From dde2cb370bd4b9816fdd0f25c8ddad0ba14705bc Mon Sep 17 00:00:00 2001 From: Zach Showalter Date: Thu, 19 Dec 2024 15:30:08 -0500 Subject: [PATCH] Fix some audit issues This commit fixes 2 audit issues present in the celestia compatible integration. Specifically, issues #6 and #7 --- arbnode/transaction_streamer.go | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/arbnode/transaction_streamer.go b/arbnode/transaction_streamer.go index c20a65ea64..7db59279f2 100644 --- a/arbnode/transaction_streamer.go +++ b/arbnode/transaction_streamer.go @@ -46,7 +46,8 @@ import ( "github.com/offchainlabs/nitro/util/sharedmetrics" "github.com/offchainlabs/nitro/util/stopwaiter" ) - +const UserDataAttestationFile = "//dev/attestation/user_report_data" +const QuoteFile = "/dev/attestation/quote" // TransactionStreamer produces blocks from a node's L1 messages, storing the results in the blockchain and recording their positions // The streamer is notified when there's new batches to process type TransactionStreamer struct { @@ -1600,6 +1601,9 @@ func (s *TransactionStreamer) HasNotSubmitted(pos arbutil.MessageIndex) (bool, e // Append a position to the pending queue. Please ensure this position is valid beforehand. func (s *TransactionStreamer) SubmitEspressoTransactionPos(pos arbutil.MessageIndex, batch ethdb.Batch) error { + s.espressoTxnsStateInsertionMutex.Lock() + defer s.espressoTxnsStateInsertionMutex.Unlock() + pendingTxnsPos, err := s.getEspressoPendingTxnsPos() if err != nil { return err @@ -1836,9 +1840,6 @@ func (s *TransactionStreamer) Start(ctxIn context.Context) error { * The quote is then read from the file specified in the config. (For SGX: /dev/attestation/quote) */ func (t *TransactionStreamer) getAttestationQuote(userData []byte) ([]byte, error) { - if (t.config().UserDataAttestationFile == "") || (t.config().QuoteFile == "") { - return []byte{}, nil - } // keccak256 hash of userData userDataHash := crypto.Keccak256(userData) @@ -1850,13 +1851,13 @@ func (t *TransactionStreamer) getAttestationQuote(userData []byte) ([]byte, erro } // Write the message to "/dev/attestation/user_report_data" in SGX - err := os.WriteFile(t.config().UserDataAttestationFile, userDataHash, 0600) + err := os.WriteFile(UserDataAttestationFile, userDataHash, 0600) if err != nil { return []byte{}, fmt.Errorf("failed to create user report data file: %w", err) } // Read the quote from "/dev/attestation/quote" in SGX - attestationQuote, err := os.ReadFile(t.config().QuoteFile) + attestationQuote, err := os.ReadFile(QuoteFile) if err != nil { return []byte{}, fmt.Errorf("failed to read quote file: %w", err) }