Security review TODO #904

nhynes · 2019-09-23T23:17:47Z

No description provided.

Cargo.toml

common/Cargo.toml

nhynes · 2019-09-24T00:01:38Z

common/src/confidential/confidential_ctx.rs

+ let hash = Hash::digest_bytes(&buffer);
+
+ let mut nonce = [0u8; NONCE_SIZE];
+ nonce[..NONCE_TAG_SIZE].copy_from_slice(&hash.as_ref()[..NONCE_TAG_SIZE]);


NB: NONCE_TAG_SIZE < NONCE_SIZE

nhynes · 2019-09-24T01:31:55Z

common/src/storage.rs

+ fn get(&self, key: Vec<u8>) -> Fallible<Vec<u8>> {
+ self.0
+ .lock()
+ .unwrap()


NB: if lock doesn't block and is about to unwrap a failure, something has gone horribly wrong, so panicking is an okay strategy

nhynes · 2019-09-24T01:33:02Z

configs/developer-gateway/tls/private.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----


NB: some security audit tools will complain about private keys checked into the repo, which necessitates a filter branch and rewriting history.

reference

gateway/bin/metrics.rs

nhynes · 2019-09-24T01:39:42Z

gateway/src/impls/eth_filter.rs

+ .map(move |blk| {
+ let mut polls = polls.lock();
+ // +1, since we don't want to include the current block.
+ let id = polls.create_poll(PollFilter::Block(blk.number_u64() + 1));


// TODO(nhynes) does translator ever return u64::max_value()?

update: it might, but that would imply consensus failure, which is already catastrophic

gateway/src/run.rs

resources/genesis/README.md

gateway/src/util.rs

nhynes · 2019-09-24T03:46:11Z

gateway/src/translator.rs

+ },
+ extra_info: {
+ lazy_static! {
+ // Dummy PoW-related block extras.


why is this a lazy_static!?

nhynes · 2019-09-24T03:47:17Z

gateway/src/translator.rs

+ })
+ .and_then(|logs: Vec<LocalizedLogEntry>| {
+ let mut logs = logs;
+ logs.sort_by(|a, b| a.block_number.partial_cmp(&b.block_number).unwrap());


Suggested change

logs.sort_by(|a, b| a.block_number.partial_cmp(&b.block_number).unwrap());

logs.sort_by(|a, b| a.block_number.cmp(&b.block_number));

nhynes · 2019-09-24T03:48:59Z

gateway/src/translator.rs

+ id: BlockId,
+ ) -> impl Future<Item = U256, Error = CallError> {
+ self.simulate_transaction(transaction, id)
+ .map(|executed| executed.gas_used + executed.refunded)


this won't overflow because gas_used + refunded <= U256::max_value() else parity is buggy

nhynes · 2019-09-24T03:52:01Z

src/methods.rs

+ }
+
+ // Check whether transaction fits in the block.
+ let gas_remaining = U256::from(BLOCK_GAS_LIMIT) - ectx.env_info.gas_used;


ectx.env_info.gas_used should not exceed BLOCK_GAS_LIMIT since no tx will be added if it wouldn't fit (see next line)

src/methods.rs

Sec review WIP

4883bfd

nhynes commented Sep 23, 2019

View reviewed changes

Cargo.toml Show resolved Hide resolved

nhynes commented Sep 23, 2019

View reviewed changes

common/Cargo.toml Show resolved Hide resolved