Skip to content

Commit

Permalink
fix: update based on audit
Browse files Browse the repository at this point in the history 
fix: update based on feedback

fix: add validFeed modifiers

fix: Check if oracle whitelisted before removal

docs: remove outdated comment

fix: remove iteration

fix: update argument type

fix: update based on feedback

fix: update intended implementation

fix: update iteration
  • Loading branch information
@nick-bisonai
nick-bisonai committed May 9, 2024
1 parent b31a85c commit a9b5bb3
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 22 deletions.
17 changes: 6 additions & 11 deletions contracts/v0.2/src/FeedRouter.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ contract FeedRouter is Ownable, IFeedRouter {
function twap(string calldata _feedName, uint256 _interval, uint256 _latestUpdatedAtTolerance, int256 _minCount)
external
view
validFeed(_feedName)
returns (int256)
{
return IFeedProxy(feedToProxies[_feedName]).twap(_interval, _latestUpdatedAtTolerance, _minCount);
Expand All @@ -109,7 +110,7 @@ contract FeedRouter is Ownable, IFeedRouter {
uint256 _interval,
uint256 _latestUpdatedAtTolerance,
int256 _minCount
) external view returns (int256) {
) external view validFeed(_feedName) returns (int256) {
return
IFeedProxy(feedToProxies[_feedName]).twapFromProposedFeed(_interval, _latestUpdatedAtTolerance, _minCount);
}
Expand Down Expand Up @@ -189,19 +190,13 @@ contract FeedRouter is Ownable, IFeedRouter {
if (_proxyAddress == address(0)) {
revert InvalidProxyAddress();
}

feedToProxies[_feedName] = _proxyAddress;
bytes32 feedNameHash = keccak256(abi.encodePacked(_feedName));
bool found = false;

uint256 feedNamesLength = feedNames.length;
for (uint256 i = 0; i < feedNamesLength; i++) {
if (keccak256(abi.encodePacked(feedNames[i])) == feedNameHash) {
found = true;
break;
}
if (feedToProxies[_feedName] != address(0)) {
found = true;
}

feedToProxies[_feedName] = _proxyAddress;

if (!found) {
feedNames.push(_feedName);
emit ProxyAdded(_feedName, _proxyAddress);
Expand Down
37 changes: 26 additions & 11 deletions contracts/v0.2/src/SubmissionProxy.sol
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import {IFeed} from "./interfaces/IFeedSubmit.sol";
* days. The oracles that expired cannot be reused.
*/
contract SubmissionProxy is Ownable {
uint256 public constant MIN_SUBMISSION = 0;
uint256 public constant MIN_SUBMISSION = 1;
uint256 public constant MAX_SUBMISSION = 1_000;
uint256 public constant MIN_EXPIRATION = 1 days;
uint256 public constant MAX_EXPIRATION = 365 days;
Expand Down Expand Up @@ -72,7 +72,7 @@ contract SubmissionProxy is Ownable {
* @param _maxSubmission The maximum number of submissions
*/
function setMaxSubmission(uint256 _maxSubmission) external onlyOwner {
if (_maxSubmission == MIN_SUBMISSION || _maxSubmission > MAX_SUBMISSION) {
if (_maxSubmission < MIN_SUBMISSION || _maxSubmission > MAX_SUBMISSION) {
revert InvalidMaxSubmission();
}
maxSubmission = _maxSubmission;
Expand Down Expand Up @@ -152,7 +152,7 @@ contract SubmissionProxy is Ownable {
uint8 index_ = 0;

// register the oracle
uint8 oraclesLength_ = uint8(oracles.length);
uint8 oraclesLength_ = uint8(oracles.length);
for (uint8 i = 0; i < oraclesLength_; i++) {
if (!isWhitelisted(oracles[i])) {
// reuse existing oracle slot if it is expired
Expand Down Expand Up @@ -187,9 +187,15 @@ contract SubmissionProxy is Ownable {
* @param _oracle The address of the oracle
*/
function removeOracle(address _oracle) external onlyOwner {
for (uint256 i = 0; i < oracles.length; i++) {
if(!isWhitelisted(_oracle)){
revert InvalidOracle();
}

uint8 oraclesLength_ = uint8(oracles.length);
for (uint8 i = 0; i < oraclesLength_; i++) {
if (_oracle == oracles[i]) {
oracles[i] = oracles[oracles.length - 1];
whitelist[oracles[i]].index = uint8(i);
oracles.pop();
break;
}
Expand Down Expand Up @@ -217,12 +223,14 @@ contract SubmissionProxy is Ownable {

// deactivate the old oracle
whitelist[msg.sender].expirationTime = block.timestamp;
whitelist[msg.sender].index = 0;

// update the oracle address
uint256 oraclesLength_ = oracles.length;
for (uint256 i = 0; i < oraclesLength_; i++) {
uint8 oraclesLength_ = uint8(oracles.length);
for (uint8 i = 0; i < oraclesLength_; i++) {
if (msg.sender == oracles[i]) {
oracles[i] = _oracle;
info.index = uint8(i);
break;
}
}
Expand All @@ -248,10 +256,10 @@ contract SubmissionProxy is Ownable {
* @param _proofs The proofs
*/
function submit(
address[] memory _feeds,
int256[] memory _answers,
uint256[] memory _timestamps,
bytes[] memory _proofs
address[] calldata _feeds,
int256[] calldata _answers,
uint256[] calldata _timestamps,
bytes[] calldata _proofs
) external {
if (
_feeds.length != _answers.length || _answers.length != _proofs.length
Expand Down Expand Up @@ -290,7 +298,6 @@ contract SubmissionProxy is Ownable {

/**
* @notice Split concatenated proofs into individual proofs of length 65 bytes
* @dev The function intentionally does not test whether the
* @param _data The bytes to be split
* @return proofs_ The split bytes
* @return success_ `true` if the split was successful, `false`
Expand Down Expand Up @@ -401,6 +408,10 @@ contract SubmissionProxy is Ownable {
* @return `true` if the proof is valid, `false` otherwise
*/
function validateProof(address _feed, bytes32 _message, bytes[] memory _proofs) private view returns (bool) {
if (oracles.length == 0) {
return false;
}

uint8 verifiedSignatures_ = 0;
uint8 lastIndex_ = 0;

Expand All @@ -414,6 +425,10 @@ contract SubmissionProxy is Ownable {
for (uint256 j = 0; j < proofsLength_; j++) {
bytes memory proof_ = _proofs[j];
address signer_ = recoverSigner(_message, proof_);
if (signer_ == address(0)) {
continue;
}

uint8 oracleIndex_ = whitelist[signer_].index;

if (j != 0 && oracleIndex_ <= lastIndex_) {
Expand Down

0 comments on commit a9b5bb3

Please sign in to comment.