Merge pull request #45 from SurfingNerd/i5-slither

ECDSA fix & solhint & slither
DMDcoin · Aug 30, 2024 · f43d4ce · f43d4ce
2 parents 10065b1 + f6cd46e
commit f43d4ce
Show file tree

Hide file tree

Showing 23 changed files with 306,118 additions and 418 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [18.x]
+        node-version: [20.x]
         # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
     steps:
     - uses: actions/checkout@v2
@@ -19,6 +19,7 @@ jobs:
     - run: npm ci
     - run: npm test
     - run: npm run coverage
+    - run: npm run solhint
     - name: Coveralls
       uses: coverallsapp/github-action@master
       with:

diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml
@@ -0,0 +1,28 @@
+name: Slither Analysis
+
+on:
+    push:
+    pull_request:
+
+jobs:
+    analyze:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            security-events: write
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v3
+
+            - name: Run Slither
+              uses: crytic/[email protected]
+              id: slither
+              with:
+                  node-version: 20
+                  sarif: results.sarif
+                  fail-on: none
+
+            - name: Upload SARIF file
+              uses: github/codeql-action/upload-sarif@v2
+              with:
+                  sarif_file: ${{ steps.slither.outputs.sarif }}
diff --git a/.solhint.json b/.solhint.json
@@ -0,0 +1,8 @@
+{
+    "extends": "solhint:default",
+    "plugins": [],
+    "rules": {
+      "code-complexity": ["warn", 20],
+      "function-max-lines": ["warn", 137]
+    }
+  }
diff --git a/README.md b/README.md
@@ -1,5 +1,6 @@
 # diamond-contracts-claiming
 
-[![Coverage Status](https://coveralls.io/repos/github/SurfingNerd/diamond-contracts-claiming/badge.svg?branch=i2-coverall-integration)](https://coveralls.io/github/SurfingNerd/diamond-contracts-claiming?branch=i2-coverall-integration)
+[![Coverage Status](https://coveralls.io/repos/github/DMDcoin/diamond-contracts-claiming/badge.svg?branch=main)](https://coveralls.io/github/DMDcoin/diamond-contracts-claiming?branch=main)
+
 
 claiming contracts
diff --git a/api/src/cryptoHelpers.ts b/api/src/cryptoHelpers.ts
@@ -1,18 +1,22 @@
 export function remove0x(input: string) {
   if (input.startsWith('0x')) {
-    return input.substring(2);
+    input = input.substring(2);
   }
+
+  // console.log("remove0x input:", input);
+  // we prepent a 0 if the string is missing a hex digit.
+  if (input.length % 2 != 0) { 
+    // console.log("prepending 0 to hex string:", input);
+    return '0' + input;
+  }
+
   return input;
 }
 
 export function ensure0xb32(input: string) : string {
 
   let buf = hexToBuf(input);
 
-  if (buf.length == 32) {
-    return input;
-  }
-
   //let buf = new Buffer() 
   //while (buf.length < 32) {
 
@@ -23,6 +27,9 @@ export function ensure0xb32(input: string) : string {
 
   let prefix = Buffer.alloc(32 - buf.length, 0);
   let resultBuf = Buffer.concat([prefix, buf]);
+
+  //console.log("resultBuf:", resultBuf.toString('hex'));
+  //console.log("result:", ensure0x(resultBuf));
   return ensure0x(resultBuf);
 }
 

diff --git a/api/src/cryptoJS.ts b/api/src/cryptoJS.ts
@@ -70,7 +70,7 @@ export class CryptoJS {
    * @param x x coordinate of the public key, with prefix 0x
    * @param y y coordinate of the public key, with prefix 0x
    */
-  public publicKeyToBitcoinAddress(publicKey: string): string {
+  public publicKeyToDMDAddress(publicKey: string): string {
 
     // const hash = bitcoinMessage.magicHash(publicKeyBuffer, CryptoJS.getSignaturePrefix(false));
     // const publicKey = secp256k1.publicKeyConvert(publicKeyBuffer, true);
@@ -193,6 +193,7 @@ export class CryptoJS {
       parsed.compressed
     );
 
+
     //we now have the public key
     //public key is the X Value with a prefix.
     //it's 02 or 03 prefix, depending if y is ODD or not.
@@ -205,11 +206,13 @@ export class CryptoJS {
     const key = ec.keyFromPublic(publicKey);
     //const x = ethers.hexlify(publicKey.slice(1));
     //this.log("x: " + x);
+    // this.log("key:", key);
+
     const x = ensure0x(key.getPublic().getX().toString('hex'));
     const y = ensure0x(key.getPublic().getY().toString('hex'));
 
-
-    this.log("y: " + y);
+    this.log("x:", x)
+    this.log("y:", y);
 
     return { publicKey: ethers.hexlify(publicKey), x, y };
   }
@@ -229,7 +232,7 @@ export class CryptoJS {
 
   public bitcoinAddressEssentialToFullQualifiedAddress(essentialPart: string, addressPrefix = '00') {
 
-    // this.log('PublicKeyToBitcoinAddress:', essentialPart);
+    // this.log('publicKeyToDMDAddress:', essentialPart);
     let result = hexToBuf(essentialPart);
     result = prefixBuf(result, addressPrefix);
     //this.log('with prefix: ' + result.toString('hex'));

diff --git a/api/src/cryptoSol.ts b/api/src/cryptoSol.ts
@@ -35,8 +35,17 @@ export class CryptoSol {
 
     let postfixHex = stringToUTF8Hex(postfix);
 
-    const claimMessage = await this.instance.createClaimMessage(dmdV4Address, postfixHex);
-    this.log('Claim Message: ' , claimMessage);
+    const claimMessageHex = await this.instance.createClaimMessage(dmdV4Address, postfixHex);
+    this.log('Claiming:');
+    this.log('dmdV3Address:', dmdV3Address);
+    this.log('dmdV4Address:', dmdV3Address);
+    this.log('signature:', signature);
+    this.log('postfix:', postfix);
+    this.log('Claim Message hex: ' , claimMessageHex);
+
+    // convert the hexstring to a string.
+    const claimMessage = hexToBuf(claimMessageHex).toString('utf-8');
+    this.log("claimMessage: ", claimMessage);
 
     let prefixString = await this.prefixString();
     const pubkey = this.cryptoJS.getPublicKeyFromSignature(signature,  prefixString + dmdV4Address + postfix, true);
@@ -49,7 +58,7 @@ export class CryptoSol {
     this.log("pub key x:", pubKeyX);
     this.log("pub key y:", pubKeyY);
 
-    let dmdV3AddressFromSignaturesHex = await this.instance.publicKeyToBitcoinAddress(pubKeyX, pubKeyY);
+    let dmdV3AddressFromSignaturesHex = await this.instance.publicKeyToDMDAddress(pubKeyX, pubKeyY);
 
     this.log('dmdV3AddressFromSignaturesHex:   ', dmdV3AddressFromSignaturesHex);
     this.log('dmdV3AddressFromSignaturesBase58:', base58check.encode(remove0x(dmdV3AddressFromSignaturesHex)));
@@ -65,6 +74,10 @@ export class CryptoSol {
 
   public async recoverV(dmdV4Address: string, postfixHex: string, pubKeyX: string, pubKeyY: string, r: Buffer, s: Buffer) : Promise<string> {
 
+    this.log("recoverV:", pubKeyX, pubKeyY);
+
+    // trim away leading X.
+
     if (await this.instance.claimMessageMatchesSignature(dmdV4Address, postfixHex, pubKeyX, pubKeyY, "0x1b", r, s)) { 
       return "0x1b";
     }
@@ -73,7 +86,7 @@ export class CryptoSol {
       return "0x1c";
     }
 
-    throw Error("Could not match signature");
+    throw Error("Could not match signature, v could not be retrieved.");
   }
 
   public setLogDebug(value: boolean) {