-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: audit revision 2 #92
Conversation
[WP-I3]: I dont see a way to prevent this unless there is communication between the two w3fs. Even if we revert at [WP-I4]: Based on w3f-backend implementation, we simulate with max gas limit, then pass a suitable gas limit to the executor. I think it is safe to assume executors will not submit with a lower gas limit. 2b1db7b: Calculating dRand round onchain introduces a possibility of manipulation by miners, causing the randomness to not be fulfilled
|
@brandonchuah I'd be in favor of reverting still, so that at least it fails explicitly on a simulation. We don't plan to have the 2 W3F running in parallel at the moment. If we do, we will probably use the time interval one as a fallback, and it should try to fulfill VRF only after a delay is elapsed, to avoid racing the Event trigger W3F. |
The smart contract should emit the requested round in the event, and the Web3Function should use the round in the event directly. function _requestRandomness(
bytes memory extraData
) internal returns (uint256 requestId) {
requestId = uint256(requestPending.length);
requestPending.push();
requestPending[requestId] = true;
bytes memory data = abi.encode(requestId, extraData);
uint256 round = _round();
bytes memory dataWithRound = abi.encode(data, round);
bytes32 requestHash = keccak256(dataWithRound);
requestedHash[requestId] = requestHash;
emit RequestedRandomness(data, round);
} Web3Function.onRun(async (context: Web3FunctionEventContext) => {
const { userArgs, multiChainProvider, log } = context;
const provider = multiChainProvider.default();
const consumerAddress = userArgs.consumerAddress as string;
const consumer = new Contract(consumerAddress, CONSUMER_ABI, provider);
const event = consumer.interface.parseLog(log);
const [consumerData, round] = event.args;
const randomness = await getRandomnessByRound(round);
const encodedRandomness = ethers.BigNumber.from(`0x${randomness}`);
const consumerDataWithRound = ethers.utils.defaultAbiCoder.encode(
["bytes", "uint256"],
[consumerData, round]
);
const data = consumer.interface.encodeFunctionData("fulfillRandomness", [
encodedRandomness,
consumerDataWithRound,
]);
return {
canExec: true,
callData: [{ to: consumerAddress, data }],
};
}); |
https://notes.watchpug.com/p/18bdc4ed461G9WRt#n_7