@1inch/solidity-utils 2.0.25 → 2.1.1

package/contracts/interfaces/IERC20MetadataUppercase.sol

@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.0;
+pragma abicoder v1;
+
+
+interface IERC20MetadataUppercase {
+    function NAME() external view returns (string memory);  // solhint-disable-line func-name-mixedcase
+    function SYMBOL() external view returns (string memory);  // solhint-disable-line func-name-mixedcase
+}

package/contracts/libraries/ECDSA.sol

@@ -16,6 +16,8 @@ library ECDSA {
     // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
     // these malleable signatures as well.
     uint256 private constant _S_BOUNDARY = 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0 + 1;
+    uint256 private constant _COMPACT_S_MASK = 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff;
+    uint256 private constant _COMPACT_V_SHIFT = 255;
 
     function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal view returns(address signer) {
         /// @solidity memory-safe-assembly
@@ -37,12 +39,12 @@ library ECDSA {
     function recover(bytes32 hash, bytes32 r, bytes32 vs) internal view returns(address signer) {
         /// @solidity memory-safe-assembly
         assembly { // solhint-disable-line no-inline-assembly
-            let s := shr(1, shl(1, vs))
+            let s := and(vs, _COMPACT_S_MASK)
             if lt(s, _S_BOUNDARY) {
                 let ptr := mload(0x40)
 
                 mstore(ptr, hash)
-                mstore(add(ptr, 0x20), add(27, shr(255, vs)))
+                mstore(add(ptr, 0x20), add(27, shr(_COMPACT_V_SHIFT, vs)))
                 mstore(add(ptr, 0x40), r)
                 mstore(add(ptr, 0x60), s)
                 mstore(0, 0)
@@ -52,6 +54,13 @@ library ECDSA {
         }
     }
 
+    /// WARNING!!!
+    /// There is a known signature malleability issue with two representations of signatures!
+    /// Even though this function is able to verify both standard 65-byte and compact 64-byte EIP-2098 signatures
+    /// one should never use raw signatures for any kind of invalidation logic in their code.
+    /// As the standard and compact representations are interchangeable any invalidation logic that relies on
+    /// signature uniqueness will get rekt.
+    /// More info: https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-4h98-2769-gh6h
     function recover(bytes32 hash, bytes calldata signature) internal view returns(address signer) {
         /// @solidity memory-safe-assembly
         assembly { // solhint-disable-line no-inline-assembly
@@ -67,9 +76,9 @@ library ECDSA {
             case 64 {
                 // memory[ptr+0x20:ptr+0x80] = (v, r, s)
                 let vs := calldataload(add(signature.offset, 0x20))
-                mstore(add(ptr, 0x20), add(27, shr(255, vs)))
+                mstore(add(ptr, 0x20), add(27, shr(_COMPACT_V_SHIFT, vs)))
                 calldatacopy(add(ptr, 0x40), signature.offset, 0x20)
-                mstore(add(ptr, 0x60), shr(1, shl(1, vs)))
+                mstore(add(ptr, 0x60), and(vs, _COMPACT_S_MASK))
             }
             default {
                 ptr := 0
@@ -172,7 +181,7 @@ library ECDSA {
             mstore(add(ptr, 0x44), 64)
             mstore(add(ptr, 0x64), r)
             mstore(add(ptr, 0x84), vs)
-            if staticcall(gas(), signer, ptr, 0xa5, 0, 0x20) {
+            if staticcall(gas(), signer, ptr, 0xa4, 0, 0x20) {
                 success := and(eq(selector, mload(0)), eq(returndatasize(), 0x20))
             }
         }
@@ -191,8 +200,8 @@ library ECDSA {
             mstore(add(ptr, 0x24), 0x40)
             mstore(add(ptr, 0x44), 65)
             mstore(add(ptr, 0x64), r)
-            mstore(add(ptr, 0x84), shr(1, shl(1, vs)))
-            mstore8(add(ptr, 0xa4), add(27, shr(255, vs)))
+            mstore(add(ptr, 0x84), and(vs, _COMPACT_S_MASK))
+            mstore8(add(ptr, 0xa4), add(27, shr(_COMPACT_V_SHIFT, vs)))
             if staticcall(gas(), signer, ptr, 0xa5, 0, 0x20) {
                 success := and(eq(selector, mload(0)), eq(returndatasize(), 0x20))
             }

package/contracts/libraries/UniERC20.sol

@@ -5,14 +5,10 @@ pragma abicoder v1;
 
 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
+import "../interfaces/IERC20MetadataUppercase.sol";
 import "./SafeERC20.sol";
 import "./StringUtil.sol";
 
-interface IERC20MetadataUppercase {
-    function NAME() external view returns (string memory);  // solhint-disable-line func-name-mixedcase
-    function SYMBOL() external view returns (string memory);  // solhint-disable-line func-name-mixedcase
-}
-
 library UniERC20 {
     using SafeERC20 for IERC20;
 
@@ -21,7 +17,9 @@ library UniERC20 {
     error NotEnoughValue();
     error FromIsNotSender();
     error ToIsNotThis();
+    error ETHTransferFailed();
 
+    uint256 private constant _RAW_CALL_GAS_LIMIT = 5000;
     IERC20 private constant _ETH_ADDRESS = IERC20(0xEeeeeEeeeEeEeeEeEeEeeEEEeeeeEeeeeeeeEEeE);
     IERC20 private constant _ZERO_ADDRESS = IERC20(address(0));
 
@@ -37,18 +35,21 @@ library UniERC20 {
         }
     }
 
+    /// @dev note that this function does nothing in case of zero amount
     function uniTransfer(IERC20 token, address payable to, uint256 amount) internal {
         if (amount > 0) {
             if (isETH(token)) {
                 if (address(this).balance < amount) revert InsufficientBalance();
-                // we do not use low-level calls to protect from possible reentrancy
-                to.transfer(amount);
+                // solhint-disable-next-line avoid-low-level-calls
+                (bool success, ) = to.call{value: amount, gas: _RAW_CALL_GAS_LIMIT}("");
+                if (!success) revert ETHTransferFailed();
             } else {
                 token.safeTransfer(to, amount);
             }
         }
     }
 
+    /// @dev note that this function does nothing in case of zero amount
     function uniTransferFrom(IERC20 token, address payable from, address to, uint256 amount) internal {
         if (amount > 0) {
             if (isETH(token)) {
@@ -57,8 +58,11 @@ library UniERC20 {
                 if (to != address(this)) revert ToIsNotThis();
                 if (msg.value > amount) {
                     // Return remainder if exist
-                    // we do not use low-level calls to protect from possible reentrancy
-                    unchecked { from.transfer(msg.value - amount); }
+                    unchecked {
+                        // solhint-disable-next-line avoid-low-level-calls
+                        (bool success, ) = from.call{value: msg.value - amount, gas: _RAW_CALL_GAS_LIMIT}("");
+                        if (!success) revert ETHTransferFailed();
+                    }
                 }
             } else {
                 token.safeTransferFrom(from, to, amount);
@@ -80,6 +84,8 @@ library UniERC20 {
         token.forceApprove(to, amount);
     }
 
+    /// 20K gas is provided to account for possible implementations of name/symbol
+    /// (token implementation might be behind proxy or store the value in storage)
     function _uniDecode(IERC20 token, bytes4 lowerCaseSelector, bytes4 upperCaseSelector) private view returns(string memory result) {
         if (isETH(token)) {
             return "ETH";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@1inch/solidity-utils",
-  "version": "2.0.25",
+  "version": "2.1.1",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
   "repository": {
@@ -27,49 +27,49 @@
   },
   "dependencies": {
     "@metamask/eth-sig-util": "4.0.1",
-    "@openzeppelin/contracts": "4.6.0",
-    "@openzeppelin/test-helpers": "0.5.15",
+    "@openzeppelin/contracts": "4.7.3",
+    "@openzeppelin/test-helpers": "0.5.16",
     "bn.js": "5.2.1",
     "chai": "4.3.6",
     "chai-as-promised": "7.1.1",
     "chai-bn": "0.3.1",
     "ethereumjs-util": "7.1.5",
-    "web3-utils": "1.7.4"
+    "web3-utils": "1.8.0"
   },
   "devDependencies": {
-    "@nomiclabs/hardhat-truffle5": "2.0.6",
+    "@nomiclabs/hardhat-truffle5": "2.0.7",
     "@nomiclabs/hardhat-web3": "2.0.0",
-    "@typechain/hardhat": "4.0.0",
+    "@typechain/hardhat": "6.1.3",
     "@typechain/truffle-v5": "7.0.0",
-    "@types/chai": "4.3.1",
+    "@types/chai": "4.3.3",
     "@types/chai-as-promised": "7.1.5",
     "@types/eth-sig-util": "2.1.1",
     "@types/ethereumjs-util": "6.1.0",
     "@types/mocha": "9.1.1",
-    "@types/node": "18.0.0",
-    "@typescript-eslint/eslint-plugin": "5.30.0",
-    "@typescript-eslint/parser": "5.30.0",
+    "@types/node": "18.7.18",
+    "@typescript-eslint/eslint-plugin": "5.38.0",
+    "@typescript-eslint/parser": "5.38.0",
     "acquit": "1.2.1",
-    "commander": "9.3.0",
+    "commander": "9.4.0",
     "create-ts-index": "1.14.0",
     "cross-spawn": "7.0.3",
-    "dotenv": "16.0.1",
-    "eslint": "8.18.0",
+    "dotenv": "16.0.2",
+    "eslint": "8.23.1",
     "eslint-config-standard": "17.0.0",
     "eslint-plugin-import": "2.26.0",
-    "eslint-plugin-n": "15.2.3",
-    "eslint-plugin-promise": "6.0.0",
+    "eslint-plugin-n": "15.2.5",
+    "eslint-plugin-promise": "6.0.1",
     "eslint-plugin-standard": "5.0.0",
     "ethereumjs-wallet": "1.0.2",
-    "hardhat": "2.9.9",
-    "hardhat-gas-reporter": "1.0.8",
+    "hardhat": "2.11.2",
+    "hardhat-gas-reporter": "1.0.9",
     "rimraf": "3.0.2",
     "shx": "0.3.4",
     "solhint": "3.3.7",
-    "solidity-coverage": "0.7.21",
-    "ts-node": "10.8.1",
-    "typechain": "7.0.0",
-    "typescript": "4.7.4"
+    "solidity-coverage": "0.8.2",
+    "ts-node": "10.9.1",
+    "typechain": "7.0.1",
+    "typescript": "4.8.3"
   },
   "bin": {
     "solidity-utils-docify": "utils/docify.utils.js",