Skip to content

Commit

Permalink
fix(relayer): bounds check for erc20 + nft data (#17601)
Browse files Browse the repository at this point in the history
  • Loading branch information
@cyberhorsey
cyberhorsey authored Jun 15, 2024
1 parent bc2379f commit 503511a
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 3 deletions.
2 changes: 1 addition & 1 deletion packages/relayer/indexer/save_event_to_db.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ func (i *Indexer) saveEventToDB(
) (int, error) {
eventType, canonicalToken, amount, err := relayer.DecodeMessageData(eventData, eventValue)
if err != nil {
return 0, errors.Wrap(err, "eventTypeAmountAndCanonicalTokenFromEvent(event)")
return 0, errors.Wrap(err, "relayer.DecodeMessageData")
}

// check if we have an existing event already. this is mostly likely only true
Expand Down
30 changes: 28 additions & 2 deletions packages/relayer/types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,20 @@ func decodeDataAsERC20(decodedData []byte) (CanonicalToken, *big.Int, error) {
return token, big.NewInt(0), errors.New("data for BigInt is invalid")
}

canonicalTokenData := decodedData[offset.Int64()+canonicalTokenDataStartingindex*32:]
// Calculate the starting index for canonicalTokenData
startIndex := offset.Int64() + canonicalTokenDataStartingindex*32

// Boundary check
if startIndex >= int64(len(decodedData)) {
slog.Warn("startIndex greater than decodedData length",
"startIndex", startIndex,
"lenDecodedData", int64(len(decodedData)),
)

return token, big.NewInt(0), errors.New("calculated index is out of bounds")
}

canonicalTokenData := decodedData[startIndex:]

types := []string{"uint64", "address", "uint8", "string", "string"}
values, err := decodeABI(types, canonicalTokenData)
Expand Down Expand Up @@ -190,7 +203,20 @@ func decodeDataAsNFT(decodedData []byte) (EventType, CanonicalToken, *big.Int, e
return EventTypeSendETH, token, big.NewInt(0), errors.New("data for BigInt is invalid")
}

canonicalTokenData := decodedData[offset.Int64()+canonicalTokenDataStartingindex*32:]
// Calculate the starting index for canonicalTokenData
startIndex := offset.Int64() + canonicalTokenDataStartingindex*32

// Boundary check
if startIndex >= int64(len(decodedData)) {
slog.Warn("startIndex greater than decodedData length",
"startIndex", startIndex,
"lenDecodedData", int64(len(decodedData)),
)

return EventTypeSendETH, token, big.NewInt(0), errors.New("calculated index is out of bounds")
}

canonicalTokenData := decodedData[startIndex:]

types := []string{"uint64", "address", "string", "string"}
values, err := decodeABI(types, canonicalTokenData)
Expand Down

0 comments on commit 503511a

Please sign in to comment.