-
Notifications
You must be signed in to change notification settings - Fork 341
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: recipient rate limited ISM #4636
Changes from all commits
ad7bb18
63172fe
a8f7439
fa5387c
fae0ffe
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
'@hyperlane-xyz/core': minor | ||
--- | ||
|
||
fix: constrain rate limited ISM to a single message recipient |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,6 +16,8 @@ | |
using Message for bytes; | ||
using TokenMessage for bytes; | ||
|
||
address public immutable recipient; | ||
|
||
mapping(bytes32 messageId => bool validated) public messageValidated; | ||
|
||
modifier validateMessageOnce(bytes calldata _message) { | ||
|
@@ -25,14 +27,22 @@ | |
_; | ||
} | ||
|
||
modifier onlyRecipient(bytes calldata _message) { | ||
require(_message.recipientAddress() == recipient, "InvalidRecipient"); | ||
_; | ||
} | ||
|
||
constructor( | ||
address _mailbox, | ||
uint256 _maxCapacity | ||
) MailboxClient(_mailbox) RateLimited(_maxCapacity) {} | ||
uint256 _maxCapacity, | ||
Check notice Code scanning / Olympix Integrated Security Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low
Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor
|
||
address _recipient | ||
Check notice Code scanning / Olympix Integrated Security Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor Low
Parameters passed to a constructor that are not validated for correct values may lead to contract creation in an undesired state. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/no-parameter-validation-in-constructor
|
||
) MailboxClient(_mailbox) RateLimited(_maxCapacity) { | ||
recipient = _recipient; | ||
} | ||
|
||
/// @inheritdoc IInterchainSecurityModule | ||
function moduleType() external pure returns (uint8) { | ||
return uint8(IInterchainSecurityModule.Types.UNUSED); | ||
return uint8(IInterchainSecurityModule.Types.NULL); | ||
} | ||
|
||
/** | ||
|
@@ -42,7 +52,12 @@ | |
function verify( | ||
bytes calldata, | ||
bytes calldata _message | ||
) external validateMessageOnce(_message) returns (bool) { | ||
) | ||
external | ||
yorhodes marked this conversation as resolved.
Show resolved
Hide resolved
|
||
onlyRecipient(_message) | ||
validateMessageOnce(_message) | ||
returns (bool) | ||
{ | ||
require(_isDelivered(_message.id()), "InvalidDeliveredMessage"); | ||
|
||
uint256 newAmount = _message.body().amount(); | ||
|
Check notice
Code scanning / Olympix Integrated Security
Some state variables are not being fuzzed in test functions, potentially leaving vulnerabilities unexplored. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unfuzzed-variables Low