fix: validate local signer in initiateTx#56
Closed
mattsu6666 wants to merge 5 commits into
Closed
Conversation
⛽ Gas Usage ChangesComparison against Click to view gas difftest_initAuthState_DelegatesToAuthManager() (gas: +6 (0.008%))
test_sign_DelegatesToAuthManager() (gas: +6 (0.012%))
test_sign_IgnoresUnknownSigners() (gas: +27 (0.013%))
test_getAuthState_ReturnsCorrectRemainingSigners() (gas: +54 (0.015%))
test_sign_IgnoresDuplicateSignatures() (gas: +54 (0.019%))
test_initAuthState_HandlesDuplicateSigners() (gas: +54 (0.019%))
test_initAuthState_Succeeds() (gas: +54 (0.020%))
test_setStateFromRemainingList_HandlesDuplicatesAndReturnsRemains() (gas: +54 (0.021%))
test_getRemainingSigners_TracksSigningProgress() (gas: +81 (0.023%))
test_initiateTx_RevertWhen_TimeoutHeightExpired() (gas: +74 (0.126%))
test_initiateTx_RevertWhen_ChainIDMismatch() (gas: +85 (0.139%))
test_initiateTx_RevertWhen_TimeoutTimestampExpired() (gas: +206 (0.347%))
test_getRequiredAccounts_ReturnsEmptyArrayWhenNoSigners() (gas: +328 (0.470%))
test_getRequiredAccounts_ReturnsEmptyArrayWhenNoTxs() (gas: +204 (0.498%))
test_constructor_SetsChainIDHash() (gas: +43 (0.517%))
test_getRequiredAccounts_AggregatesSigners() (gas: +3148 (1.180%))
test_initiateTx_RevertWhen_txIDAlreadyExists() (gas: +2753 (1.770%))
test_selfXCC_ReturnsCorrectChannelInfo() (gas: +308 (1.806%))
test_constructor_GrantsIbcRoleWhenDebugModeTrue() (gas: +86619 (2.655%))
test_constructor_DoesNotGrantIbcRoleWhenDebugModeFalse() (gas: +86619 (2.673%))
test_extSignTx_SucceedsAsCompletedAndEmitsEvent() (gas: +2267 (2.693%))
test_initialize_SucceedsAndEmitsEvents() (gas: -55941 (-3.573%))
test_initialize_RevertWhen_ArrayLengthMismatch() (gas: -55897 (-3.678%))
test_initialize_RevertWhen_AlreadyInitialized() (gas: -55891 (-3.767%))
test_verifySignatures_DelegatesToAuthManager() (gas: +1860 (3.789%))
test_initialize_RevertWhen_EmptyTypeUrl() (gas: -55902 (-3.835%))
test_initialize_RevertWhen_ZeroAddressVerifier() (gas: -55903 (-4.006%))
test_initialize_SucceedsWithEmptyArrays() (gas: -55865 (-4.013%))
test_extSignTx_RevertsIf_VerificationFails() (gas: +2268 (4.628%))
test_extSignTx_SucceedsAsPending() (gas: +2267 (5.117%))
test_verifySignatures_RevertWhen_StaticCallFails() (gas: +1806 (5.746%))
test_verifySignatures_RevertWhen_VerifierReturnsFalse() (gas: +1914 (5.905%))
test_verifySignatures_SucceedsSingleSigner() (gas: +1792 (6.357%))
test_verifySignatures_SucceedsMultipleSigners() (gas: +3243 (7.624%))
test_verifySignatures_RevertWhen_VerifierNotFound() (gas: +2195 (8.005%))
test_verifySignatures_RevertWhen_AuthModeMismatch() (gas: +2264 (9.573%))
test_verifySignatures_RevertWhen_TooManySigners() (gas: +65609 (44.755%))
test_initiateTx_SucceedsAsVerifiedWhenSignersMet() (gas: +203879 (65.921%))
test_initiateTx_SucceedsAsPendingWhenSignersNotMet() (gas: +196974 (72.340%))
Overall gas change: 333716 (0.031%)
Calculated by Foundry Gas Snapshot Action |
LCOV of commit
|
2c66e15 to
27e3a45
Compare
There was a problem hiding this comment.
Pull request overview
This PR closes an authentication bypass in initiateTx by enforcing that AUTH_MODE_LOCAL initiation is tied to msg.sender, aligning initiateTx authentication semantics with signTx and tightening the initiation signer constraints.
Changes:
- Enforce
initiateTxto require exactly one signer, withauth_type.mode == AUTH_MODE_LOCAL. - Validate that the provided signer ID matches
abi.encodePacked(msg.sender)duringinitiateTx. - Update Solidity and Go tests (and gas snapshot) to reflect the new initiation signer requirements.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
test/Initiator.t.sol |
Updates Initiator tests to use a local signer derived from address(this) and adds revert tests for invalid signer configurations. |
src/core/Initiator.sol |
Adds _validateLocalSigner and calls it from initiateTx to prevent local-auth initiation bypass. |
pkg/testing/cross_test.go |
Adjusts Go-side initiateTx test input to use opts.From.Bytes() as the local signer ID. |
package-lock.json |
Lockfile metadata adjustment (removes peer: true flags in a couple entries). |
.gas-snapshot |
Updates gas baselines reflecting added validation and updated test inputs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Slither reportSummary
uninitialized-localImpact: Medium
cross-solidity/src/core/Initiator.sol Line 112 in 57e5f09 |
043dbbe to
dfe80c0
Compare
dfe80c0 to
1896b29
Compare
1896b29 to
fd99c04
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
There was a bug in
initiateTxthat allowed authentication to be bypassed.This PR fixes it by authenticating
AUTH_MODE_LOCALsigners ininitiateTxbased onmsg.sender, in the same way assignTx.Unlike the Go implementation,cross-soliditynow enforces a constraint forinitiateTx: exactly one signer must be provided and authenticated.ethereum-cross-demo will be updated in a separate PR after this PR is merged.
2026-06-19 Update:
AUTH_MODE_EXTENSIONininitiateTxto ensure consistency with Cross in Go.cross-soliditynow supports bothAUTH_MODE_LOCALandAUTH_MODE_EXTENSION.2026-06-20 Update:
initiateTxto support bothAUTH_MODE_LOCALandAUTH_MODE_EXTENSIONwithin a single transaction.