Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: recipient rate limited ISM #4636

Merged
merged 5 commits into from
Oct 7, 2024
Merged

fix: recipient rate limited ISM #4636

merged 5 commits into from
Oct 7, 2024
+44 −7

Conversation

yorhodes
Copy link
Collaborator

@yorhodes yorhodes commented Oct 7, 2024

Description

Add recipient restriction to rate limited ISM. This prevents multiple recipients from sharing the same rate limit ISM and denial of service attacks.

Backward compatibility

No

Testing

Unit Tests

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 7, 2024
edited
Loading

🦋 Changeset detected

Latest commit: fae0ffe

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages
Name Type
@hyperlane-xyz/core Minor
@hyperlane-xyz/helloworld Patch
@hyperlane-xyz/sdk Patch
@hyperlane-xyz/infra Patch
@hyperlane-xyz/cli Patch
@hyperlane-xyz/widgets Patch
@hyperlane-xyz/ccip-server Patch
@hyperlane-xyz/github-proxy Patch
@hyperlane-xyz/utils Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 7, 2024
View reviewed changes
solidity/contracts/isms/warp-route/RateLimitedIsm.sol
@@ -16,6 +16,8 @@
using Message for bytes;
using TokenMessage for bytes;

address public immutable recipient;

Check notice

Code scanning / Olympix Integrated Security

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Low

Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables
solidity/contracts/isms/warp-route/RateLimitedIsm.sol
constructor(
address _mailbox,
uint256 _maxCapacity
) MailboxClient(_mailbox) RateLimited(_maxCapacity) {}
uint256 _maxCapacity,

Check notice

Code scanning / Olympix Integrated Security

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor
solidity/contracts/isms/warp-route/RateLimitedIsm.sol
uint256 _maxCapacity
) MailboxClient(_mailbox) RateLimited(_maxCapacity) {}
uint256 _maxCapacity,
address _recipient

Check notice

Code scanning / Olympix Integrated Security

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low

Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor
@codecov Codecov
Copy link

codecov bot commented Oct 7, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.

Project coverage is 73.85%. Comparing base (7dccf80) to head (fae0ffe).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4636      +/-   ##
==========================================
- Coverage   73.89%   73.85%   -0.04%     
==========================================
  Files         100      100              
  Lines        1421     1423       +2     
  Branches      180      181       +1     
==========================================
+ Hits         1050     1051       +1     
- Misses        350      351       +1     
  Partials       21       21
Components Coverage Δ
core 84.61% <ø> (ø)
hooks 75.71% <ø> (ø)
isms 78.94% <33.33%> (-0.26%) ⬇️
token 88.23% <ø> (ø)
middlewares 77.39% <ø> (ø)

nambrot
nambrot approved these changes Oct 7, 2024
View reviewed changes
solidity/test/isms/RateLimitedIsm.t.sol Outdated Show resolved Hide resolved
@yorhodes yorhodes added this pull request to the merge queue Oct 7, 2024
Merged via the queue into main with commit bb75eba Oct 7, 2024
36 of 38 checks passed
@yorhodes yorhodes deleted the recipient-rate-limited-ism branch October 7, 2024 20:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nambrot nambrot nambrot approved these changes

@tkporter tkporter Awaiting requested review from tkporter tkporter is a code owner

@aroralanuk aroralanuk Awaiting requested review from aroralanuk aroralanuk is a code owner

@ltyu ltyu Awaiting requested review from ltyu ltyu is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yorhodes @nambrot