Skip to content

Commit

Permalink
NEAR: verify token and recipient addresses (#70)
Browse files Browse the repository at this point in the history 
* Verify token and recipient addresses: don't allow having the same addresses for the token and recipient.

---------

Co-authored-by: Kirill <[email protected]>
  • Loading branch information
@karim-en @sept-en
karim-en and sept-en authored Apr 26, 2023
1 parent 2662783 commit 4e7f9b6
Show file tree
Hide file tree
Showing 4 changed files with 85 additions and 32 deletions.
105 changes: 74 additions & 31 deletions near/contracts/bridge/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,11 @@ impl FastBridge {
"The fee token does not match the transfer token"
);

require!(
transfer_message.transfer.token_eth != transfer_message.recipient,
"The eth token address and recipient address can't be the same"
);

if let Some(update_balance) = update_balance.as_ref() {
self.increase_balance(
&update_balance.sender_id,
Expand Down Expand Up @@ -872,7 +877,15 @@ mod unit_tests {
}

fn eth_bridge_address() -> String {
"6b175474e89094c44da98b954eedeac495271d0f".to_string()
"6b175474e89094c44da98b954eedeac495271d0f".to_owned()
}

fn eth_token_address() -> String {
"71c7656ec7ab88b098defb751b7401b5f6d8976f".to_owned()
}

fn eth_recipient_address() -> String {
"8ba1f109551bd432803012645ac136ddd64dba72".to_owned()
}

fn prover() -> AccountId {
Expand Down Expand Up @@ -961,14 +974,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "75"
},
"fee": {
"token": "token_near",
"amount": "75"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});

contract.ft_on_transfer(
Expand Down Expand Up @@ -1051,14 +1064,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": token,
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "100"
},
"fee": {
"token": token,
"amount": "100"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});

let transfer_message = serde_json::from_value(msg).unwrap();
Expand All @@ -1068,16 +1081,14 @@ mod unit_tests {
valid_till: current_timestamp,
transfer: TransferDataEthereum {
token_near: AccountId::try_from("alice_near".to_string()).unwrap(),
token_eth: get_eth_address("71C7656EC7ab88b098defB751B7401B5f6d8976F".to_string()),
token_eth: get_eth_address(eth_token_address()),
amount: U128(100),
},
fee: TransferDataNear {
token: AccountId::try_from("alice_near".to_string()).unwrap(),
amount: U128(100),
},
recipient: fast_bridge_common::get_eth_address(
"71C7656EC7ab88b098defB751B7401B5f6d8976F".to_string(),
),
recipient: fast_bridge_common::get_eth_address(eth_recipient_address()),
valid_till_block_height: None,
};
assert_eq!(
Expand All @@ -1098,14 +1109,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": token,
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "100"
},
"fee": {
"token": token,
"amount": "100"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});

contract.validate_transfer_message(
Expand All @@ -1126,14 +1137,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": token,
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "100"
},
"fee": {
"token": token,
"amount": "100"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});

contract.validate_transfer_message(
Expand Down Expand Up @@ -1199,14 +1210,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "100"
},
"fee": {
"token": "token_near",
"amount": "100"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});

contract.init_transfer_callback(
Expand All @@ -1221,6 +1232,38 @@ mod unit_tests {
assert_eq!(0, transfer_token_amount);
}

#[test]
#[should_panic(expected = "The eth token address and recipient address can't be the same")]
fn same_token_and_recipient_addresses() {
let context = get_context(false);
testing_env!(context);
let mut contract = get_bridge_contract(None);

let valid_till_timestamp = block_timestamp() + contract.lock_duration.lock_time_max;
let token = "alice_near";
let msg = json!({
"valid_till": valid_till_timestamp,
"transfer": {
"token_near": token,
"token_eth": eth_token_address(),
"amount": "100"
},
"fee": {
"token": token,
"amount": "100"
},
"recipient": eth_token_address()
});

let last_block_height = 10;
contract.init_transfer_callback(
last_block_height,
serde_json::from_value(msg).unwrap(),
signer_account_id(),
None,
);
}

#[test]
#[should_panic(expected = "Not enough fee token balance")]
fn test_init_transfer_on_not_enough_fee_token_balance() {
Expand All @@ -1246,14 +1289,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "100"
},
"fee": {
"token": "token_near",
"amount": "100"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});

contract.init_transfer_callback(
Expand Down Expand Up @@ -1285,14 +1328,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "75"
},
"fee": {
"token": "token_near",
"amount": "75"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});
contract.init_transfer_callback(
10,
Expand Down Expand Up @@ -1335,14 +1378,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "200"
},
"fee": {
"token": "token_near",
"amount": "200"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});
contract.init_transfer_callback(
10,
Expand Down Expand Up @@ -1378,14 +1421,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "75"
},
"fee": {
"token": "token_near",
"amount": "75"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});
contract.init_transfer_callback(
10,
Expand All @@ -1411,14 +1454,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near299",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "75"
},
"fee": {
"token": "token_near",
"amount": "75"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});
contract.init_transfer_callback(
10,
Expand Down Expand Up @@ -1449,14 +1492,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "75"
},
"fee": {
"token": "token_near299",
"amount": "75"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});
contract.init_transfer_callback(
10,
Expand Down Expand Up @@ -1489,14 +1532,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "75"
},
"fee": {
"token": "token_near",
"amount": "75"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});
contract.init_transfer_callback(
10,
Expand Down Expand Up @@ -1568,14 +1611,14 @@ mod unit_tests {
"valid_till": current_timestamp,
"transfer": {
"token_near": "token_near",
"token_eth": "71c7656ec7ab88b098defb751b7401b5f6d8976f",
"token_eth": eth_token_address(),
"amount": "75"
},
"fee": {
"token": "token_near",
"amount": "75"
},
"recipient": "71c7656ec7ab88b098defb751b7401b5f6d8976f"
"recipient": eth_recipient_address()
});
contract.init_transfer_callback(
10,
Expand Down
2 changes: 1 addition & 1 deletion near/contracts/bridge/src/tests/integration_tests.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,7 +349,7 @@ mod integration_tests {
token: token.id().to_string().parse().unwrap(),
amount: fee_amount.into(),
},
recipient: [0; 20],
recipient: [1; 20],
valid_till_block_height: None,
};
let msg = near_sdk::base64::encode(msg.try_to_vec().unwrap());
Expand Down
Binary file modified near/res/fastbridge.wasm
View file
Binary file not shown.
10 changes: 10 additions & 0 deletions near/res/fastbridge_expand.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14013,6 +14013,16 @@ impl FastBridge {
&"The fee token does not match the transfer token",
)
}
if true {
let msg: &str = &"The eth token address and recipient address can't be the same";
if !(transfer_message.transfer.token_eth != transfer_message.recipient) {
::core::panicking::panic_display(&msg)
}
} else if !(transfer_message.transfer.token_eth != transfer_message.recipient) {
::near_sdk::env::panic_str(
&"The eth token address and recipient address can't be the same",
)
}
if let Some(update_balance) = update_balance.as_ref() {
self.increase_balance(
&update_balance.sender_id,
Expand Down

0 comments on commit 4e7f9b6

Please sign in to comment.