Fix audit feedback on committee creation #16909
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
dariorussi
commented
Mar 27, 2024
| // `try_create_next_committee` will abort if bridge_pubkey_bytes are not unique and | ||
| // that will fail the end of epoch transaction (possibly "forever", well, we | ||
| // need to deploy proper validator changes to stop end of epoch from failing). | ||
| assert!(check_uniqueness_bridge_keys(self, bridge_pubkey_bytes), EDuplicatePubkey); |
There was a problem hiding this comment.
I could just call the API here and have the assert inside check_uniqueness_bridge_keys
if anybody feels strongly about it let me know
There was a problem hiding this comment.
assert inside check_uniqueness_bridge_keys is slightly preferential to me, but not a strong opinion
dariorussi
requested review from
patrickkuo,
damirka,
longbowlu,
Bridgerz and
manolisliolios
| test_utils::destroy(committee); | ||
| test_scenario::return_shared(system_state); | ||
| test_scenario::end(scenario); |
There was a problem hiding this comment.
nit: You could avoid non-needed code on failure-expecting tests by aborting (abort 1337)
There was a problem hiding this comment.
I could, just leaving that in line with the other tests.
Having said so and given I need to review tests and code coverage I may apply that story to all existing tests in that future PR.
Thanks for the hint, I keep forgetting that and go trough tricks every time I write tests :)
Comment on lines
187
to
191
| if (registration.bridge_pubkey_bytes == bridge_pubkey_bytes) { | ||
| if (found) { | ||
| return false | ||
| }; | ||
| found = true; |
There was a problem hiding this comment.
nit: I'd probably pass down the sender's address too and check as the "found" thing messed with my brain (but could be me malfunctioning)
if (registration.bridge_pubkey_bytes == bridge_pubkey_bytes && registration.sui_address != sender ) { return false }
There was a problem hiding this comment.
not sure I follow, the found is to make sure that bridge_pubkey_bytes is unique in the list of proposed committee upgrade.
I may be missing something here
There was a problem hiding this comment.
it messed with my brain as well and could be me malfunctioning too.
There was a problem hiding this comment.
renamed the field and added comments that should hopefully help fix the confusion
longbowlu
approved these changes
Mar 28, 2024
| @@ -164,9 +165,35 @@ module bridge::committee { | |||
| registration | |||
| }; | |||
|
|
|||
| // check uniqeuness of the bridge pubkey. | |||
| // `try_create_next_committee` will abort if bridge_pubkey_bytes are not unique and | ||
| // that will fail the end of epoch transaction (possibly "forever", well, we | ||
| // need to deploy proper validator changes to stop end of epoch from failing). | ||
| assert!(check_uniqueness_bridge_keys(self, bridge_pubkey_bytes), EDuplicatePubkey); |
There was a problem hiding this comment.
assert inside check_uniqueness_bridge_keys is slightly preferential to me, but not a strong opinion
Comment on lines
187
to
191
| if (registration.bridge_pubkey_bytes == bridge_pubkey_bytes) { | ||
| if (found) { | ||
| return false | ||
| }; | ||
| found = true; |
There was a problem hiding this comment.
it messed with my brain as well and could be me malfunctioning too.
| test_utils::destroy(committee); | ||
| test_scenario::return_shared(system_state); | ||
| test_scenario::end(scenario); |
patrickkuo
pushed a commit
that referenced
this pull request
May 2, 2024
## Description As reported by audit if a validator registers with an already used pubkey for the bridge (whether maliciously or not) the creation of the committee will fail and as such an end of epoch would fail attempting to create the committee. Moreover there is no way at the moment to flush the proposed committee (in that respect, should we have an API for it?) and it would require an emergency release to take care of the problem. This should prevent the problem from happeing. ## Test Plan Added unit test --- If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section. ### Type of Change (Check all that apply) - [ ] protocol change - [ ] user-visible impact - [ ] breaking change for a client SDKs - [ ] breaking change for FNs (FN binary must upgrade) - [ ] breaking change for validators or node operators (must upgrade binaries) - [ ] breaking change for on-chain data layout - [ ] necessitate either a data wipe or data migration ### Release notes
patrickkuo
pushed a commit
that referenced
this pull request
May 8, 2024
## Description As reported by audit if a validator registers with an already used pubkey for the bridge (whether maliciously or not) the creation of the committee will fail and as such an end of epoch would fail attempting to create the committee. Moreover there is no way at the moment to flush the proposed committee (in that respect, should we have an API for it?) and it would require an emergency release to take care of the problem. This should prevent the problem from happeing. ## Test Plan Added unit test --- If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section. ### Type of Change (Check all that apply) - [ ] protocol change - [ ] user-visible impact - [ ] breaking change for a client SDKs - [ ] breaking change for FNs (FN binary must upgrade) - [ ] breaking change for validators or node operators (must upgrade binaries) - [ ] breaking change for on-chain data layout - [ ] necessitate either a data wipe or data migration ### Release notes
patrickkuo
pushed a commit
that referenced
this pull request
May 9, 2024
## Description As reported by audit if a validator registers with an already used pubkey for the bridge (whether maliciously or not) the creation of the committee will fail and as such an end of epoch would fail attempting to create the committee. Moreover there is no way at the moment to flush the proposed committee (in that respect, should we have an API for it?) and it would require an emergency release to take care of the problem. This should prevent the problem from happeing. ## Test Plan Added unit test --- If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section. ### Type of Change (Check all that apply) - [ ] protocol change - [ ] user-visible impact - [ ] breaking change for a client SDKs - [ ] breaking change for FNs (FN binary must upgrade) - [ ] breaking change for validators or node operators (must upgrade binaries) - [ ] breaking change for on-chain data layout - [ ] necessitate either a data wipe or data migration ### Release notes
patrickkuo
pushed a commit
that referenced
this pull request
May 9, 2024
## Description As reported by audit if a validator registers with an already used pubkey for the bridge (whether maliciously or not) the creation of the committee will fail and as such an end of epoch would fail attempting to create the committee. Moreover there is no way at the moment to flush the proposed committee (in that respect, should we have an API for it?) and it would require an emergency release to take care of the problem. This should prevent the problem from happeing. ## Test Plan Added unit test --- If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section. ### Type of Change (Check all that apply) - [ ] protocol change - [ ] user-visible impact - [ ] breaking change for a client SDKs - [ ] breaking change for FNs (FN binary must upgrade) - [ ] breaking change for validators or node operators (must upgrade binaries) - [ ] breaking change for on-chain data layout - [ ] necessitate either a data wipe or data migration ### Release notes
patrickkuo
pushed a commit
that referenced
this pull request
May 9, 2024
## Description As reported by audit if a validator registers with an already used pubkey for the bridge (whether maliciously or not) the creation of the committee will fail and as such an end of epoch would fail attempting to create the committee. Moreover there is no way at the moment to flush the proposed committee (in that respect, should we have an API for it?) and it would require an emergency release to take care of the problem. This should prevent the problem from happeing. ## Test Plan Added unit test --- If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section. ### Type of Change (Check all that apply) - [ ] protocol change - [ ] user-visible impact - [ ] breaking change for a client SDKs - [ ] breaking change for FNs (FN binary must upgrade) - [ ] breaking change for validators or node operators (must upgrade binaries) - [ ] breaking change for on-chain data layout - [ ] necessitate either a data wipe or data migration ### Release notes
patrickkuo
pushed a commit
that referenced
this pull request
May 9, 2024
## Description As reported by audit if a validator registers with an already used pubkey for the bridge (whether maliciously or not) the creation of the committee will fail and as such an end of epoch would fail attempting to create the committee. Moreover there is no way at the moment to flush the proposed committee (in that respect, should we have an API for it?) and it would require an emergency release to take care of the problem. This should prevent the problem from happeing. ## Test Plan Added unit test --- If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section. ### Type of Change (Check all that apply) - [ ] protocol change - [ ] user-visible impact - [ ] breaking change for a client SDKs - [ ] breaking change for FNs (FN binary must upgrade) - [ ] breaking change for validators or node operators (must upgrade binaries) - [ ] breaking change for on-chain data layout - [ ] necessitate either a data wipe or data migration ### Release notes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
As reported by audit if a validator registers with an already used pubkey for the bridge (whether maliciously or not) the creation of the committee will fail and as such an end of epoch would fail attempting to create the committee.
Moreover there is no way at the moment to flush the proposed committee (in that respect, should we have an API for it?) and it would require an emergency release to take care of the problem.
This should prevent the problem from happeing.
Test Plan
Added unit test
If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section.
Type of Change (Check all that apply)
Release notes