Disallow calling processWithdrawCommitment twice #679

duckception · 2022-01-04T09:46:14Z

Currently, anyone can call processWithdrawCommitment multiple times which may lead to permanent lock up of tokens in the WithdrawManager. This PR fixes it and removes redundant code from the Vault smart contract.

msieczko · 2022-01-13T13:44:48Z

I feel that this issue should be resolved together with #664 and we would come up with a better solution then.

jacque006 · 2022-01-20T23:42:33Z

I agree with @msieczko , resolving #664 would be a better path forward. @duckception Appreciate you taking a stab at trying to resolve this.

duckception · 2022-01-21T12:14:40Z

Issue described in #664 should be now resolved 🚀

Additionally, I have a question @jacque006. What is the purpose of validateAndApply functions in FrontendCreate2Transfer.sol and FrontendMassMigration.sol contracts?

duckception · 2022-02-18T11:00:29Z

We've discovered that changing just the nonce is not enough to prevent withdraw roots collision. Hubble allows registration of multiple user states for the same pubkey ID, therefore there still can be a case where withdraw root collision could happen (see modified test in rollup.massMigration.test.ts). To overcome this, I've added a new user state structure, just for mass migrations, that additionally takes into account state ID of the sender and is now used to generate collision-free withdraw root.

contracts/client/FrontendMassMigration.sol

contracts/libs/Transition.sol

msieczko

Everything looks good now! @jacque006, could you take a look? I think this PR is ready to be merged. We should also merge #684 right after this one.

github-actions bot added the contracts This PR changes some contracts label Jan 4, 2022

duckception added 11 commits February 15, 2022 15:48

Disallow calling processWithdrawCommitment twice

b62536a

Remove bitmap from Vault

fa2de57

Add test for withdraw root collision

4ce3ac0

Use nonce while encoding user state

a6c8331

Lint

da08625

Add new UserState type and use it in withdrawal process

49431f7

Update withdraw root collision test and use new MMUserState type

3d77655

Move withdrawal commitment validation to Vault

69b923d

Use new MMUserState in processMassMigration

b24c979

Lint

9bcb7db

Remove comment

6e524a2

duckception force-pushed the bug-process-withdraw-commit branch from 254757d to 6e524a2 Compare February 18, 2022 10:44

duckception mentioned this pull request Feb 18, 2022

Blacklist path instead of pubkey ID in WithdrawManager.claimTokens #684

Open

msieczko suggested changes Feb 22, 2022

View reviewed changes

contracts/client/FrontendMassMigration.sol Outdated Show resolved Hide resolved

contracts/libs/Transition.sol Outdated Show resolved Hide resolved

duckception added 2 commits February 23, 2022 13:08

Use createMMState in FrontendMassMigration.validateAndApply

018536a

Remove unnecessary parameter from Transition.createState

6aa2594

msieczko approved these changes Feb 23, 2022

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Disallow calling processWithdrawCommitment twice #679

Disallow calling processWithdrawCommitment twice #679

duckception commented Jan 4, 2022

msieczko commented Jan 13, 2022

jacque006 commented Jan 20, 2022

duckception commented Jan 21, 2022

duckception commented Feb 18, 2022

msieczko left a comment

Disallow calling processWithdrawCommitment twice #679

Are you sure you want to change the base?

Disallow calling processWithdrawCommitment twice #679

Conversation

duckception commented Jan 4, 2022

msieczko commented Jan 13, 2022

jacque006 commented Jan 20, 2022

duckception commented Jan 21, 2022

duckception commented Feb 18, 2022

msieczko left a comment

Choose a reason for hiding this comment