Skip to content

Commit

Permalink
US-2040: [Security] ABI Enhancer should not query Github to resolve u…
Browse files Browse the repository at this point in the history
…nknown signatures in the Other Strategy (#110)

* remove GH call to get other transaction signatures

The Other Strategy should only contains the signatures of methods that we believe the app will use regularly, such as RNS manager, Faucet, for now.

* Bump version.

---------

Co-authored-by: Jesse Clark <[email protected]>
  • Loading branch information
rodrigoncalves and jessgusclark authored Dec 1, 2023
1 parent 4b169b9 commit 4db2769
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 107 deletions.
2 changes: 1 addition & 1 deletion packages/abiEnhancer/package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@rsksmart/rif-wallet-abi-enhancer",
"version": "1.0.8",
"version": "1.0.9",
"description": "ABI Enhancer Library",
"main": "dist/index.js",
"types": "dist/index.d.ts",
Expand Down
107 changes: 1 addition & 106 deletions packages/abiEnhancer/src/strategies/OtherEnhanceStrategy.ts
Original file line number Diff line number Diff line change
@@ -1,8 +1,5 @@
import { Provider, TransactionRequest } from '@ethersproject/abstract-provider'
import { EnhancedResult, EnhanceStrategy } from '../AbiEnhancer'
import axios from 'axios'
import { hexDataSlice } from '@ethersproject/bytes'
import { defaultAbiCoder } from '@ethersproject/abi/lib'
import { Interface } from '@ethersproject/abi'
import { Contract } from '@ethersproject/contracts'
import FaucetAbi from './FaucetABI.json'
Expand All @@ -12,66 +9,6 @@ import { JsonRpcProvider } from '@ethersproject/providers'
import { findToken } from './ERC20EnhanceStrategy'
import { getDefaultNodeUrl, getHexSig, getNativeCryptoCurrencySymbol } from '../utils'

const ethList4BytesServiceUrl =
'https://raw.githubusercontent.com/ethereum-lists/4bytes/master/signatures'
const ethList4BytesWithNamesServiceUrl =
'https://raw.githubusercontent.com/ethereum-lists/4bytes/master/with_parameter_names'

const getFunctionSignatures = async (fnHexSig: string) => {
const functionSignaturePromise = axios
.get(`${ethList4BytesServiceUrl}/${fnHexSig}`)
.then(x => x.data)
const functionSignatureWithNamesPromise = axios
.get(`${ethList4BytesWithNamesServiceUrl}/${fnHexSig}`)
.then(x => x.data)

return Promise.all([
functionSignaturePromise,
functionSignatureWithNamesPromise
])
}

const parseSignature = (signatures: string) => {
const INSIDE_PARENTHESIS = 1

const firstSignature = signatures.split(';')[0]
const regexParameters = /\((.*)\)/
const regexNameExpression = /(.*)\(/
const parametersExpression = new RegExp(regexParameters).exec(firstSignature)
const nameExpression = new RegExp(regexNameExpression).exec(firstSignature)

const parameters: string[] = parametersExpression
? parametersExpression[INSIDE_PARENTHESIS].split(',')
: []

const name = nameExpression ? nameExpression[INSIDE_PARENTHESIS] : ''

return [name, parameters] as const
}

const parseSignatureWithParametersNames = (
signaturesWithNames: string,
parametersTypes: string[]
) => {
const INSIDE_PARENTHESIS = 1

const firstSignature = signaturesWithNames.split(';')[0]
const regexParameters = /\((.*)\)/
const parametersExpression = new RegExp(regexParameters).exec(firstSignature)

const parametersNames: string[] = parametersExpression
? parametersExpression[INSIDE_PARENTHESIS].split(',')
: []

for (let index = 0; index < parametersNames.length; index++) {
parametersNames[index] = parametersNames[index]
.replace(`${parametersTypes[index]} `, '')
.replace(/[_\-\s]/g, '')
}

return parametersNames
}

const handleFaucet = async (
hexSig: string,
transactionRequest: TransactionRequest,
Expand Down Expand Up @@ -140,49 +77,7 @@ export class OtherEnhanceStrategy implements EnhanceStrategy {
value: formatBigNumber(BigNumber.from(decodedValue ?? 0), 18)
}
}
let signaturesFounded: string[] | null = []
try {
signaturesFounded = await getFunctionSignatures(hexSig)
} catch {
signaturesFounded = null
}

if (!signaturesFounded) {
return null
}

const [signatures, signaturesWithParametersNames] = signaturesFounded

const [functionName, parametersTypes] = parseSignature(signatures)

let parametersNames: string[] = []
let parametersValues: ReadonlyArray<string> = []

if (parametersTypes.length > 0) {
parametersNames = parseSignatureWithParametersNames(
signaturesWithParametersNames,
parametersTypes
)

parametersValues = defaultAbiCoder.decode(
parametersTypes,
hexDataSlice(transactionRequest.data, 4)
)
}

const result: EnhancedResult = {
...transactionRequest,
functionName,
functionParameters: [],
from: transactionRequest.from,
to: transactionRequest.to
}
for (let index = 0; index < parametersNames.length; index++) {
const name = parametersNames[index]
const value = parametersValues[index]
result.functionParameters?.push({ name, value })
}

return result
return null
}
}

0 comments on commit 4db2769

Please sign in to comment.