Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lido Gateway Audit Fix #709

Open
wants to merge 2 commits into
base: release/0.4.x
Choose a base branch
from
Open

Lido Gateway Audit Fix #709

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
25bc806
[Lido Audit OZ]: Lido Audit Fix (#698)
Kukoomomo Jan 13, 2025
637ec4b
Merge branch 'release/0.4.x' into review
Kukoomomo Jan 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion bindings/bin/l1lidogateway_deployed.hex
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion bindings/bin/l2lidogateway_deployed.hex
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion bindings/bin/l2wstethtoken_deployed.hex
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions bindings/bindings/l1lidogateway.go
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion bindings/bindings/l1lidogateway_more.go
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions bindings/bindings/l2lidogateway.go
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion bindings/bindings/l2lidogateway_more.go
View file
Open in desktop

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions bindings/bindings/l2wstethtoken.go
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion bindings/bindings/l2wstethtoken_more.go
View file
Open in desktop

Large diffs are not rendered by default.

13 changes: 9 additions & 4 deletions contracts/contracts/lido/L1LidoGateway.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ import {GatewayBase} from "../libraries/gateway/GatewayBase.sol";
import {LidoBridgeableTokens} from "./LidoBridgeableTokens.sol";
import {LidoGatewayManager} from "./LidoGatewayManager.sol";

/**
* @custom:security-contact [email protected]
*/
contract L1LidoGateway is L1ERC20Gateway, LidoBridgeableTokens, LidoGatewayManager {
/**********
* Errors *
Expand Down Expand Up @@ -39,8 +42,9 @@ contract L1LidoGateway is L1ERC20Gateway, LidoBridgeableTokens, LidoGatewayManag
/// @param _l1Token The address of the bridged token in the L1 chain
/// @param _l2Token The address of the token minted on the L2 chain when token bridged
constructor(address _l1Token, address _l2Token) LidoBridgeableTokens(_l1Token, _l2Token) {
require(_l1Token != address(0), "zero l1token address");
require(_l2Token != address(0), "zero l2Token address");
if (_l1Token == address(0) || _l2Token ==address(0)){
revert ErrorZeroAddress();
}

_disableInitializers();
}
Expand Down Expand Up @@ -121,16 +125,17 @@ contract L1LidoGateway is L1ERC20Gateway, LidoBridgeableTokens, LidoGatewayManag
if (_data.length != 0) revert DepositAndCallIsNotAllowed();

// 2. Generate message passed to L2LidoGateway.
address _l2Token = l2Token;
bytes memory _message = abi.encodeCall(
IL2ERC20Gateway.finalizeDepositERC20,
(_token, l2Token, _from, _to, _amount, _data)
(_token, _l2Token, _from, _to, _amount, _data)
);

uint256 nonce = IL1CrossDomainMessenger(messenger).messageNonce();

// 3. Send message to L1CrossDomainMessenger.
IL1CrossDomainMessenger(messenger).sendMessage{value: msg.value}(counterpart, 0, _message, _gasLimit, _from);

emit DepositERC20(_token, l2Token, _from, _to, _amount, _data, nonce);
emit DepositERC20(_token, _l2Token, _from, _to, _amount, _data, nonce);
}
}
15 changes: 10 additions & 5 deletions contracts/contracts/lido/L2LidoGateway.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@ import {GatewayBase} from "../libraries/gateway/GatewayBase.sol";
import {LidoBridgeableTokens} from "./LidoBridgeableTokens.sol";
import {LidoGatewayManager} from "./LidoGatewayManager.sol";

/**
* @custom:security-contact [email protected]
*/
contract L2LidoGateway is L2ERC20Gateway, LidoBridgeableTokens, LidoGatewayManager {
/**********
* Errors *
Expand Down Expand Up @@ -40,8 +43,9 @@ contract L2LidoGateway is L2ERC20Gateway, LidoBridgeableTokens, LidoGatewayManag
/// @param _l1Token The address of the bridged token in the L1 chain
/// @param _l2Token The address of the token minted on the L2 chain when token bridged
constructor(address _l1Token, address _l2Token) LidoBridgeableTokens(_l1Token, _l2Token) {
require(_l1Token != address(0), "zero l1token address");
require(_l2Token != address(0), "zero l2Token address");
if (_l1Token == address(0) || _l2Token ==address(0)){
revert ErrorZeroAddress();
}

_disableInitializers();
}
Expand All @@ -59,7 +63,7 @@ contract L2LidoGateway is L2ERC20Gateway, LidoBridgeableTokens, LidoGatewayManag

/// @notice Initialize the storage of L2LidoGateway v2.
/// @param _depositsEnabler The address of user who can enable deposits
/// @param _depositsEnabler The address of user who can disable deposits
/// @param _depositsDisabler The address of user who can disable deposits
/// @param _withdrawalsEnabler The address of user who can enable withdrawals
/// @param _withdrawalsDisabler The address of user who can disable withdrawals
function initializeV2(
Expand Down Expand Up @@ -152,16 +156,17 @@ contract L2LidoGateway is L2ERC20Gateway, LidoBridgeableTokens, LidoGatewayManag
IMorphERC20Upgradeable(_l2Token).burn(_from, _amount);

// 3. Generate message passed to L1LidoGateway.
address _l1Token = l1Token;
bytes memory _message = abi.encodeCall(
IL1ERC20Gateway.finalizeWithdrawERC20,
(l1Token, _l2Token, _from, _to, _amount, _data)
(_l1Token, _l2Token, _from, _to, _amount, _data)
);

uint256 nonce = IL2CrossDomainMessenger(messenger).messageNonce();

// 4. send message to L2CrossDomainMessenger
IL2CrossDomainMessenger(messenger).sendMessage{value: msg.value}(counterpart, 0, _message, _gasLimit);

emit WithdrawERC20(l1Token, _l2Token, _from, _to, _amount, _data, nonce);
emit WithdrawERC20(_l1Token, _l2Token, _from, _to, _amount, _data, nonce);
}
}
25 changes: 19 additions & 6 deletions contracts/contracts/lido/L2WstETHToken.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,20 @@ import {SignatureCheckerUpgradeable} from "@openzeppelin/contracts-upgradeable/u

import {MorphStandardERC20} from "../libraries/token/MorphStandardERC20.sol";

/**
* @custom:security-contact [email protected]
*/
contract L2WstETHToken is MorphStandardERC20 {
/**********
* Errors *
**********/

/// @dev Thrown when the deadline is expired.
error ErrorExpiredDeadline();

/// @dev Thrown when the given signature is invalid.
error ErrorInvalidSignature();

/*************
* Constants *
*************/
Expand All @@ -33,16 +46,16 @@ contract L2WstETHToken is MorphStandardERC20 {
bytes32 r,
bytes32 s
) public virtual override(ERC20PermitUpgradeable, IERC20PermitUpgradeable) {
require(block.timestamp <= deadline, "ERC20Permit: expired deadline");

if (block.timestamp > deadline) {
revert ErrorExpiredDeadline();
}
bytes32 structHash = keccak256(abi.encode(_PERMIT_TYPEHASH, owner, spender, value, _useNonce(owner), deadline));

bytes32 hash = _hashTypedDataV4(structHash);

require(
SignatureCheckerUpgradeable.isValidSignatureNow(owner, hash, abi.encodePacked(r, s, v)),
"ERC20Permit: invalid signature"
);
if (!SignatureCheckerUpgradeable.isValidSignatureNow(owner, hash, abi.encodePacked(r, s, v))){
revert ErrorInvalidSignature();
}

_approve(owner, spender, value);
}
Expand Down
6 changes: 6 additions & 0 deletions contracts/contracts/lido/LidoBridgeableTokens.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,9 @@

pragma solidity =0.8.24;

/**
* @custom:security-contact [email protected]
*/
abstract contract LidoBridgeableTokens {
/*************
* Constants *
Expand All @@ -17,6 +20,9 @@ abstract contract LidoBridgeableTokens {
* Errors *
**********/

/// @dev Thrown when the given address is `address(0)`.
error ErrorZeroAddress();

/// @dev Thrown the given `l1Token` is not supported.
error ErrorUnsupportedL1Token();

Expand Down
5 changes: 4 additions & 1 deletion contracts/contracts/lido/LidoGatewayManager.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,9 @@ import {GatewayBase} from "../libraries/gateway/GatewayBase.sol";

// solhint-disable func-name-mixedcase

/**
* @custom:security-contact [email protected]
*/
abstract contract LidoGatewayManager is GatewayBase {
using EnumerableSetUpgradeable for EnumerableSetUpgradeable.AddressSet;

Expand Down Expand Up @@ -128,7 +131,7 @@ abstract contract LidoGatewayManager is GatewayBase {

/// @notice Initialize the storage of LidoGatewayManager.
/// @param _depositsEnabler The address of user who can enable deposits
/// @param _depositsEnabler The address of user who can disable deposits
/// @param _depositsDisabler The address of user who can disable deposits
/// @param _withdrawalsEnabler The address of user who can enable withdrawals
/// @param _withdrawalsDisabler The address of user who can disable withdrawals
function __LidoGatewayManager_init(
Expand Down
Loading
Loading