[Contract] Increased security by including chain IDs in signatures

bosagora · Feb 20, 2024 · 4a35ae0 · 4a35ae0
1 parent bf5d3bc
commit 4a35ae0
Show file tree

Hide file tree

Showing 26 changed files with 1,536 additions and 746 deletions.
diff --git a/packages/contracts/contracts/controllers/LoyaltyBridge.sol b/packages/contracts/contracts/controllers/LoyaltyBridge.sol
@@ -83,7 +83,9 @@ contract LoyaltyBridge is LoyaltyBridgeStorage, Initializable, OwnableUpgradeabl
         bytes calldata _signature
     ) external override notExistDeposit(_depositId) {
         require(_account != foundationAccount, "1052");
-        bytes32 dataHash = keccak256(abi.encode(_account, address(this), _amount, ledgerContract.nonceOf(_account)));
+        bytes32 dataHash = keccak256(
+            abi.encode(_account, address(this), _amount, block.chainid, ledgerContract.nonceOf(_account))
+        );
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
         require(ledgerContract.loyaltyTypeOf(_account) == ILedger.LoyaltyType.TOKEN, "1520");
         require(ledgerContract.tokenBalanceOf(_account) >= _amount, "1511");

diff --git a/packages/contracts/contracts/controllers/LoyaltyBurner.sol b/packages/contracts/contracts/controllers/LoyaltyBurner.sol
@@ -71,7 +71,7 @@ contract LoyaltyBurner is LoyaltyBurnerStorage, Initializable, OwnableUpgradeabl
         // Get a hash of all the data
         bytes32[] memory messages = new bytes32[](_data.length);
         for (uint256 i = 0; i < _data.length; i++) {
-            messages[i] = keccak256(abi.encode(_data[i].account, _data[i].phone, _data[i].amount));
+            messages[i] = keccak256(abi.encode(_data[i].account, _data[i].phone, _data[i].amount, block.chainid));
         }
         bytes32 dataHash = keccak256(abi.encode(_height, messages.length, messages));
 

diff --git a/packages/contracts/contracts/controllers/LoyaltyConsumer.sol b/packages/contracts/contracts/controllers/LoyaltyConsumer.sol
@@ -94,6 +94,7 @@ contract LoyaltyConsumer is LoyaltyConsumerStorage, Initializable, OwnableUpgrad
                 data.currency,
                 data.shopId,
                 data.account,
+                block.chainid,
                 ledgerContract.nonceOf(data.account)
             )
         );
@@ -297,6 +298,7 @@ contract LoyaltyConsumer is LoyaltyConsumerStorage, Initializable, OwnableUpgrad
                 _paymentId,
                 loyaltyPayments[_paymentId].purchaseId,
                 shopInfo.account,
+                block.chainid,
                 ledgerContract.nonceOf(shopInfo.account)
             )
         );

diff --git a/packages/contracts/contracts/controllers/LoyaltyExchanger.sol b/packages/contracts/contracts/controllers/LoyaltyExchanger.sol
@@ -55,7 +55,7 @@ contract LoyaltyExchanger is LoyaltyExchangerStorage, Initializable, OwnableUpgr
     /// @notice 사용가능한 포인트로 전환합니다.
     /// @dev 중계서버를 통해서 호출됩니다.
     function changeToPayablePoint(bytes32 _phone, address _account, bytes calldata _signature) external virtual {
-        bytes32 dataHash = keccak256(abi.encode(_phone, _account, ledgerContract.nonceOf(_account)));
+        bytes32 dataHash = keccak256(abi.encode(_phone, _account, block.chainid, ledgerContract.nonceOf(_account)));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
 
         address userAddress = linkContract.toAddress(_phone);
@@ -79,7 +79,7 @@ contract LoyaltyExchanger is LoyaltyExchangerStorage, Initializable, OwnableUpgr
     /// @param _signature 서명
     /// @dev 중계서버를 통해서 호출됩니다.
     function changeToLoyaltyToken(address _account, bytes calldata _signature) external virtual {
-        bytes32 dataHash = keccak256(abi.encode(_account, ledgerContract.nonceOf(_account)));
+        bytes32 dataHash = keccak256(abi.encode(_account, block.chainid, ledgerContract.nonceOf(_account)));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
 
         if (ledgerContract.loyaltyTypeOf(_account) != ILedger.LoyaltyType.TOKEN) {

diff --git a/packages/contracts/contracts/controllers/LoyaltyProvider.sol b/packages/contracts/contracts/controllers/LoyaltyProvider.sol
@@ -120,7 +120,8 @@ contract LoyaltyProvider is LoyaltyProviderStorage, Initializable, OwnableUpgrad
                     data.shopId,
                     data.account,
                     data.phone,
-                    data.sender
+                    data.sender,
+                    block.chainid
                 )
             );
         }

diff --git a/packages/contracts/contracts/controllers/LoyaltyTransfer.sol b/packages/contracts/contracts/controllers/LoyaltyTransfer.sol
@@ -38,7 +38,7 @@ contract LoyaltyTransfer is LoyaltyTransferStorage, Initializable, OwnableUpgrad
     function transferToken(address _from, address _to, uint256 _amount, bytes calldata _signature) external {
         require(_from != foundationAccount, "1051");
         require(_to != foundationAccount, "1052");
-        bytes32 dataHash = keccak256(abi.encode(_from, _to, _amount, ledgerContract.nonceOf(_from)));
+        bytes32 dataHash = keccak256(abi.encode(_from, _to, _amount, block.chainid, ledgerContract.nonceOf(_from)));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _from, "1501");
         require(ledgerContract.loyaltyTypeOf(_from) == ILedger.LoyaltyType.TOKEN, "1520");
         require(ledgerContract.loyaltyTypeOf(_to) == ILedger.LoyaltyType.TOKEN, "1520");

diff --git a/packages/contracts/contracts/currency/CurrencyRate.sol b/packages/contracts/contracts/currency/CurrencyRate.sol
@@ -59,7 +59,7 @@ contract CurrencyRate is CurrencyStorage, Initializable, OwnableUpgradeable, UUP
         // Get a hash of all the data
         bytes32[] memory messages = new bytes32[](_data.length);
         for (uint256 i = 0; i < _data.length; i++) {
-            messages[i] = keccak256(abi.encode(_data[i].symbol, _data[i].rate));
+            messages[i] = keccak256(abi.encode(_data[i].symbol, _data[i].rate, block.chainid));
         }
         bytes32 dataHash = keccak256(abi.encode(_height, messages.length, messages));
 

diff --git a/packages/contracts/contracts/ledger/Ledger.sol b/packages/contracts/contracts/ledger/Ledger.sol
@@ -428,7 +428,7 @@ contract Ledger is LedgerStorage, Initializable, OwnableUpgradeable, UUPSUpgrade
     }
 
     function removePhoneInfo(address _account, bytes calldata _signature) external {
-        bytes32 dataHash = keccak256(abi.encode(_account, nonce[_account]));
+        bytes32 dataHash = keccak256(abi.encode(_account, block.chainid, nonce[_account]));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
 
         nonce[_account]++;

diff --git a/packages/contracts/contracts/shop/Shop.sol b/packages/contracts/contracts/shop/Shop.sol
@@ -104,7 +104,7 @@ contract Shop is ShopStorage, Initializable, OwnableUpgradeable, UUPSUpgradeable
     ) external virtual {
         require(shops[_shopId].status == ShopStatus.INVALID, "1200");
         require(currencyRate.support(_currency), "1211");
-        bytes32 dataHash = keccak256(abi.encode(_shopId, _account, nonce[_account]));
+        bytes32 dataHash = keccak256(abi.encode(_shopId, _account, block.chainid, nonce[_account]));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
 
         ShopData memory data = ShopData({
@@ -147,7 +147,7 @@ contract Shop is ShopStorage, Initializable, OwnableUpgradeable, UUPSUpgradeable
         require(currencyRate.support(_currency), "1211");
         require(shops[id].account == _account, "1050");
 
-        bytes32 dataHash = keccak256(abi.encode(id, _account, nonce[_account]));
+        bytes32 dataHash = keccak256(abi.encode(id, _account, block.chainid, nonce[_account]));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
 
         shops[id].name = _name;
@@ -191,7 +191,7 @@ contract Shop is ShopStorage, Initializable, OwnableUpgradeable, UUPSUpgradeable
         require(shops[id].status != ShopStatus.INVALID, "1201");
         require(shops[id].account == _account, "1050");
 
-        bytes32 dataHash = keccak256(abi.encode(id, _account, nonce[_account]));
+        bytes32 dataHash = keccak256(abi.encode(id, _account, block.chainid, nonce[_account]));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
 
         shops[id].status = _status;
@@ -348,7 +348,7 @@ contract Shop is ShopStorage, Initializable, OwnableUpgradeable, UUPSUpgradeable
         bytes calldata _signature
     ) external virtual {
         require(shops[_shopId].status == ShopStatus.ACTIVE, "1202");
-        bytes32 dataHash = keccak256(abi.encode(_shopId, _account, nonce[_account]));
+        bytes32 dataHash = keccak256(abi.encode(_shopId, _account, block.chainid, nonce[_account]));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
 
         require(_amount % 1 gwei == 0, "1030");
@@ -373,7 +373,7 @@ contract Shop is ShopStorage, Initializable, OwnableUpgradeable, UUPSUpgradeable
     /// @param _shopId 상점아이디
     function closeWithdrawal(bytes32 _shopId, address _account, bytes calldata _signature) external virtual {
         require(shops[_shopId].status == ShopStatus.ACTIVE, "1202");
-        bytes32 dataHash = keccak256(abi.encode(_shopId, _account, nonce[_account]));
+        bytes32 dataHash = keccak256(abi.encode(_shopId, _account, block.chainid, nonce[_account]));
         require(ECDSA.recover(ECDSA.toEthSignedMessageHash(dataHash), _signature) == _account, "1501");
 
         ShopData memory shop = shops[_shopId];

diff --git a/packages/contracts/deploy/bosagora_devnet/deploy.ts b/packages/contracts/deploy/bosagora_devnet/deploy.ts
@@ -752,11 +752,8 @@ async function deployLedger(accounts: IAccount, deployment: Deployments) {
             const userAccount = ContractUtils.getPhoneHash(user.phone);
             if ((await linkContract.toAddress(userAccount)) !== user.address) {
                 const userNonce = await linkContract.nonceOf(user.address);
-                const userSignature = await ContractUtils.signRequestHash(
-                    new Wallet(user.privateKey),
-                    userAccount,
-                    userNonce
-                );
+                const msg = ContractUtils.getRequestMessage(userAccount, user.address, userNonce);
+                const userSignature = await ContractUtils.signMessage(new Wallet(user.privateKey), msg);
                 const reqId2 = ContractUtils.getRequestId(userAccount, user.address, userNonce);
                 const tx14 = await linkContract
                     .connect(accounts.linkValidators[0])

diff --git a/packages/contracts/package.json b/packages/contracts/package.json
@@ -49,13 +49,13 @@
         "assert": "^2.0.0",
         "chai": "^4.3.7",
         "chai-http": "^4.3.7",
-        "del-osx-artifacts": "^2.1.0",
+        "del-osx-artifacts": "^2.2.0",
         "dotenv": "^10.0.0",
         "ethereum-waffle": "^4.0.10",
         "ethers": "npm:boa-ethers2@^5.7.9",
         "hardhat": "^2.12.7",
         "hardhat-gas-reporter": "^1.0.7",
-        "loyalty-tokens": "^1.0.4",
+        "loyalty-tokens": "^1.0.5",
         "mocha": "10.1.0",
         "multisig-wallet-contracts": "^1.1.0",
         "prettier": "^2.5.1",