Garam Masala
This release addresses the security issues reported during Surge.
Master PR
#218
Convert all roles and signature identifiers to use hashes instead of strings.
It was reported that role checks were inconsistent and strings were used in lot of places.
All converted to hashes.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/rolehash.md
https://gist.github.com/jonatascm/9b6e4eb7530dd9b324ca2af8477ec63d
https://gist.github.com/bytes032/2c528bb635cb63b6584d67fdb31af21b
Fixes
Proper type for chainSlug, packetCount and capacitorType
chainSlug, packetCount and capacitorType had inconsistent types.
All converted to single type in codebase.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/slugsize.md
Fixes
Signature relay across socket version
Signatures from one socket deployment could be replayed on other future deployments.
Fixed by adding contract address to the contract where possible.
Seal and Propose are handled by adding version since they are assumed to operate using same signature.
Reports
https://gist.github.com/abhishekvispute/19fdbf2efa1e648be53b8b5de45fa506
Fixes
Rescue funds lib
Rescue funds lib had buggy handling of safeTransfer lib and ether transfers.
Reports
https://gist.github.com/GalloDaSballo/5456459835e4e2414002d52274174fa5
https://gist.github.com/bytes032/1730cdcdc720d09cbe6121c6f60e0a5f
https://gist.github.com/bytes032/8964fe66f837eadfeb8eb589d4702e95
https://gist.github.com/bytes032/161089af6b155237f266672f79c02bc9
https://github.com/gpersoon/SocketSurge/blob/main/amount.md
https://github.com/gpersoon/SocketSurge/blob/main/rescue.md
Fixes
Polygon receive packet check
Polygon receive packet function had improper check allowing anyone to attest arbitrary packets.
Reports
https://gist.github.com/bytes032/07ca09305cb14d663c5b7efd5f6a92a7
Fixes
Owner can manipulate totalWatchers on switchboard
Switchboard owner could make the totalWatchers variable inconsistent and cause packets to be confirmed with less security.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/owner.md
Fixes
Change switchboard by reentering from outbound
If the plug reenters socket and changes switchboard mid outbound call, they can get away with paying less fees.
Addressed by making storing PlugConfig in memory. Also move untrusted switchboard call to end.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/reenter.md
Fixes
Link messageId to destinationPlug
Link mesageId to its destination so that spoofing/blocking is not possible by other plugs.
Reports
https://gist.github.com/sujithsomraaj/7413f77603db2851834ee2520c3eb976
Fixes
onlyRemoteSwitchboard check on OptimismSwitchboard
Buggy check allowed for anyone to attest arbitrary packets on optimism native switchboard.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/andor.md
Fixes
packetId checks in execute
Insufficient checks on packet while executing allowed protocol to reach undesireable states.
Reports
https://gist.github.com/sujithsomraaj/147eb318e72f230532d9bbfdb0ffacc2
https://github.com/gpersoon/SocketSurge/blob/main/allow.md
https://github.com/gpersoon/SocketSurge/blob/main/decap.md
Fixes
Watchers can attest packets of other chains.
Buggy check on attest of FastSwitchboard allowed watcher of one source chain to attest packet of other source chains.
Addressed by removing srcChainSlug from input and use it from packetId.
Fixes
Similar signature of propose and setSourceGasPrice.
These functions had similar signature params, could be relayed in very off cases.
Fee mechanism is changed but addressed by adding sig identifier salts to signature.
Reports
https://github.com/gpersoon/SocketSurge/blob/main/replay.md
Change fee mechanism
Fees of L2s become very difficult to handle under single umbrella of gasPrice and gasLimit.
Changed to set fully calculated fees by handling the complexity off chain.