Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GSNSignatureBouncer fix #1920

Merged
merged 9 commits into from
Oct 4, 2019
Merged

GSNSignatureBouncer fix #1920

merged 9 commits into from
Oct 4, 2019

Conversation

crazyrabbitLTC
Copy link
Contributor

Ref: OpenZeppelin/openzeppelin-contracts-upgradeable#67

Current version of the code means the GSNSignatureBouncer will accept Zero Addresses as a trusted signer. The result is that unexpectedly the contract will accept the absence of a signature as a valid signature. The added check prevents the constructor from being called with a zero address.

Fixes #

A require statement was added on the constructor to prevent Zero Address from being supplied as the Trusted Signer. This will prevent the contract being deployed with a Zero Address.

I added a test to check this functionality.

@crazyrabbitLTC crazyrabbitLTC mentioned this pull request Sep 17, 2019
Closed
nventuro
nventuro reviewed Sep 17, 2019
View reviewed changes
Copy link
Contributor

@nventuro nventuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work @crazyrabbitLTC, this is a great catch! I had not realized the implications behind allowing this.

Let's do a review here and then migrate those changes to the ethereum-package repo.

contracts/GSN/bouncers/GSNBouncerSignature.sol Outdated Show resolved Hide resolved
test/GSN/GSNBouncerSignature.test.js Outdated Show resolved Hide resolved
test/GSN/GSNBouncerSignature.test.js Outdated Show resolved Hide resolved
test/GSN/GSNBouncerSignature.test.js Outdated Show resolved Hide resolved
@crazyrabbitLTC @nventuro
Update contracts/GSN/bouncers/GSNBouncerSignature.sol
a194fa3 
Makes sense!

Co-Authored-By: Nicolás Venturo <[email protected]>
@crazyrabbitLTC crazyrabbitLTC dismissed a stale review via a194fa3 September 18, 2019 18:21
@frangio
Copy link
Contributor

frangio commented Oct 1, 2019

@crazyrabbitLTC I reverted some reformatting that I assume was automatically done by Prettier. Please be careful not to include that sort of thing in the PR, at least unless intended. 🙂

@frangio frangio merged commit f9a9478 into master Oct 4, 2019
@frangio frangio deleted the GSNSignatureBouncerFix branch October 4, 2019 15:40
frangio pushed a commit that referenced this pull request Oct 29, 2019
@crazyrabbitLTC @frangio
GSNSignatureBouncer fix (#1920)
8026a8a 
* GSNSignatureBoucer does not accept zero address

* Linting code.

* Update contracts/GSN/bouncers/GSNBouncerSignature.sol

Makes sense!

Co-Authored-By: Nicolás Venturo <[email protected]>

* Update test/GSN/GSNBouncerSignature.test.js

ok!

Co-Authored-By: Nicolás Venturo <[email protected]>

* Add zero address constant from OZ test Helpers

* revert prettier formatting

(cherry picked from commit f9a9478)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nventuro nventuro nventuro left review comments

@frangio frangio frangio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@crazyrabbitLTC @frangio @nventuro