Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DEPLOY-694]: Adds zero-value check to ScrollSequencerUptimeFeed #11710

Merged
merged 7 commits into from
Jan 24, 2024

Conversation

chris-de-leon-cll
Copy link
Contributor

No description provided.

Copy link
Contributor

github-actions bot commented Jan 8, 2024

I see that you haven't updated any CHANGELOG files. Would it make sense to do so?

Copy link
Collaborator

@mohamed-mehany mohamed-mehany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for picking this up.
I think we might've missed another zero value check.
I think the audit suggestion was to check the address for l2CrossDomainMessengerAddr

@@ -96,6 +98,10 @@ contract ScrollSequencerUptimeFeed is

/// @notice internal method that stores the L1 sender
function _setL1Sender(address to) private {
if (to == address(0)) {
revert ZeroAddress();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to reuse the InvalidSender error here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it mainly comes down to preference here -

The InvalidSender error looks like it was meant for a very specific scenario involving msg.sender, so I figured re-using it in other places could be a bit misleading for someone trying to debug or perform error handling

With that in mind, I created a separate error, but I'm open to changing it to the way you described above if you have a strong preference here

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see your point. My suggestion was related to how can the name be used to debug. For example if I see just the error name displayed in an event log I wouldn't know which address is this referring to. Maybe we can still create a new error but with a more descriptive naming?

Copy link
Contributor Author

@chris-de-leon-cll chris-de-leon-cll Jan 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see what you mean - I've added a msg argument to the ZeroAddress error, and specified which address is causing the issue using the parameter. Is this more of what you had in mind?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

simsonraj
simsonraj previously approved these changes Jan 9, 2024
mohamed-mehany
mohamed-mehany previously approved these changes Jan 9, 2024
@@ -41,6 +41,8 @@ contract ScrollSequencerUptimeFeed is
error InvalidSender();
/// @notice Replacement for AggregatorV3Interface "No data present"
error NoDataPresent();
/// @notice Address must not be the zero address
error ZeroAddress(string msg);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's remove the string arg here, that takes up a lot of gas and contract size. The error name has enough info

@@ -68,6 +70,10 @@ contract ScrollSequencerUptimeFeed is
/// @param l2CrossDomainMessengerAddr Address of the L2CrossDomainMessenger contract
/// @param initialStatus The initial status of the feed
constructor(address l1SenderAddress, address l2CrossDomainMessengerAddr, bool initialStatus) {
if (l2CrossDomainMessengerAddr == address(0)) {
revert ZeroAddress();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would expect a test for each revert. Since this adds a revert I would expect a test. Same for the other one

Comment on lines 104 to 106
function _setL1Sender(address to) private {
if (to == address(0)) {
revert ZeroAddress();
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just noticed that this might cause an issue since we deploy the contracts initially without setting the L1 address (setting it to 0) here, then we update it later. Not sure if it's the optimal ordering of the contracts deployment but in this case we would need to remove this zero check.
To clarify I'm only referring to the L1 zero check, not the messenger contract address zero check, the latter is fine.

@@ -40,6 +40,14 @@ contract ScrollSequencerUptimeFeedTest is L2EPTest {
contract ScrollSequencerUptimeFeed_Constructor is ScrollSequencerUptimeFeedTest {
/// @notice it should have been deployed with the correct initial state
function test_InitialState() public {
// L1 sender address must not be the zero address
vm.expectRevert(abi.encodeWithSelector(ScrollSequencerUptimeFeed.ZeroAddress.selector));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: you dont have to encode it if it's just the selector

@chris-de-leon-cll chris-de-leon-cll changed the title [DEPLOY-694]: Adds zero-value checks to ScrollSequencerUptimeFeed [DEPLOY-694]: Adds zero-value check to ScrollSequencerUptimeFeed Jan 23, 2024
Copy link
Collaborator

@mohamed-mehany mohamed-mehany left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@mohamed-mehany mohamed-mehany force-pushed the feat/DEPLOY-694-scroll-suf-zero-value-checks branch from 7867213 to bb434b1 Compare January 24, 2024 12:36
@cl-sonarqube-production
Copy link

SonarQube Quality Gate

Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@RensR RensR added this pull request to the merge queue Jan 24, 2024
Merged via the queue into develop with commit aa05727 Jan 24, 2024
106 checks passed
@RensR RensR deleted the feat/DEPLOY-694-scroll-suf-zero-value-checks branch January 24, 2024 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants