Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TOB] DEV-3794: Expiry Check on collateral reads via PCCSRouter #19

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[TOB] DEV-3794: Expiry Check on collateral reads via PCCSRouter #19

wants to merge 3 commits into from

Conversation

preston4896
Copy link
Collaborator

@preston4896 preston4896 commented Feb 10, 2025
edited
Loading

Changes made in this PR:

  • PCCS Router checks expiration of all collateral reads.
  • For full collateral data reads, block.timestamp is used.
  • For collateral hash reads, the user has the option to either use block.timestamp or with a specified timestamp by calling *withTimestamp() methods.
  • verifyAndAttestWithZKProof no longer bypasses the timestamp value provided in the Output data. timestamp is then passed onto *withTimestamp() methods to check the expiration status of corresponding collaterals.

This PR partially addresses issue ID-5.

@preston4896 preston4896 mentioned this pull request Feb 13, 2025
Open
@preston4896 preston4896 marked this pull request as ready for review February 13, 2025 06:53
@preston4896 preston4896 changed the title DEV-3794: Expiry Check on collateral reads via PCCSRouter [TOB] DEV-3794: Expiry Check on collateral reads via PCCSRouter Feb 13, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 13, 2025
View reviewed changes
contracts/PCCSRouter.sol
Comment on lines +310 to +316
function _loadDataIfNotExpired(bytes32 key, address dao, uint256 timestamp) private view returns (bool valid) {
bytes4 COLLATERAL_VALIDITY_SELECTOR = 0x3e960426;
(bool success, bytes memory ret) = dao.staticcall(abi.encodeWithSelector(COLLATERAL_VALIDITY_SELECTOR, key));
require(success, "Failed to determine collateral validity");
(uint64 issuedAt, uint64 expiredAt) = abi.decode(ret, (uint64, uint64));
valid = timestamp >= issuedAt || timestamp <= expiredAt;
}

Check notice

Code scanning / Slither

Block timestamp Low

PCCSRouter._loadDataIfNotExpired(bytes32,address,uint256) uses timestamp for comparisons
Dangerous comparisons:
- valid = timestamp >= issuedAt || timestamp <= expiredAt
contracts/PCCSRouter.sol
Comment on lines +310 to +316
function _loadDataIfNotExpired(bytes32 key, address dao, uint256 timestamp) private view returns (bool valid) {
bytes4 COLLATERAL_VALIDITY_SELECTOR = 0x3e960426;
(bool success, bytes memory ret) = dao.staticcall(abi.encodeWithSelector(COLLATERAL_VALIDITY_SELECTOR, key));
require(success, "Failed to determine collateral validity");
(uint64 issuedAt, uint64 expiredAt) = abi.decode(ret, (uint64, uint64));
valid = timestamp >= issuedAt || timestamp <= expiredAt;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@preston4896