feat: add sequence number for replay protection (#252)

Author: hu55a1n1

Cargo.lock

@@ -1,4 +1,5 @@
 pub mod attested;
+pub mod sequenced;
 pub mod session_create;
 pub mod session_set_pub_key;
 

crates/contracts/core/src/handler/execute.rs

@@ -14,8 +14,7 @@ use crate::{
     error::Error,
     handler::Handler,
     msg::execute::attested::{
-        Attestation, Attested, AttestedMsgSansHandler, DcapAttestation, HasUserData,
-        MockAttestation, Quote,
+        Attestation, Attested, DcapAttestation, HasUserData, MockAttestation, MsgSansHandler, Quote,
     },
     state::CONFIG,
 };
@@ -181,7 +180,7 @@ where
     }
 }
 
-impl<T> Handler for AttestedMsgSansHandler<T> {
+impl<T> Handler for MsgSansHandler<T> {
     fn handle(
         self,
         _deps: DepsMut<'_>,

crates/contracts/core/src/handler/execute/attested.rs

@@ -0,0 +1,16 @@
+use cosmwasm_std::{DepsMut, Env, MessageInfo, Response, StdResult, Uint64};
+
+use crate::{
+    error::Error, handler::Handler, msg::execute::sequenced::SequencedMsg, state::SEQUENCE_NUM,
+};
+
+impl<T: Handler> Handler for SequencedMsg<T> {
+    fn handle(self, deps: DepsMut<'_>, env: &Env, info: &MessageInfo) -> Result<Response, Error> {
+        SEQUENCE_NUM.update(deps.storage, |mut counter| -> StdResult<_> {
+            counter += Uint64::one();
+            Ok(counter)
+        })?;
+
+        self.0.handle(deps, env, info)
+    }
+}

crates/contracts/core/src/handler/execute/sequenced.rs

@@ -1,20 +1,27 @@
-use cosmwasm_std::{DepsMut, Env, HexBinary, MessageInfo, Response};
+use cosmwasm_std::{DepsMut, Env, HexBinary, MessageInfo, Response, Uint64};
 
 use crate::{
-    error::Error, handler::Handler, msg::execute::session_set_pub_key::SessionSetPubKey,
-    state::SESSION,
+    error::Error,
+    handler::Handler,
+    msg::execute::session_set_pub_key::SessionSetPubKey,
+    state::{SEQUENCE_NUM, SESSION},
 };
 
 impl Handler for SessionSetPubKey {
     fn handle(self, deps: DepsMut<'_>, _env: &Env, _info: &MessageInfo) -> Result<Response, Error> {
         let session = SESSION.load(deps.storage).map_err(Error::Std)?;
         let (nonce, pub_key) = self.into_tuple();
+
         let session = session
             .with_pub_key(nonce, pub_key)
             .ok_or(Error::BadSessionTransition)?;
-
         SESSION.save(deps.storage, &session).map_err(Error::Std)?;
 
+        let sequence_num = Uint64::new(0);
+        SEQUENCE_NUM
+            .save(deps.storage, &sequence_num)
+            .map_err(Error::Std)?;
+
         Ok(Response::new()
             .add_attribute("action", "session_set_pub_key")
             .add_attribute(

crates/contracts/core/src/handler/execute/session_set_pub_key.rs

@@ -1,4 +1,5 @@
 pub mod attested;
+pub mod sequenced;
 pub mod session_create;
 pub mod session_set_pub_key;
 

crates/contracts/core/src/msg/execute.rs

@@ -222,16 +222,16 @@ impl Attestation for MockAttestation {
 }
 
 #[derive(Clone, Debug, PartialEq)]
-pub struct AttestedMsgSansHandler<T>(pub T);
+pub struct MsgSansHandler<T>(pub T);
 
 #[cw_serde]
-pub struct RawAttestedMsgSansHandler<T>(pub T);
+pub struct RawMsgSansHandler<T>(pub T);
 
-impl<T: Serialize> HasDomainType for RawAttestedMsgSansHandler<T> {
-    type DomainType = AttestedMsgSansHandler<T>;
+impl<T: Serialize> HasDomainType for RawMsgSansHandler<T> {
+    type DomainType = MsgSansHandler<T>;
 }
 
-impl<T> HasUserData for AttestedMsgSansHandler<T>
+impl<T> HasUserData for MsgSansHandler<T>
 where
     T: HasUserData,
 {
@@ -240,16 +240,16 @@ where
     }
 }
 
-impl<T> TryFrom<RawAttestedMsgSansHandler<T>> for AttestedMsgSansHandler<T> {
+impl<T> TryFrom<RawMsgSansHandler<T>> for MsgSansHandler<T> {
     type Error = StdError;
 
-    fn try_from(value: RawAttestedMsgSansHandler<T>) -> Result<Self, Self::Error> {
+    fn try_from(value: RawMsgSansHandler<T>) -> Result<Self, Self::Error> {
         Ok(Self(value.0))
     }
 }
 
-impl<T> From<AttestedMsgSansHandler<T>> for RawAttestedMsgSansHandler<T> {
-    fn from(value: AttestedMsgSansHandler<T>) -> Self {
+impl<T> From<MsgSansHandler<T>> for RawMsgSansHandler<T> {
+    fn from(value: MsgSansHandler<T>) -> Self {
         Self(value.0)
     }
 }

crates/contracts/core/src/msg/execute/attested.rs

@@ -0,0 +1,29 @@
+use cosmwasm_schema::cw_serde;
+use cosmwasm_std::StdError;
+use serde::Serialize;
+
+use crate::msg::HasDomainType;
+
+#[derive(Clone, Debug, PartialEq)]
+pub struct SequencedMsg<D>(pub D);
+
+#[cw_serde]
+pub struct RawSequencedMsg<R>(pub R);
+
+impl<R: Serialize + HasDomainType> HasDomainType for RawSequencedMsg<R> {
+    type DomainType = SequencedMsg<R::DomainType>;
+}
+
+impl<R: HasDomainType> TryFrom<RawSequencedMsg<R>> for SequencedMsg<R::DomainType> {
+    type Error = StdError;
+
+    fn try_from(value: RawSequencedMsg<R>) -> Result<Self, Self::Error> {
+        Ok(Self(value.0.try_into()?))
+    }
+}
+
+impl<R: HasDomainType> From<SequencedMsg<R::DomainType>> for RawSequencedMsg<R> {
+    fn from(value: SequencedMsg<R::DomainType>) -> Self {
+        Self(value.0.into())
+    }
+}

crates/contracts/core/src/msg/execute/sequenced.rs

@@ -15,9 +15,11 @@ pub type TrustThreshold = (u64, u64);
 pub const CONFIG_KEY: &str = "quartz_config";
 pub const SESSION_KEY: &str = "quartz_session";
 pub const EPOCH_COUNTER_KEY: &str = "epoch_counter";
+pub const SEQUENCE_NUM_KEY: &str = "quartz_seq_num";
 pub const CONFIG: Item<RawConfig> = Item::new(CONFIG_KEY);
 pub const SESSION: Item<Session> = Item::new(SESSION_KEY);
 pub const EPOCH_COUNTER: Item<Uint64> = Item::new(EPOCH_COUNTER_KEY);
+pub const SEQUENCE_NUM: Item<Uint64> = Item::new(SEQUENCE_NUM_KEY);
 
 #[derive(Clone, Debug, PartialEq)]
 pub struct Config {

crates/contracts/core/src/state.rs

@@ -31,7 +31,3 @@ tonic.workspace = true
 cosmrs = { workspace = true, default-features = false, features = ["cosmwasm"] }
 cosmos-sdk-proto = { workspace = true, default-features = false, features = ["grpc", "grpc-transport"] }
 tendermint = { workspace = true, default-features = false }
-
-[dev-dependencies]
-tokio.workspace = true
-transfers-contract = { path = "../../../examples/transfers/contracts" }

crates/utils/cw-client/Cargo.toml

@@ -106,7 +106,7 @@ impl CwClient for CliClient {
         Ok(query_result)
     }
 
-    fn query_raw<R: DeserializeOwned + Default>(
+    async fn query_raw<R: DeserializeOwned + Default>(
         &self,
         contract: &Self::Address,
         query: Self::RawQuery,