Merge pull request #6 from gardenfi/fix/tob-garden-9

TOB-GARDEN-9 resolution
gardenfi · Jun 18, 2024 · cbdca14 · cbdca14
2 parents 7f3b2fc + c70eee7
commit cbdca14
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 25 deletions.
diff --git a/contracts/fee/GardenFEEAccount.sol b/contracts/fee/GardenFEEAccount.sol
@@ -54,7 +54,9 @@ contract GardenFEEAccount is EIP712Upgradeable {
     uint256 public amount;
     uint256 public nonce;
     uint256 public expiration;
-    uint256 public secretsProvided;
+
+    mapping(bytes => uint256) public secretsClaimed;
+    mapping(bytes32 => bytes) public secrets;
 
     uint256 private constant TWO_DAYS = 2 * 7200;
 
@@ -117,47 +119,60 @@ contract GardenFEEAccount is EIP712Upgradeable {
      * @param amount_ The amount of tokens to be claimed.
      * @param nonce_ The nonce value for the claim message.
      * @param htlcs The array of HTLCs in the claim.
-     * @param secrets The array of secrets corresponding to the HTLCs.
+     * @param secrets_ The array of secrets corresponding to the HTLCs.
      * @param funderSig The signature of the funder for the claim message.
      * @param recipientSig The signature of the recipient for the claim message.
      */
     function claim(
         uint256 amount_,
         uint256 nonce_,
         HTLC[] memory htlcs,
-        bytes[] memory secrets,
+        bytes[] memory secrets_,
         bytes memory funderSig,
         bytes memory recipientSig
     ) external {
-        require(htlcs.length == secrets.length, "GardenFEEAccount: invalid input");
+        require(htlcs.length == secrets_.length, "FeeAccount: invalid input");
+        require(!(htlcs.length > 0 && nonce_ == 0), "FeeAccount: zero nonce claim cannot contain htlcs");
         bytes32 claimID = claimHash(amount_, nonce_, htlcs);
 
-        uint256 localSecretsProvided = 0;
+        if (nonce == nonce_ && expiration != 0) {
+            amount_ = amount;
+        }
+
+        bool secretsProcessed = false;
+
         for (uint256 i = 0; i < htlcs.length; i++) {
-            if (htlcs[i].expiry > block.number && sha256(secrets[i]) == htlcs[i].secretHash) {
-                localSecretsProvided++;
+            if (secretsClaimed[secrets[htlcs[i].secretHash]] > 0) {
+                if (secretsClaimed[secrets[htlcs[i].secretHash]] != nonce_) {
+                    secretsProcessed = true;
+                    secretsClaimed[secrets[htlcs[i].secretHash]] = nonce_;
+                    amount_ += htlcs[i].sendAmount;
+                    amount_ -= htlcs[i].recieveAmount;
+                }
+                continue;
+            }
+            if (htlcs[i].timeLock > block.number && sha256(secrets_[i]) == htlcs[i].secretHash) {
+                secretsProcessed = true;
+                secretsClaimed[secrets_[i]] = nonce_;
+                secrets[htlcs[i].secretHash] = secrets_[i];
                 amount_ += htlcs[i].sendAmount;
                 amount_ -= htlcs[i].recieveAmount;
             }
         }
 
-        require(amount_ <= totalAmount(), "GardenFEEAccount: invalid amount");
+        require(amount_ <= totalAmount(), "FeeAccount: invalid amount");
         if (expiration != 0) {
             // a claim exists, so should satisfy override conditions
-            require(
-                nonce_ > nonce || (nonce_ == nonce && localSecretsProvided > secretsProvided),
-                "GardenFEEAccount: override conditions not met"
-            );
+            require(nonce_ > nonce || (nonce_ == nonce && secretsProcessed), "FeeAccount: override conditions not met");
         }
 
         // verify funder and recipient signatures
         address funderSigner = claimID.recover(funderSig);
         address recipientSigner = claimID.recover(recipientSig);
-        require(funderSigner == funder, "GardenFEEAccount: invalid funder signature");
-        require(recipientSigner == recipient, "GardenFEEAccount: invalid recipient signature");
+        require(funderSigner == funder, "FeeAccount: invalid funder signature");
+        require(recipientSigner == recipient, "FeeAccount: invalid recipient signature");
 
         // update global claim state
-        secretsProvided = localSecretsProvided;
         expiration = block.number + TWO_DAYS;
         amount = amount_;
         nonce = nonce_;

diff --git a/test/fee/gardenFeeAccount.test.ts b/test/fee/gardenFeeAccount.test.ts
@@ -296,7 +296,7 @@ describe("--- Garden Fee Account ---", () => {
 		it("User should not be able to claim with wrong number of secrets message.", async () => {
 			const currentBlock = await ethers.provider.getBlockNumber();
 			claimMessage = {
-				nonce: 0,
+				nonce: 1,
 				amount: ethers.parseEther("0.5"),
 				htlcs: [
 					{
@@ -353,7 +353,7 @@ describe("--- Garden Fee Account ---", () => {
 						davidSignature,
 						davidSignature
 					)
-			).to.be.revertedWith("GardenFEEAccount: invalid amount");
+			).to.be.revertedWith("FeeAccount: invalid amount");
 		});
 		it("User should not be able to claim with wrong funder signature", async () => {
 			await seed.transfer(davidGardenFEEAccountAddress, ethers.parseEther("1"));
@@ -368,7 +368,7 @@ describe("--- Garden Fee Account ---", () => {
 						davidSignature,
 						davidSignature
 					)
-			).to.be.revertedWith("GardenFEEAccount: invalid funder signature");
+			).to.be.revertedWith("FeeAccount: invalid funder signature");
 		});
 		it("User should not be able to claim with wrong user signature", async () => {
 			await expect(
@@ -382,7 +382,7 @@ describe("--- Garden Fee Account ---", () => {
 						feeManagerSignature,
 						feeManagerSignature
 					)
-			).to.be.revertedWith("GardenFEEAccount: invalid recipient signature");
+			).to.be.revertedWith("FeeAccount: invalid recipient signature");
 		});
 		it("User should be able to claim few htlcs", async () => {
 			await expect(
@@ -410,7 +410,7 @@ describe("--- Garden Fee Account ---", () => {
 						feeManagerSignature,
 						davidSignature
 					)
-			).to.be.revertedWith("GardenFEEAccount: override conditions not met");
+			).to.be.revertedWith("FeeAccount: override conditions not met");
 		});
 		it("User be able to claim with more number of secrets", async () => {
 			await expect(
@@ -429,7 +429,7 @@ describe("--- Garden Fee Account ---", () => {
 		it("User be able to claim with greater nonce", async () => {
 			const currentBlock = await ethers.provider.getBlockNumber();
 			claimMessage = {
-				nonce: 1,
+				nonce: 2,
 				amount: ethers.parseEther("0.5"),
 				htlcs: [
 					{
@@ -470,7 +470,7 @@ describe("--- Garden Fee Account ---", () => {
 		it("User be able to claim with greater nonce and amount equal to totalAmount", async () => {
 			const currentBlock = await ethers.provider.getBlockNumber();
 			claimMessage = {
-				nonce: 2,
+				nonce: 3,
 				amount: ethers.parseEther("0.5"),
 				htlcs: [
 					{
@@ -505,7 +505,7 @@ describe("--- Garden Fee Account ---", () => {
 		it("User be able to claim with greater nonce and amount equal to 0", async () => {
 			const currentBlock = await ethers.provider.getBlockNumber();
 			claimMessage = {
-				nonce: 3,
+				nonce: 4,
 				amount: ethers.parseEther("0.5"),
 				htlcs: [
 					{
@@ -538,7 +538,7 @@ describe("--- Garden Fee Account ---", () => {
 			).to.emit(gardenFeeAccountFactory, "Claimed");
 		});
 		it("User should be able to settle after expiration.", async () => {
-			mine((await ethers.provider.getBlockNumber()) + 14400);
+			await mine((await ethers.provider.getBlockNumber()) + 14400);
 			await expect(davidGardenFEEAccount.connect(david).settle()).to.emit(
 				gardenFeeAccountFactory,
 				"Closed"
@@ -552,7 +552,7 @@ describe("--- Garden Fee Account ---", () => {
 		let claimMessage: ClaimMessage;
 		it("User should able to createAndClaim.", async () => {
 			claimMessage = {
-				nonce: 0,
+				nonce: 1,
 				amount: ethers.parseEther("1"),
 				htlcs: [],
 			};