bech32@1.1.4:
   resolved "https://registry.yarnpkg.com/bech32/-/bech32-1.1.4.tgz#e38c9f37bf179b8eb16ae3a772b40c356d4832e9"
   integrity sha512-s0IrSOzLlbvX7yp4WBfPITzpAU8sqQcpsmwXDiKwrG4r491vwCO/XpejasRNl0piBMe/DvP4Tz0mIS/X1DPJBQ==
 
-bls-wallet-clients@0.9.0-2a20bfe:
-  version "0.9.0-2a20bfe"
-  resolved "https://registry.yarnpkg.com/bls-wallet-clients/-/bls-wallet-clients-0.9.0-2a20bfe.tgz#2e39757a18df3ba78d816ae15f6b88000443a2a6"
-  integrity sha512-w4efcArPBEowrAkIdVYc2mOLlkN8E5O9eIqEhoo6IrRVrN21p/JVNdoot4N3o5MAKFbeaYfid/u9lL6p2DNdiw==
+bls-wallet-clients@0.9.0-3251dec:
+  version "0.9.0-3251dec"
+  resolved "https://registry.npmjs.org/bls-wallet-clients/-/bls-wallet-clients-0.9.0-3251dec.tgz#46f6795110abd90a242fec5a59af1ae2a9f45cd9"
+  integrity sha512-GBjJToEK3nEkldnWB8971BlIKCF0AT78GsrnkXfC1WtAYsvtqyZxmfGABMmN4si8GgykyyjYcxTypORz61AGZQ==
   dependencies:
     "@thehubbleproject/bls" "^0.5.1"
     ethers "^5.7.2"

diff --git a/aggregator/deps.ts b/aggregator/deps.ts
@@ -54,7 +54,7 @@ export type {
   PublicKey,
   Signature,
   VerificationGateway,
-} from "https://esm.sh/bls-wallet-clients@0.9.0-2a20bfe";
+} from "https://esm.sh/bls-wallet-clients@0.9.0-3251dec";
 
 export {
   Aggregator as AggregatorClient,
@@ -70,10 +70,10 @@ export {
   getConfig,
   MockERC20Factory,
   VerificationGatewayFactory,
-} from "https://esm.sh/bls-wallet-clients@0.9.0-2a20bfe";
+} from "https://esm.sh/bls-wallet-clients@0.9.0-3251dec";
 
 // Workaround for esbuild's export-star bug
-import blsWalletClients from "https://esm.sh/bls-wallet-clients@0.9.0-2a20bfe";
+import blsWalletClients from "https://esm.sh/bls-wallet-clients@0.9.0-3251dec";
 const { bundleFromDto, bundleToDto, initBlsWalletSigner } = blsWalletClients;
 export { bundleFromDto, bundleToDto, initBlsWalletSigner };
 

diff --git a/contracts/clients/package.json b/contracts/clients/package.json
@@ -1,6 +1,6 @@
 {
   "name": "bls-wallet-clients",
-  "version": "0.9.0-2a20bfe",
+  "version": "0.9.0-3251dec",
   "description": "Client libraries for interacting with BLS Wallet components",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",

diff --git a/contracts/contracts/VerificationGateway.sol b/contracts/contracts/VerificationGateway.sol
@@ -157,21 +157,17 @@ contract VerificationGateway
     @dev overrides previous wallet address registered with the given public key
     @param messageSenderSignature signature of message containing only the calling address
     @param publicKey that signed the caller's address
-    @param signatureExpiryTimestamp that the signature is valid until
      */
     function setBLSKeyForWallet(
         uint256[2] memory messageSenderSignature,
-        uint256[BLS_KEY_LEN] memory publicKey,
-        uint256 signatureExpiryTimestamp
+        uint256[BLS_KEY_LEN] memory publicKey
     ) public {
         require(blsLib.isZeroBLSKey(publicKey) == false, "VG: key is zero");
         IWallet wallet = IWallet(msg.sender);
         bytes32 existingHash = hashFromWallet[wallet];
-        if (existingHash == bytes32(0)) { // wallet does not yet have a bls key registered with this gateway
-            // set it instantly
-            safeSetWallet(messageSenderSignature, publicKey, wallet, signatureExpiryTimestamp);
-        }
-        else { // wallet already has a key registered, set after delay
+
+        // Can't register new wallet contracts, only what this gateway deployed.
+        if (existingHash != bytes32(0)) { // wallet already has a key registered, set after delay
             pendingMessageSenderSignatureFromHash[existingHash] = messageSenderSignature;
             pendingBLSPublicKeyFromHash[existingHash] = publicKey;
             pendingBLSPublicKeyTimeFromHash[existingHash] = block.timestamp + 604800; // 1 week from now
@@ -235,6 +231,11 @@ contract VerificationGateway
             }
         }
 
+        require((selectorId != ProxyAdmin.upgrade.selector)
+            && (selectorId != ProxyAdmin.upgradeAndCall.selector),
+            "VG: wallet not upgradable"
+        );
+
         wallet.setAnyPending();
 
         // ensure wallet has pre-approved encodedFunction

diff --git a/contracts/test/recovery-test.ts b/contracts/test/recovery-test.ts
@@ -95,7 +95,7 @@ describe("Recovery", async function () {
       wallet1,
       vg,
       "setBLSKeyForWallet",
-      [addressSignature, wallet2.PublicKey(), signatureExpiryTimestamp],
+      [addressSignature, wallet2.PublicKey()],
       1,
       30_000_000,
     );
@@ -372,7 +372,7 @@ describe("Recovery", async function () {
       wallet1,
       vg,
       "setBLSKeyForWallet",
-      [attackSignature, walletAttacker.PublicKey(), signatureExpiryTimestamp],
+      [attackSignature, walletAttacker.PublicKey()],
       recoveredWalletNonce++,
       30_000_000,
     );
@@ -660,7 +660,7 @@ describe("Recovery", async function () {
       wallet1,
       vg,
       "setBLSKeyForWallet",
-      [addressSignature, wallet2.PublicKey(), invalidSignatureExpiryTimestamp],
+      [addressSignature, wallet2.PublicKey()],
       1,
       30_000_000,
     );
@@ -724,7 +724,7 @@ describe("Recovery", async function () {
       wallet1,
       vg,
       "setBLSKeyForWallet",
-      [addressSignature, wallet2.PublicKey(), signatureExpiryTimestamp],
+      [addressSignature, wallet2.PublicKey()],
       1,
       30_000_000,
     );