npm - @keep-network/tbtc-v2 - Versions diffs - 0.1.1-dev.69 → 0.1.1-dev.71 - Mend

@keep-network/tbtc-v2 0.1.1-dev.69 → 0.1.1-dev.71

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/contracts/bridge/Bridge.sol CHANGED Viewed

@@ -893,12 +893,14 @@ contract Bridge is Governable, EcdsaWalletOwner, Initializable {
     ///         challenge or confiscated otherwise.
     /// @param walletPublicKey The public key of the wallet in the uncompressed
     ///        and unprefixed format (64 bytes)
-    /// @param sighash The hash that was used to produce the ECDSA signature
-    ///        that is the subject of the fraud claim. This hash is constructed
-    ///        by applying double SHA-256 over a serialized subset of the
-    ///        transaction. The exact subset used as hash preimage depends on
-    ///        the transaction input the signature is produced for. See BIP-143
-    ///        for reference
+    /// @param preimageSha256 The hash that was generated by applying SHA-256
+    ///        one time over the preimage used during input signing. The preimage
+    ///        is a serialized subset of the transaction and its structure
+    ///        depends on the transaction input (see BIP-143 for reference).
+    ///        Notice that applying SHA-256 over the `preimageSha256` results
+    ///        in `sighash`.  The path from `preimage` to `sighash` looks like
+    ///        this:
+    ///        preimage -> (SHA-256) -> preimageSha256 -> (SHA-256) -> sighash
     /// @param signature Bitcoin signature in the R/S/V format
     /// @dev Requirements:
     ///      - Wallet behind `walletPublicKey` must be in Live or MovingFunds
@@ -907,13 +909,14 @@ contract Bridge is Governable, EcdsaWalletOwner, Initializable {
     ///        fraud challenge deposit
     ///      - The signature (represented by r, s and v) must be generated by
     ///        the wallet behind `walletPubKey` during signing of `sighash`
+    ///        which was calculated from `preimageSha256`
     ///      - Wallet can be challenged for the given signature only once
     function submitFraudChallenge(
         bytes calldata walletPublicKey,
-        bytes32 sighash,
+        bytes memory preimageSha256,
         BitcoinTx.RSVSignature calldata signature
     ) external payable {
-        self.submitFraudChallenge(walletPublicKey, sighash, signature);
+        self.submitFraudChallenge(walletPublicKey, preimageSha256, signature);
     }
     /// @notice Allows to defeat a pending fraud challenge against a wallet if
@@ -997,17 +1000,19 @@ contract Bridge is Governable, EcdsaWalletOwner, Initializable {
     /// @param walletPublicKey The public key of the wallet in the uncompressed
     ///        and unprefixed format (64 bytes)
     /// @param walletMembersIDs Identifiers of the wallet signing group members
-    /// @param sighash The hash that was used to produce the ECDSA signature
-    ///        that is the subject of the fraud claim. This hash is constructed
-    ///        by applying double SHA-256 over a serialized subset of the
-    ///        transaction. The exact subset used as hash preimage depends on
-    ///        the transaction input the signature is produced for. See BIP-143
-    ///        for reference
+    /// @param preimageSha256 The hash that was generated by applying SHA-256
+    ///        one time over the preimage used during input signing. The preimage
+    ///        is a serialized subset of the transaction and its structure
+    ///        depends on the transaction input (see BIP-143 for reference).
+    ///        Notice that applying SHA-256 over the `preimageSha256` results
+    ///        in `sighash`.  The path from `preimage` to `sighash` looks like
+    ///        this:
+    ///        preimage -> (SHA-256) -> preimageSha256 -> (SHA-256) -> sighash
     /// @dev Requirements:
     ///      - The wallet must be in the Live or MovingFunds or Closing or
     ///        Terminated state
-    ///      - The `walletPublicKey` and `sighash` must identify an open fraud
-    ///        challenge
+    ///      - The `walletPublicKey` and `sighash` calculated from
+    ///        `preimageSha256` must identify an open fraud challenge
     ///      - The expression `keccak256(abi.encode(walletMembersIDs))` must
     ///        be exactly the same as the hash stored under `membersIdsHash`
     ///        for the given `walletID`. Those IDs are not directly stored
@@ -1019,12 +1024,12 @@ contract Bridge is Governable, EcdsaWalletOwner, Initializable {
     function notifyFraudChallengeDefeatTimeout(
         bytes calldata walletPublicKey,
         uint32[] calldata walletMembersIDs,
-        bytes32 sighash
+        bytes memory preimageSha256
     ) external {
         self.notifyFraudChallengeDefeatTimeout(
             walletPublicKey,
             walletMembersIDs,
-            sighash
+            preimageSha256
         );
     }

package/contracts/bridge/Fraud.sol CHANGED Viewed

@@ -112,12 +112,14 @@ library Fraud {
     ///         challenge or confiscated otherwise
     /// @param walletPublicKey The public key of the wallet in the uncompressed
     ///        and unprefixed format (64 bytes)
-    /// @param sighash The hash that was used to produce the ECDSA signature
-    ///        that is the subject of the fraud claim. This hash is constructed
-    ///        by applying double SHA-256 over a serialized subset of the
-    ///        transaction. The exact subset used as hash preimage depends on
-    ///        the transaction input the signature is produced for. See BIP-143
-    ///        for reference
+    /// @param preimageSha256 The hash that was generated by applying SHA-256
+    ///        one time over the preimage used during input signing. The preimage
+    ///        is a serialized subset of the transaction and its structure
+    ///        depends on the transaction input (see BIP-143 for reference).
+    ///        Notice that applying SHA-256 over the `preimageSha256` results
+    ///        in `sighash`.  The path from `preimage` to `sighash` looks like
+    ///        this:
+    ///        preimage -> (SHA-256) -> preimageSha256 -> (SHA-256) -> sighash
     /// @param signature Bitcoin signature in the R/S/V format
     /// @dev Requirements:
     ///      - Wallet behind `walletPublicKey` must be in Live or MovingFunds
@@ -125,12 +127,13 @@ library Fraud {
     ///      - The challenger must send appropriate amount of ETH used as
     ///        fraud challenge deposit
     ///      - The signature (represented by r, s and v) must be generated by
-    ///        the wallet behind `walletPublicKey` during signing of `sighash`
+    ///        the wallet behind `walletPubKey` during signing of `sighash`
+    ///        which was calculated from `preimageSha256`
     ///      - Wallet can be challenged for the given signature only once
     function submitFraudChallenge(
         BridgeState.Storage storage self,
         bytes calldata walletPublicKey,
-        bytes32 sighash,
+        bytes memory preimageSha256,
         BitcoinTx.RSVSignature calldata signature
     ) external {
         require(
@@ -138,6 +141,12 @@ library Fraud {
             "The amount of ETH deposited is too low"
         );
+        // To prevent ECDSA signature forgery `sighash` must be calculated
+        // inside the function and not passed as a function parameter.
+        // Signature forgery could result in a wrongful fraud accusation
+        // against a wallet.
+        bytes32 sighash = sha256(preimageSha256);
         require(
             CheckBitcoinSigs.checkSig(
                 walletPublicKey,
@@ -338,8 +347,8 @@ library Fraud {
     /// @notice Notifies about defeat timeout for the given fraud challenge.
     ///         Can be called only if there was a fraud challenge identified by
     ///         the provided `walletPublicKey` and `sighash` and it was not
-    ///         defeated on time. The amount of time that needs to pass after a
-    ///         fraud challenge is reported is indicated by the
+    ///         defeated on time. The amount of time that needs to pass after
+    ///         a fraud challenge is reported is indicated by the
     ///         `challengeDefeatTimeout`. After a successful fraud challenge
     ///         defeat timeout notification the fraud challenge is marked as
     ///         resolved, the stake of each operator is slashed, the ether
@@ -348,17 +357,19 @@ library Fraud {
     /// @param walletPublicKey The public key of the wallet in the uncompressed
     ///        and unprefixed format (64 bytes)
     /// @param walletMembersIDs Identifiers of the wallet signing group members
-    /// @param sighash The hash that was used to produce the ECDSA signature
-    ///        that is the subject of the fraud claim. This hash is constructed
-    ///        by applying double SHA-256 over a serialized subset of the
-    ///        transaction. The exact subset used as hash preimage depends on
-    ///        the transaction input the signature is produced for. See BIP-143
-    ///        for reference
+    /// @param preimageSha256 The hash that was generated by applying SHA-256
+    ///        one time over the preimage used during input signing. The preimage
+    ///        is a serialized subset of the transaction and its structure
+    ///        depends on the transaction input (see BIP-143 for reference).
+    ///        Notice that applying SHA-256 over the `preimageSha256` results
+    ///        in `sighash`.  The path from `preimage` to `sighash` looks like
+    ///        this:
+    ///        preimage -> (SHA-256) -> preimageSha256 -> (SHA-256) -> sighash
     /// @dev Requirements:
     ///      - The wallet must be in the Live or MovingFunds or Closing or
     ///        Terminated state
-    ///      - The `walletPublicKey` and `sighash` must identify an open fraud
-    ///        challenge
+    ///      - The `walletPublicKey` and `sighash` calculated from
+    ///        `preimageSha256` must identify an open fraud challenge
     ///      - The expression `keccak256(abi.encode(walletMembersIDs))` must
     ///        be exactly the same as the hash stored under `membersIdsHash`
     ///        for the given `walletID`. Those IDs are not directly stored
@@ -371,8 +382,10 @@ library Fraud {
         BridgeState.Storage storage self,
         bytes calldata walletPublicKey,
         uint32[] calldata walletMembersIDs,
-        bytes32 sighash
+        bytes memory preimageSha256
     ) external {
+        bytes32 sighash = sha256(preimageSha256);
         uint256 challengeKey = uint256(
             keccak256(abi.encodePacked(walletPublicKey, sighash))
         );

package/contracts/vault/TBTCVault.sol CHANGED Viewed

@@ -15,6 +15,8 @@
 pragma solidity ^0.8.9;
+import "@keep-network/random-beacon/contracts/Governable.sol";
 import "./IVault.sol";
 import "../bank/Bank.sol";
 import "../token/TBTC.sol";
@@ -27,7 +29,7 @@ import "../token/TBTC.sol";
 ///         Bank.
 /// @dev TBTC Vault is the owner of TBTC token contract and is the only contract
 ///      minting the token.
-contract TBTCVault is IVault {
+contract TBTCVault is IVault, Governable {
     Bank public bank;
     TBTC public tbtcToken;
@@ -53,6 +55,36 @@ contract TBTCVault is IVault {
         bank = _bank;
         tbtcToken = _tbtcToken;
+        _transferGovernance(msg.sender);
+    }
+    /// @notice Allows the governance of the TBTCVault to recover any ERC20
+    ///         token sent mistakenly to the TBTC token contract address.
+    /// @param token Address of the recovered ERC20 token contract
+    /// @param recipient Address the recovered token should be sent to
+    /// @param amount Recovered amount
+    function recoverERC20(
+        IERC20 token,
+        address recipient,
+        uint256 amount
+    ) external onlyGovernance {
+        tbtcToken.recoverERC20(token, recipient, amount);
+    }
+    /// @notice Allows the governance of the TBTCVault to recover any ERC721
+    ///         token sent mistakenly to the TBTC token contract address.
+    /// @param token Address of the recovered ERC721 token contract
+    /// @param recipient Address the recovered token should be sent to
+    /// @param tokenId Identifier of the recovered token
+    /// @param data Additional data
+    function recoverERC721(
+        IERC721 token,
+        address recipient,
+        uint256 tokenId,
+        bytes calldata data
+    ) external onlyGovernance {
+        tbtcToken.recoverERC721(token, recipient, tokenId, data);
     }
     /// @notice Transfers the given `amount` of the Bank balance from caller

package/export.json CHANGED Viewed

@@ -15858,8 +15858,8 @@
               "name": "walletMembersIDs"
             },
             {
-              "type": "bytes32",
-              "name": "sighash"
+              "type": "bytes",
+              "name": "preimageSha256"
             }
           ],
           "outputs": []
@@ -16652,8 +16652,8 @@
               "name": "walletPublicKey"
             },
             {
-              "type": "bytes32",
-              "name": "sighash"
+              "type": "bytes",
+              "name": "preimageSha256"
             },
             {
               "type": "tuple",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@keep-network/tbtc-v2",
-  "version": "0.1.1-dev.69+main.dfbb76a226cc8930636cd586758768b566a765b5",
+  "version": "0.1.1-dev.71+main.c401bba553c6247e26ab00722d538d700be4be9b",
   "license": "MIT",
   "files": [
     "artifacts/",