Check bridge routes on send token #16960

dariorussi · 2024-03-29T16:42:05Z

Description

Audit found that send_token was not checking for valid routes.
Added the missing check

Test Plan

Added unit tests.
Positive tests (no abort) for send_token are a bit trickier and will be added when unit test review is done. They were not there so this is not a regression in tests.

If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section.

Type of Change (Check all that apply)

protocol change
user-visible impact
breaking change for a client SDKs
breaking change for FNs (FN binary must upgrade)
breaking change for validators or node operators (must upgrade binaries)
breaking change for on-chain data layout
necessitate either a data wipe or data migration

Release notes

vercel · 2024-03-29T16:42:17Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
explorer	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 30, 2024 4:18am
multisig-toolkit	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 30, 2024 4:18am
mysten-ui	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 30, 2024 4:18am
sui-core	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 30, 2024 4:18am
sui-kiosk	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 30, 2024 4:18am
sui-typescript-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Mar 30, 2024 4:18am

longbowlu · 2024-03-29T22:44:57Z

crates/sui-framework/packages/bridge/sources/bridge.move

@@ -93,6 +93,7 @@ module bridge::bridge {
    const EBridgeAlreadyPaused: u64 = 13;
    const EBridgeNotPaused: u64 = 14;
    const ETokenAlreadyClaimed: u64 = 15;
+    const EInvalidBridgeRoute: u64 = 16;


just a headsup this will conflict with your other PRs

longbowlu · 2024-03-29T22:48:03Z

crates/sui-framework/packages/bridge/sources/bridge.move

@@ -175,6 +176,7 @@ module bridge::bridge {
    ) {
        let inner = load_inner_mut(self);
        assert!(!inner.paused, EBridgeUnavailable);
+        assert!(chain_ids::is_valid_route(inner.chain_id, target_chain), EInvalidBridgeRoute);


wow this was a big miss

longbowlu · 2024-03-29T22:53:56Z

crates/sui-framework/packages/bridge/sources/bridge.move

+    fun test_execute_send_token_invalid_route() {
+        let mut scenario = test_scenario::begin(@0x0);
+        let ctx = test_scenario::ctx(&mut scenario);
+        let chain_id = chain_ids::sui_devnet();


nit: use testnet(), since we are deprecating devnet id

## Description Audit found that `send_token` was not checking for valid routes. Added the missing check ## Test Plan Added unit tests. Positive tests (no abort) for `send_token` are a bit trickier and will be added when unit test review is done. They were not there so this is not a regression in tests. --- If your changes are not user-facing and do not break anything, you can skip the following section. Otherwise, please briefly describe what has changed under the Release Notes section. ### Type of Change (Check all that apply) - [ ] protocol change - [ ] user-visible impact - [ ] breaking change for a client SDKs - [ ] breaking change for FNs (FN binary must upgrade) - [ ] breaking change for validators or node operators (must upgrade binaries) - [ ] breaking change for on-chain data layout - [ ] necessitate either a data wipe or data migration ### Release notes

dariorussi requested review from patrickkuo, damirka, longbowlu, Bridgerz and manolisliolios March 29, 2024 16:42

vercel bot deployed to Preview – sui-core March 29, 2024 16:43 View deployment

longbowlu approved these changes Mar 29, 2024

View reviewed changes

dariorussi added 2 commits March 29, 2024 23:11

Check bridge routes on send token

1094a72

snapshot and doc nonsense

07e2c95

dariorussi force-pushed the bridge_audit3 branch from 853c84e to 07e2c95 Compare March 30, 2024 04:17

dariorussi requested a review from ronny-mysten as a code owner March 30, 2024 04:17

vercel bot deployed to Preview – multisig-toolkit March 30, 2024 04:17 View deployment

vercel bot deployed to Preview – sui-typescript-docs March 30, 2024 04:17 View deployment

vercel bot deployed to Preview – explorer March 30, 2024 04:17 View deployment

vercel bot deployed to Preview – sui-kiosk March 30, 2024 04:18 View deployment

vercel bot deployed to Preview – sui-core March 30, 2024 04:18 View deployment

vercel bot deployed to Preview – mysten-ui March 30, 2024 04:18 View deployment

dariorussi merged commit 3635644 into feature/native-bridge Mar 30, 2024
45 checks passed

dariorussi deleted the bridge_audit3 branch March 30, 2024 13:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check bridge routes on send token #16960

Check bridge routes on send token #16960

dariorussi commented Mar 29, 2024 •

edited

Loading

vercel bot commented Mar 29, 2024 •

edited

Loading

longbowlu Mar 29, 2024

longbowlu Mar 29, 2024

longbowlu Mar 29, 2024

dariorussi Mar 30, 2024

Check bridge routes on send token #16960

Check bridge routes on send token #16960

Conversation

dariorussi commented Mar 29, 2024 • edited Loading

Description

Test Plan

Type of Change (Check all that apply)

Release notes

vercel bot commented Mar 29, 2024 • edited Loading

longbowlu Mar 29, 2024

Choose a reason for hiding this comment

longbowlu Mar 29, 2024

Choose a reason for hiding this comment

longbowlu Mar 29, 2024

Choose a reason for hiding this comment

dariorussi Mar 30, 2024

Choose a reason for hiding this comment

dariorussi commented Mar 29, 2024 •

edited

Loading

vercel bot commented Mar 29, 2024 •

edited

Loading