Security review TODO #904

nhynes · 2019-09-23T23:17:47Z

No description provided.

Cargo.toml

common/Cargo.toml

nhynes · 2019-09-24T00:01:38Z

common/src/confidential/confidential_ctx.rs

+            let hash = Hash::digest_bytes(&buffer);
+
+            let mut nonce = [0u8; NONCE_SIZE];
+            nonce[..NONCE_TAG_SIZE].copy_from_slice(&hash.as_ref()[..NONCE_TAG_SIZE]);


NB: NONCE_TAG_SIZE < NONCE_SIZE

nhynes · 2019-09-24T01:31:55Z

common/src/storage.rs

+    fn get(&self, key: Vec<u8>) -> Fallible<Vec<u8>> {
+        self.0
+            .lock()
+            .unwrap()


NB: if lock doesn't block and is about to unwrap a failure, something has gone horribly wrong, so panicking is an okay strategy

nhynes · 2019-09-24T01:33:02Z

configs/developer-gateway/tls/private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----


NB: some security audit tools will complain about private keys checked into the repo, which necessitates a filter branch and rewriting history.

reference

gateway/bin/metrics.rs

nhynes · 2019-09-24T01:39:42Z

gateway/src/impls/eth_filter.rs

+                .map(move |blk| {
+                    let mut polls = polls.lock();
+                    // +1, since we don't want to include the current block.
+                    let id = polls.create_poll(PollFilter::Block(blk.number_u64() + 1));


// TODO(nhynes) does translator ever return u64::max_value()?

update: it might, but that would imply consensus failure, which is already catastrophic

gateway/src/run.rs

resources/genesis/README.md

gateway/src/util.rs

nhynes · 2019-09-24T03:46:11Z

gateway/src/translator.rs

+            },
+            extra_info: {
+                lazy_static! {
+                    // Dummy PoW-related block extras.


why is this a lazy_static!?

nhynes · 2019-09-24T03:47:17Z

gateway/src/translator.rs

+            })
+            .and_then(|logs: Vec<LocalizedLogEntry>| {
+                let mut logs = logs;
+                logs.sort_by(|a, b| a.block_number.partial_cmp(&b.block_number).unwrap());


Suggested change

logs.sort_by(|a, b| a.block_number.partial_cmp(&b.block_number).unwrap());

logs.sort_by(|a, b| a.block_number.cmp(&b.block_number));

nhynes · 2019-09-24T03:48:59Z

gateway/src/translator.rs

+        id: BlockId,
+    ) -> impl Future<Item = U256, Error = CallError> {
+        self.simulate_transaction(transaction, id)
+            .map(|executed| executed.gas_used + executed.refunded)


this won't overflow because gas_used + refunded <= U256::max_value() else parity is buggy

nhynes · 2019-09-24T03:52:01Z

src/methods.rs

+        }
+
+        // Check whether transaction fits in the block.
+        let gas_remaining = U256::from(BLOCK_GAS_LIMIT) - ectx.env_info.gas_used;


ectx.env_info.gas_used should not exceed BLOCK_GAS_LIMIT since no tx will be added if it wouldn't fit (see next line)

src/methods.rs

Sec review WIP

4883bfd

nhynes commented Sep 23, 2019

View reviewed changes

Cargo.toml Show resolved Hide resolved

nhynes commented Sep 23, 2019

View reviewed changes

common/Cargo.toml Show resolved Hide resolved