Merge pull request #35 from lightclient/fix-audit

all: prague audit fixes

Author: lightclient

.github/workflows/test.yml

@@ -27,8 +27,8 @@ jobs:
       - name: Run Forge build
         run: |
           forge --version
-          ./build-wrapper build --sizes
+          forge build --sizes
         id: build
       - name: Run Forge tests
-        run: ./build-wrapper test -vvv
+        run: forge test -vvv
         id: test

.gitignore

@@ -1,3 +1,2 @@
 cache/
 out/
-test/*.t.sol

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "lib/forge-std"]
 	path = lib/forge-std
 	url = https://github.com/foundry-rs/forge-std
+[submodule "lib/geas-ffi"]
+	path = lib/geas-ffi
+	url = https://github.com/lightclient/geas-ffi

README.md

@@ -26,10 +26,10 @@ $ geas src/withdrawals/main.eas
 
 ## Testing
 
-The tests can be executed using the `build-wrapper` script with the same arguments as [forge][forge]:
+The tests can be executed using [forge][forge]:
 
 ```console
-$ ./build-wrapper test
+$ forge test
 [⠒] Compiling...
 [⠒] Compiling 1 files with 0.8.14
 [⠢] Solc 0.8.14 finished in 976.49ms

build-wrapper

@@ -1,4 +1,6 @@
 [profile.default]
+evm_version = 'prague'
 src = 'src'
 out = 'out'
+ffi = true
 libs = ['lib']

foundry.toml

@@ -43,3 +43,9 @@ swap1       ;; [accum, output, i, numer, denom]
 swap4       ;; [denom, output, i, numer, accum]
 swap1       ;; [output, denom, i, numer, accum]
 div         ;; [output / denom, i , numer, accum]
+
+;; clean up stack
+swap3       ;; [accum, i, numer, result]
+pop         ;; [i, numer, result]
+pop         ;; [numer, result]
+pop         ;; [result]

lib/geas-ffi

@@ -201,7 +201,7 @@ handle_input:
 ;; reset.
 read_requests:
   ;; Determine the size of the queue by calculating tail - head.
-  push QUEUE_TAIL       ;; [tail_idx_slot, head_idx, head_idx]
+  push QUEUE_TAIL       ;; [tail_idx_slot]
   sload                 ;; [tail_idx]
   push QUEUE_HEAD       ;; [head_idx_slot, tail_idx]
   sload                 ;; [head_idx, tail_idx]
@@ -369,7 +369,7 @@ update_excess:
   iszero                ;; [inhibitor != excess, excess, count]
   jumpi @skip_reset     ;; [excess, count]
 
-  ;; Drop the excess from storage and use 0.
+  ;; Drop the excess from stack and use 0.
   pop                   ;; [count]
   push 0                ;; [reset_excess, count]
 

src/common/fake_expo.eas

@@ -14,16 +14,9 @@
 ;; BUFLEN returns the HISTORY_BUFFER_LENGTH as defined in the EIP.
 #define BUFLEN 8191
 
-;; SYSADDR is the address which calls the contract to submit a new root.
+;; SYSADDR is the address which calls the contract to submit a new block hash.
 #define SYSADDR 0xfffffffffffffffffffffffffffffffffffffffe
 
-;; do_revert sets up and then executes a revert(0,0) operation.
-#define %do_revert() {
-  push 0            ;; [0]
-  push 0            ;; [0, 0]
-  revert            ;; []
-}
-
 ;; ----------------------------------------------------------------------------
 ;; MACROS END -----------------------------------------------------------------
 ;; ----------------------------------------------------------------------------
@@ -37,20 +30,18 @@
   jumpi @submit     ;; []
 
   ;; Fallthrough if addresses don't match -- this means the caller intends
-  ;; to read a root.
+  ;; to read a block hash.
 
   ;; Verify input is 32 bytes long.
   push 32           ;; [32]
   calldatasize      ;; [calldatasize, 32]
-  eq                ;; [calldatasize == 32]
+  sub               ;; [calldatasize - 32]
 
   ;; Jump to continue if length-check passed, otherwise revert.
-  jumpi @load       ;; []
-  %do_revert()      ;; []
+  jumpi @throw      ;; []
 
-load:
-  ;; Check if input is requesting a block hash greater than current block
-  ;; number.
+  ;; Check if input is requesting a block hash greater than current block number
+  ;; minus 1.
   push 0            ;; [0]
   calldataload      ;; [input]
   push 1            ;; [1, input]
@@ -62,13 +53,11 @@ load:
 
   ;; Check if the input is requesting a block hash before the earliest available
   ;; hash currently. Since we've verfied that input <= number - 1, it's safe to
-  ;; check the following:
-  ;; number - 1 - input <= BUFLEN, which also equals: number - input < BUFLEN
-  dup1              ;; [input, input]
-  number            ;; [number, input, input]
-  sub               ;; [number - input, input]
-  push BUFLEN+1     ;; [buflen, number - input, input]
-  lt                ;; [buflen < number - input, input]
+  push BUFLEN       ;; [buflen, input]
+  dup2              ;; [input, buflen, input]
+  number            ;; [number, input, buflen, input]
+  sub               ;; [number - input, buflen, input]
+  gt                ;; [number - input > buflen, input]
   jumpi @throw      ;; [input]
 
   ;; Load the hash.
@@ -86,8 +75,9 @@ load:
 
 throw:
   ;; Reverts current execution with no return data.
-  pop
-  %do_revert()
+  push 0            ;; [0]
+  push 0            ;; [0, 0]
+  revert            ;; []
 
 submit:
   push 0            ;; [0]