From 227dd12aed60f4c773c778abcec20b77a427ebe2 Mon Sep 17 00:00:00 2001 From: Arr00 <13561405+arr00@users.noreply.github.com> Date: Wed, 7 Feb 2024 09:35:59 -0500 Subject: [PATCH 1/2] Ensure contribution router target is a contract --- contracts/crowdfund/ContributionRouter.sol | 5 +++++ test/crowdfund/ContributionRouter.t.sol | 16 ++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/contracts/crowdfund/ContributionRouter.sol b/contracts/crowdfund/ContributionRouter.sol index 30e8dea7b..aaa5feb56 100644 --- a/contracts/crowdfund/ContributionRouter.sol +++ b/contracts/crowdfund/ContributionRouter.sol @@ -15,6 +15,8 @@ contract ContributionRouter { event ClaimedFees(address indexed partyDao, address indexed recipient, uint256 amount); error OnlyOwner(); + /// @notice Thrown if the target is not a smart contract. + error InvalidTarget(); /// @notice The address allowed to claim fees from the contract. address public immutable OWNER; @@ -73,9 +75,12 @@ contract ContributionRouter { uint256 feeAmount = _storage.feePerMint; _storage.caller = msg.sender; address target; + uint256 targetCodeSize; assembly { target := shr(96, calldataload(sub(calldatasize(), 20))) + targetCodeSize := extcodesize(target) } + if (targetCodeSize == 0) revert InvalidTarget(); if ( msg.sig == InitialETHCrowdfund.batchContributeFor.selector || msg.sig == SellPartyCardsAuthority.batchContributeFor.selector diff --git a/test/crowdfund/ContributionRouter.t.sol b/test/crowdfund/ContributionRouter.t.sol index 2b82aeaf2..fb6d7bc04 100644 --- a/test/crowdfund/ContributionRouter.t.sol +++ b/test/crowdfund/ContributionRouter.t.sol @@ -40,6 +40,22 @@ contract ContributionRouterTest is TestUtils { assertEq(address(router).balance, feeAmount); } + function test_invalidTarget() external { + MockPayableContract target = new MockPayableContract(); + uint256 amount = 1 ether; + vm.deal(address(this), amount); + //vm.expectRevert(ContributionRouter.InvalidTarget.selector); + (bool success, bytes memory res) = address(router).call{ value: amount }( + abi.encodePacked( + abi.encodeWithSelector(MockPayableContract.pay.selector), + target, + hex"1234" + ) + ); + assertEq(success, false); + assertEq(res, abi.encodePacked(ContributionRouter.InvalidTarget.selector)); + } + function test_fallback_insufficientFee() public { MockPayableContract target = new MockPayableContract(); uint256 amount = feePerMint - 1; From 6bbc004bc0a854e15080defa5a92de6271eb6405 Mon Sep 17 00:00:00 2001 From: Arr00 <13561405+arr00@users.noreply.github.com> Date: Wed, 7 Feb 2024 09:37:13 -0500 Subject: [PATCH 2/2] lint --- contracts/crowdfund/ContributionRouter.sol | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/contracts/crowdfund/ContributionRouter.sol b/contracts/crowdfund/ContributionRouter.sol index aaa5feb56..d92188752 100644 --- a/contracts/crowdfund/ContributionRouter.sol +++ b/contracts/crowdfund/ContributionRouter.sol @@ -80,7 +80,9 @@ contract ContributionRouter { target := shr(96, calldataload(sub(calldatasize(), 20))) targetCodeSize := extcodesize(target) } - if (targetCodeSize == 0) revert InvalidTarget(); + if (targetCodeSize == 0) { + revert InvalidTarget(); + } if ( msg.sig == InitialETHCrowdfund.batchContributeFor.selector || msg.sig == SellPartyCardsAuthority.batchContributeFor.selector