Skip to content

Commit

Permalink
fix(relayer): erc20/nft decoding should fail when not valid UTF8 or i…
Browse files Browse the repository at this point in the history
…ncorrect typing (#17637)
  • Loading branch information
cyberhorsey authored Jun 21, 2024
1 parent 04d8c87 commit ba20c21
Show file tree
Hide file tree
Showing 2 changed files with 60 additions and 9 deletions.
3 changes: 3 additions & 0 deletions packages/relayer/indexer/save_event_to_db.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package indexer
import (
"context"
"fmt"
"log/slog"
"math/big"

"github.com/pkg/errors"
Expand All @@ -23,6 +24,8 @@ func (i *Indexer) saveEventToDB(
) (int, error) {
eventType, canonicalToken, amount, err := relayer.DecodeMessageData(eventData, eventValue)
if err != nil {
slog.Error("error decoding message data", "error", err.Error())

return 0, errors.Wrap(err, "relayer.DecodeMessageData")
}

Expand Down
66 changes: 57 additions & 9 deletions packages/relayer/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"fmt"
"math/big"
"time"
"unicode/utf8"

"log/slog"

Expand Down Expand Up @@ -177,11 +178,37 @@ func decodeDataAsERC20(decodedData []byte) (CanonicalToken, *big.Int, error) {
return token, big.NewInt(0), err
}

token.ChainId = values[0].(uint64)
token.Addr = values[1].(common.Address)
token.Decimals = uint8(values[2].(uint8))
token.Symbol = values[3].(string)
token.Name = values[4].(string)
// Type assertions and validations
chainId, ok := values[0].(uint64)
if !ok {
return token, big.NewInt(0), errors.New("invalid chainId type")
}

addr, ok := values[1].(common.Address)
if !ok {
return token, big.NewInt(0), errors.New("invalid address type")
}

decimals, ok := values[2].(uint8)
if !ok {
return token, big.NewInt(0), errors.New("invalid decimals type")
}

symbol, ok := values[3].(string)
if !ok || !utf8.ValidString(symbol) {
return token, big.NewInt(0), errors.New("invalid symbol string")
}

name, ok := values[4].(string)
if !ok || !utf8.ValidString(name) {
return token, big.NewInt(0), errors.New("invalid name string")
}

token.ChainId = chainId
token.Addr = addr
token.Decimals = decimals
token.Symbol = symbol
token.Name = name

amount, ok := new(big.Int).SetString(common.Bytes2Hex((chunks[canonicalTokenDataStartingindex+3])), 16)
if !ok {
Expand Down Expand Up @@ -225,10 +252,31 @@ func decodeDataAsNFT(decodedData []byte) (EventType, CanonicalToken, *big.Int, e
return EventTypeSendETH, token, big.NewInt(0), err
}

token.ChainId = values[0].(uint64)
token.Addr = values[1].(common.Address)
token.Symbol = values[2].(string)
token.Name = values[3].(string)
// Type assertions and validations
chainId, ok := values[0].(uint64)
if !ok {
return EventTypeSendETH, token, big.NewInt(0), errors.New("invalid chainId type")
}

addr, ok := values[1].(common.Address)
if !ok {
return EventTypeSendETH, token, big.NewInt(0), errors.New("invalid address type")
}

symbol, ok := values[2].(string)
if !ok || !utf8.ValidString(symbol) {
return EventTypeSendETH, token, big.NewInt(0), errors.New("invalid symbol string")
}

name, ok := values[3].(string)
if !ok || !utf8.ValidString(name) {
return EventTypeSendETH, token, big.NewInt(0), errors.New("invalid name string")
}

token.ChainId = chainId
token.Addr = addr
token.Symbol = symbol
token.Name = name

if offset.Int64() == 128 {
amount := big.NewInt(1)
Expand Down

0 comments on commit ba20c21

Please sign in to comment.