fix(contracts): fix contract audit findings #1254
Conversation
raulk
changed the title
raulk
changed the title
|
@cryptoAtwill I think it might be useful to add a sentence to each point in the list if possible. It is not clear from here what is being fixed. |
| @@ -27,6 +27,8 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard { | |||
| using AssetHelper for Asset; | |||
| using EnumerableSet for EnumerableSet.Bytes32Set; | |||
|
|
|||
| event SubnetKilled(SubnetID id); | |||
There was a problem hiding this comment.
Let's name this event SubnetDestroyed. That term is more general as it can apply in ephemeral subnets, self-destruction, expirations (e.g. subnet is not bootstrapped in a predefined amount of time).
| } | ||
|
|
||
| /// @notice addStake - add collateral for an existing subnet | ||
| function addStake(uint256 amount) external payable { | ||
| function addStake(uint256 amount) external payable nonReentrant { |
There was a problem hiding this comment.
This is fine, but is there really a re-entrancy risk here? The contract call is performed before we update credit the stake, so it shouldn't bear any risks.
There was a problem hiding this comment.
lock does the check already, this then can go.
| @@ -45,7 +45,7 @@ contract GatewayMessengerFacet is GatewayActorModifiers { | |||
| } | |||
|
|
|||
| // We prevent the sender from being an EoA. | |||
| if (!(msg.sender.code.length > 0)) { | |||
| if (msg.sender.code.length == 0) { | |||
| @@ -423,7 +423,7 @@ library LibGateway { | |||
| sendReceipt(crossMsg, OutcomeType.SystemErr, abi.encodeWithSelector(InvalidXnetMessage.selector, InvalidXnetMessageReason.Nonce)); | |||
| return; | |||
| } | |||
| subnet.appliedBottomUpNonce += 1; | |||
There was a problem hiding this comment.
Given that this is purely stylistic, I would use a post-increment. It's visually more common.
This PR addresses the review audits.
Fixes
Mediums:
Lows:
Informationals:
To discuss