npm - @layerzerolabs/onesig-evm - Versions diffs - 0.0.7 → 0.0.9 - Mend

@layerzerolabs/onesig-evm 0.0.7 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/contracts/MultiSig.sol CHANGED Viewed

@@ -1,10 +1,10 @@
-// SPDX-License-Identifier: LZBL-1.2
-// TODO confirm the license
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.22;
 import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 import { EnumerableSet } from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
+import { SelfCallable } from "./lib/SelfCallable.sol";
 /**
  * @title MultiSig
@@ -12,7 +12,7 @@ import { EnumerableSet } from "@openzeppelin/contracts/utils/structs/EnumerableS
  *         Designed to be inherited by contracts requiring multi-signature verification.
  * @dev Uses EnumerableSet to store signer addresses and ECDSA for signature recovery.
  */
-abstract contract MultiSig {
+abstract contract MultiSig is SelfCallable {
     using EnumerableSet for EnumerableSet.AddressSet;
     /**
@@ -28,9 +28,6 @@ abstract contract MultiSig {
     /// @notice Error thrown when a signer address is invalid.
     error InvalidSigner();
-    /// @notice Error thrown when a function is not called from this contract itself.
-    error OnlyMultiSig();
     /// @notice Error thrown when the threshold is set to zero.
     error ZeroThreshold();
@@ -67,12 +64,9 @@ abstract contract MultiSig {
     event ThresholdSet(uint256 threshold);
     /**
-     * @dev Restricts access to functions so they can only be called via this contract itself.
+     * @dev The length of a single signature in bytes (r=32, s=32, v=1).
      */
-    modifier onlyMultiSig() {
-        if (msg.sender != address(this)) revert OnlyMultiSig();
-        _;
-    }
+    uint8 constant SIGNATURE_LENGTH = 65;
     /**
      * @dev Initializes the MultiSig with a list of signers and sets the signature threshold.
@@ -91,7 +85,7 @@ abstract contract MultiSig {
      * @dev This function can only be called by the MultiSig contract itself.
      * @param _threshold The new threshold value.
      */
-    function setThreshold(uint256 _threshold) external onlyMultiSig {
+    function setThreshold(uint256 _threshold) external onlySelfCall {
         _setThreshold(_threshold);
     }
@@ -115,7 +109,7 @@ abstract contract MultiSig {
      * @param _signer The address of the signer to add/remove.
      * @param _active True to add signer, false to remove signer.
      */
-    function setSigner(address _signer, bool _active) external onlyMultiSig {
+    function setSigner(address _signer, bool _active) external onlySelfCall {
         if (_active) {
             _addSigner(_signer);
         } else {
@@ -172,22 +166,23 @@ abstract contract MultiSig {
      */
     function verifyNSignatures(bytes32 _digest, bytes calldata _signatures, uint256 _threshold) public view {
         if (_threshold == 0) revert ZeroThreshold();
-        // Each signature is 65 bytes (r=32, s=32, v=1).
-        if (_signatures.length != _threshold * 65) revert SignatureError();
+        // Each signature is SIGNATURE_LENGTH (65) bytes (r=32, s=32, v=1).
+        if ((_signatures.length % SIGNATURE_LENGTH) != 0) revert SignatureError();
+        uint256 signaturesCount = _signatures.length / SIGNATURE_LENGTH;
+        if (signaturesCount < _threshold) revert SignatureError();
         // There cannot be a signer with address 0, so we start with address(0) to ensure ascending order.
         address lastSigner = address(0);
-        for (uint256 i = 0; i < _threshold; i++) {
-            // Extract a single signature (65 bytes) at a time.
-            bytes calldata signature = _signatures[i * 65:(i + 1) * 65];
+        for (uint256 i = 0; i < signaturesCount; i++) {
+            // Extract a single signature (SIGNATURE_LENGTH (65) bytes) at a time.
+            bytes calldata signature = _signatures[i * SIGNATURE_LENGTH:(i + 1) * SIGNATURE_LENGTH];
             address currentSigner = ECDSA.recover(_digest, signature);
             // Check ordering to avoid duplicates and ensure strictly increasing addresses.
             if (currentSigner <= lastSigner) revert UnsortedSigners();
             // Check if the signer is in our set.
             if (!isSigner(currentSigner)) revert SignerNotFound(currentSigner);
             lastSigner = currentSigner;
         }
     }

package/contracts/OneSig.sol CHANGED Viewed

@@ -1,9 +1,9 @@
-// SPDX-License-Identifier: LZBL-1.2
-// TODO confirm the license
+// SPDX-License-Identifier: GPL-3.0
 pragma solidity ^0.8.22;
 import { MerkleProof } from "@openzeppelin/contracts/utils/cryptography/MerkleProof.sol";
+import { ReentrancyGuard } from "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
 import { MultiSig } from "./MultiSig.sol";
 /**
@@ -14,7 +14,7 @@ import { MultiSig } from "./MultiSig.sol";
  *         provided the Merkle proof is valid and the threshold of signers is met.
  * @dev Inherits from MultiSig for signature threshold logic.
  */
-contract OneSig is MultiSig {
+contract OneSig is MultiSig, ReentrancyGuard {
     /// @notice The version string of the OneSig contract.
     string public constant VERSION = "0.0.1";
@@ -47,7 +47,7 @@ contract OneSig is MultiSig {
             abi.encode(
                 EIP712DOMAIN_TYPE_HASH,
                 keccak256(bytes("OneSig")), // this contract name
-                keccak256(bytes("0.0.1")), // version
+                keccak256(bytes(VERSION)), // version
                 1, // Ethereum mainnet chainId
                 address(0xdEaD) // verifyingContract
             )
@@ -64,7 +64,7 @@ contract OneSig is MultiSig {
      * @dev Because the oneSigId is part of the leaf, the same signatures can be used on different chains,
      *      while leaving each transaction to be targetted towards one
      */
-    uint256 public immutable ONE_SIG_ID;
+    uint64 public immutable ONE_SIG_ID;
     /**
      * @notice A random seed encoded into the signatures/root.
@@ -75,7 +75,7 @@ contract OneSig is MultiSig {
     /**
      * @notice A sequential nonce to prevent replay attacks and enforce transaction ordering.
      */
-    uint256 public nonce;
+    uint64 public nonce;
     /// @notice Emitted when the seed is updated.
     event SeedSet(bytes32 seed);
@@ -134,23 +134,29 @@ contract OneSig is MultiSig {
     constructor(
         address[] memory _signers,
         uint256 _threshold,
-        uint256 _oneSigId,
+        uint64 _oneSigId,
         bytes32 _seed
     ) MultiSig(_signers, _threshold) {
         ONE_SIG_ID = _oneSigId;
+        _setSeed(_seed);
+    }
+    /**
+     * @notice Internal method to set the contract's seed.
+     * @param _seed The new seed value.
+     */
+    function _setSeed(bytes32 _seed) internal virtual {
         seed = _seed;
         emit SeedSet(_seed);
     }
     /**
-     * @notice Sets the contract's seed.
+     * @notice External method to set the contract's seed.
      * @dev Only callable via MultiSig functionality (i.e., requires threshold signatures from signers).
      * @param _seed The new seed value.
      */
-    function setSeed(bytes32 _seed) external onlyMultiSig {
-        seed = _seed;
-        emit SeedSet(_seed);
+    function setSeed(bytes32 _seed) public virtual onlySelfCall {
+        _setSeed(_seed);
     }
     /**
@@ -167,7 +173,7 @@ contract OneSig is MultiSig {
         bytes32 _merkleRoot,
         uint256 _expiry,
         bytes calldata _signatures
-    ) external payable {
+    ) public payable virtual nonReentrant {
         // Verify the merkle root and signatures
         verifyMerkleRoot(_merkleRoot, _expiry, _signatures);
@@ -227,28 +233,24 @@ contract OneSig is MultiSig {
     }
     /**
-     * @notice Encodes the transaction leaf for inclusion in the merkle tree.
+     * @notice Double encodes the transaction leaf for inclusion in the merkle tree.
      * @param _nonce The nonce of the transaction.
      * @param _calls The calls to be made in this transaction.
      * @return The keccak256 hash of the encoded leaf.
      */
-    function encodeLeaf(uint256 _nonce, Call[] calldata _calls) public view returns (bytes32) {
-        /**
-         * The leaves here are NOT 64 bytes long, so they do not need to be double-encoded.
-         *
-         * The attack relies on being able to pass the preimage of the intermediate node
-         * (e.g., `a = h(l₁) + h(l₂)`, which is 64 bytes) as the leaf. Since this contract
-         * does not accept 64-byte leaves, it is impossible to supply a malicious leaf
-         * that matches the required format (`h(l₁) + h(l₂)`), thereby preventing the attack.
-         */
+    function encodeLeaf(uint64 _nonce, Call[] calldata _calls) public view returns (bytes32) {
         return
             keccak256(
                 abi.encodePacked(
-                    LEAF_ENCODING_VERSION,
-                    ONE_SIG_ID,
-                    bytes32(uint256(uint160(address(this)))), // convert address(this) into bytes32
-                    _nonce,
-                    abi.encode(_calls)
+                    keccak256(
+                        abi.encodePacked(
+                            LEAF_ENCODING_VERSION,
+                            ONE_SIG_ID,
+                            bytes32(uint256(uint160(address(this)))), // convert address(this) into bytes32
+                            _nonce,
+                            abi.encode(_calls)
+                        )
+                    )
                 )
             );
     }

package/contracts/lib/SelfCallable.sol ADDED Viewed

@@ -0,0 +1,16 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity ^0.8.22;
+abstract contract SelfCallable {
+    /// @notice Error thrown when attempting to call a function from an invalid address.
+    error OnlySelfCall();
+    /**
+     * @dev Restricts access to functions so they can only be called via this contract itself.
+     */
+    modifier onlySelfCall() {
+        if (msg.sender != address(this)) revert OnlySelfCall();
+        _;
+    }
+}

package/dist/index.js CHANGED Viewed

@@ -1,3 +1,4 @@
+"use strict";
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@layerzerolabs/onesig-evm",
-  "version": "0.0.7",
-  "license": "MIT",
+  "version": "0.0.9",
+  "license": "GPL-3.0-only",
   "exports": {
     ".": {
       "types": "./dist/index.d.ts",
@@ -11,6 +11,7 @@
     "./package.json": "./package.json"
   },
   "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "files": [
     "contracts/**/*.sol",
     "artifacts/contracts/**/!(*.dbg).json",
@@ -34,7 +35,7 @@
   },
   "dependencies": {
     "ethers": "^5.7.2",
-    "@layerzerolabs/onesig-core": "0.0.6"
+    "@layerzerolabs/onesig-core": "0.0.8"
   },
   "devDependencies": {
     "@babel/core": "^7.23.9",
@@ -56,7 +57,7 @@
     "@typechain/hardhat": "^6.1.6",
     "@types/chai": "^4.3.11",
     "@types/mocha": "^10.0.6",
-    "@types/node": "~18.18.14",
+    "@types/node": "20.10.0",
     "chai": "~4.3.10",
     "chai-ethers": "^0.0.1",
     "dotenv": "^16.4.1",

package/typechain-types/@openzeppelin/contracts/utils/ReentrancyGuard.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/* Autogenerated file. Do not edit manually. */
+/* tslint:disable */
+/* eslint-disable */
+import type { BaseContract, Signer, utils } from "ethers";
+import type { Listener, Provider } from "@ethersproject/providers";
+import type {
+  TypedEventFilter,
+  TypedEvent,
+  TypedListener,
+  OnEvent,
+} from "../../../common";
+export interface ReentrancyGuardInterface extends utils.Interface {
+  functions: {};
+  events: {};
+}
+export interface ReentrancyGuard extends BaseContract {
+  connect(signerOrProvider: Signer | Provider | string): this;
+  attach(addressOrName: string): this;
+  deployed(): Promise<this>;
+  interface: ReentrancyGuardInterface;
+  queryFilter<TEvent extends TypedEvent>(
+    event: TypedEventFilter<TEvent>,
+    fromBlockOrBlockhash?: string | number | undefined,
+    toBlock?: string | number | undefined
+  ): Promise<Array<TEvent>>;
+  listeners<TEvent extends TypedEvent>(
+    eventFilter?: TypedEventFilter<TEvent>
+  ): Array<TypedListener<TEvent>>;
+  listeners(eventName?: string): Array<Listener>;
+  removeAllListeners<TEvent extends TypedEvent>(
+    eventFilter: TypedEventFilter<TEvent>
+  ): this;
+  removeAllListeners(eventName?: string): this;
+  off: OnEvent<this>;
+  on: OnEvent<this>;
+  once: OnEvent<this>;
+  removeListener: OnEvent<this>;
+  functions: {};
+  callStatic: {};
+  filters: {};
+  estimateGas: {};
+  populateTransaction: {};
+}

package/typechain-types/@openzeppelin/contracts/utils/index.ts CHANGED Viewed

@@ -3,3 +3,4 @@
 /* eslint-disable */
 import type * as cryptography from "./cryptography";
 export type { cryptography };
+export type { ReentrancyGuard } from "./ReentrancyGuard";

package/typechain-types/contracts/OneSig.ts CHANGED Viewed

@@ -57,7 +57,7 @@ export interface OneSigInterface extends utils.Interface {
     "LEAF_ENCODING_VERSION()": FunctionFragment;
     "ONE_SIG_ID()": FunctionFragment;
     "VERSION()": FunctionFragment;
-    "encodeLeaf(uint256,(address,uint256,bytes)[])": FunctionFragment;
+    "encodeLeaf(uint64,(address,uint256,bytes)[])": FunctionFragment;
     "executeTransaction(((address,uint256,bytes)[],bytes32[]),bytes32,uint256,bytes)": FunctionFragment;
     "getSigners()": FunctionFragment;
     "isSigner(address)": FunctionFragment;

package/typechain-types/contracts/index.ts CHANGED Viewed

@@ -1,6 +1,8 @@
 /* Autogenerated file. Do not edit manually. */
 /* tslint:disable */
 /* eslint-disable */
+import type * as lib from "./lib";
+export type { lib };
 import type * as mocks from "./mocks";
 export type { mocks };
 export type { MultiSig } from "./MultiSig";

package/typechain-types/contracts/lib/SelfCallable.ts ADDED Viewed

@@ -0,0 +1,55 @@
+/* Autogenerated file. Do not edit manually. */
+/* tslint:disable */
+/* eslint-disable */
+import type { BaseContract, Signer, utils } from "ethers";
+import type { Listener, Provider } from "@ethersproject/providers";
+import type {
+  TypedEventFilter,
+  TypedEvent,
+  TypedListener,
+  OnEvent,
+} from "../../common";
+export interface SelfCallableInterface extends utils.Interface {
+  functions: {};
+  events: {};
+}
+export interface SelfCallable extends BaseContract {
+  connect(signerOrProvider: Signer | Provider | string): this;
+  attach(addressOrName: string): this;
+  deployed(): Promise<this>;
+  interface: SelfCallableInterface;
+  queryFilter<TEvent extends TypedEvent>(
+    event: TypedEventFilter<TEvent>,
+    fromBlockOrBlockhash?: string | number | undefined,
+    toBlock?: string | number | undefined
+  ): Promise<Array<TEvent>>;
+  listeners<TEvent extends TypedEvent>(
+    eventFilter?: TypedEventFilter<TEvent>
+  ): Array<TypedListener<TEvent>>;
+  listeners(eventName?: string): Array<Listener>;
+  removeAllListeners<TEvent extends TypedEvent>(
+    eventFilter: TypedEventFilter<TEvent>
+  ): this;
+  removeAllListeners(eventName?: string): this;
+  off: OnEvent<this>;
+  on: OnEvent<this>;
+  once: OnEvent<this>;
+  removeListener: OnEvent<this>;
+  functions: {};
+  callStatic: {};
+  filters: {};
+  estimateGas: {};
+  populateTransaction: {};
+}

package/typechain-types/contracts/lib/index.ts ADDED Viewed

@@ -0,0 +1,4 @@
+/* Autogenerated file. Do not edit manually. */
+/* tslint:disable */
+/* eslint-disable */
+export type { SelfCallable } from "./SelfCallable";

package/typechain-types/factories/@openzeppelin/contracts/utils/ReentrancyGuard__factory.ts ADDED Viewed

@@ -0,0 +1,31 @@
+/* Autogenerated file. Do not edit manually. */
+/* tslint:disable */
+/* eslint-disable */
+import { Contract, Signer, utils } from "ethers";
+import type { Provider } from "@ethersproject/providers";
+import type {
+  ReentrancyGuard,
+  ReentrancyGuardInterface,
+} from "../../../../@openzeppelin/contracts/utils/ReentrancyGuard";
+const _abi = [
+  {
+    inputs: [],
+    name: "ReentrancyGuardReentrantCall",
+    type: "error",
+  },
+] as const;
+export class ReentrancyGuard__factory {
+  static readonly abi = _abi;
+  static createInterface(): ReentrancyGuardInterface {
+    return new utils.Interface(_abi) as ReentrancyGuardInterface;
+  }
+  static connect(
+    address: string,
+    signerOrProvider: Signer | Provider
+  ): ReentrancyGuard {
+    return new Contract(address, _abi, signerOrProvider) as ReentrancyGuard;
+  }
+}

package/typechain-types/factories/@openzeppelin/contracts/utils/index.ts CHANGED Viewed

@@ -2,3 +2,4 @@
 /* tslint:disable */
 /* eslint-disable */
 export * as cryptography from "./cryptography";
+export { ReentrancyGuard__factory } from "./ReentrancyGuard__factory";

package/typechain-types/factories/contracts/MultiSig__factory.ts CHANGED Viewed

@@ -41,7 +41,7 @@ const _abi = [
   },
   {
     inputs: [],
-    name: "OnlyMultiSig",
+    name: "OnlySelfCall",
     type: "error",
   },
   {