opnode: Don't allow arbitrary mints (ethereum-optimism#346)

The ordering of `mint, value` was switched to be `value, mint` when parsing emitted logs. This allows users to control their mint rather than using `msg.value` which is being fed directly into the event. Thanks to Mofi (Inphi) for finding this.
protolambda · Apr 7, 2022 · b4ff49b · b4ff49b
1 parent 8d7a1ee
commit b4ff49b
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 6 deletions.
diff --git a/opnode/rollup/derive/payload_attributes.go b/opnode/rollup/derive/payload_attributes.go
@@ -64,8 +64,6 @@ func UnmarshalLogEvent(blockNum uint64, txIndex uint64, ev *types.Log) (*types.D
 
 	// unindexed data
 	offset := uint64(0)
-	dep.Value = new(big.Int).SetBytes(ev.Data[offset : offset+32])
-	offset += 32
 
 	dep.Mint = new(big.Int).SetBytes(ev.Data[offset : offset+32])
 	// 0 mint is represented as nil to skip minting code
@@ -74,6 +72,9 @@ func UnmarshalLogEvent(blockNum uint64, txIndex uint64, ev *types.Log) (*types.D
 	}
 	offset += 32
 
+	dep.Value = new(big.Int).SetBytes(ev.Data[offset : offset+32])
+	offset += 32
+
 	gas := new(big.Int).SetBytes(ev.Data[offset : offset+32])
 	if !gas.IsUint64() {
 		return nil, fmt.Errorf("bad gas value: %x", ev.Data[offset:offset+32])

diff --git a/opnode/rollup/derive/payload_attributes_test.go b/opnode/rollup/derive/payload_attributes_test.go
@@ -72,14 +72,14 @@ func GenerateDepositLog(deposit *types.DepositTx) *types.Log {
 
 	data := make([]byte, 6*32)
 	offset := 0
-	deposit.Value.FillBytes(data[offset : offset+32])
-	offset += 32
-
 	if deposit.Mint != nil {
 		deposit.Mint.FillBytes(data[offset : offset+32])
 	}
 	offset += 32
 
+	deposit.Value.FillBytes(data[offset : offset+32])
+	offset += 32
+
 	binary.BigEndian.PutUint64(data[offset+24:offset+32], deposit.Gas)
 	offset += 32
 	if deposit.To == nil { // isCreation

diff --git a/opnode/test/system_test.go b/opnode/test/system_test.go
@@ -312,7 +312,8 @@ func TestSystemE2E(t *testing.T) {
 
 	// Finally send TX
 	mintAmount := big.NewInt(1_000_000_000_000)
-	_, err = depositContract.DepositTransaction(opts, fromAddr, mintAmount, big.NewInt(1_000_000), false, nil)
+	opts.Value = mintAmount
+	_, err = depositContract.DepositTransaction(opts, fromAddr, common.Big0, big.NewInt(1_000_000), false, nil)
 	require.Nil(t, err, "with deposit tx")
 
 	// Wait for tx to be mined on L1 (or timeout)