Skip to content

Instantly share code, notes, and snippets.

@maurelian

maurelian/SpankChainHack.sol

Last active October 12, 2018 03:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save maurelian/ab9b4e0c089870a2bc36b47ca5ae3a56 to your computer and use it in GitHub Desktop.
Save maurelian/ab9b4e0c089870a2bc36b47ca5ae3a56 to your computer and use it in GitHub Desktop.
Download ZIP
ctrl+f for 'Hack Note' for a few annotations of red flags
Raw
SpankChainHack.sol
// Taken from https://etherscan.io/address/0xf91546835f756da0c10cfa0cda95b15577b84aa7#code
// Story: https://medium.com/spankchain/we-got-spanked-what-we-know-so-far-d5ed3a0f38fe
// Newsletter: https://tinyletter.com/smart-contract-security/archive
pragma solidity ^0.4.23;
// produced by the Solididy File Flattener (c) David Appleton 2018
// contact : dave@akomba.com
// released under Apache 2.0 licence
contract Token {
/* This is a slight change to the ERC20 base standard.
function totalSupply() constant returns (uint256 supply);
is replaced with:
uint256 public totalSupply;
This automatically creates a getter function for the totalSupply.
This is moved to the base contract since public getter functions are not
currently recognised as an implementation of the matching abstract
function by the compiler.
*/
/// total amount of tokens
uint256 public totalSupply;
/// @param _owner The address from which the balance will be retrieved
/// @return The balance
function balanceOf(address _owner) public constant returns (uint256 balance);
/// @notice send `_value` token to `_to` from `msg.sender`
/// @param _to The address of the recipient
/// @param _value The amount of token to be transferred
/// @return Whether the transfer was successful or not
function transfer(address _to, uint256 _value) public returns (bool success);
/// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from`
/// @param _from The address of the sender
/// @param _to The address of the recipient
/// @param _value The amount of token to be transferred
/// @return Whether the transfer was successful or not
function transferFrom(address _from, address _to, uint256 _value) public returns (bool success);
/// @notice `msg.sender` approves `_spender` to spend `_value` tokens
/// @param _spender The address of the account able to transfer the tokens
/// @param _value The amount of tokens to be approved for transfer
/// @return Whether the approval was successful or not
function approve(address _spender, uint256 _value) public returns (bool success);
/// @param _owner The address of the account owning tokens
/// @param _spender The address of the account able to transfer the tokens
/// @return Amount of remaining tokens allowed to spent
function allowance(address _owner, address _spender) public constant returns (uint256 remaining);
event Transfer(address indexed _from, address indexed _to, uint256 _value);
event Approval(address indexed _owner, address indexed _spender, uint256 _value);
}
library ECTools {
// @dev Recovers the address which has signed a message
// @thanks https://gist.github.com/axic/5b33912c6f61ae6fd96d6c4a47afde6d
function recoverSigner(bytes32 _hashedMsg, string _sig) public pure returns (address) {
require(_hashedMsg != 0x00);
// need this for test RPC
bytes memory prefix = "\x19Ethereum Signed Message:\n32";
bytes32 prefixedHash = keccak256(abi.encodePacked(prefix, _hashedMsg));
if (bytes(_sig).length != 132) {
return 0x0;
}
bytes32 r;
bytes32 s;
uint8 v;
bytes memory sig = hexstrToBytes(substring(_sig, 2, 132));
assembly {
r := mload(add(sig, 32))
s := mload(add(sig, 64))
v := byte(0, mload(add(sig, 96)))
}
if (v < 27) {
v += 27;
}
if (v < 27 || v > 28) {
return 0x0;
}
return ecrecover(prefixedHash, v, r, s);
}
// @dev Verifies if the message is signed by an address
function isSignedBy(bytes32 _hashedMsg, string _sig, address _addr) public pure returns (bool) {
require(_addr != 0x0);
return _addr == recoverSigner(_hashedMsg, _sig);
}
// @dev Converts an hexstring to bytes
function hexstrToBytes(string _hexstr) public pure returns (bytes) {
uint len = bytes(_hexstr).length;
require(len % 2 == 0);
bytes memory bstr = bytes(new string(len / 2));
uint k = 0;
string memory s;
string memory r;
for (uint i = 0; i < len; i += 2) {
s = substring(_hexstr, i, i + 1);
r = substring(_hexstr, i + 1, i + 2);
uint p = parseInt16Char(s) * 16 + parseInt16Char(r);
bstr[k++] = uintToBytes32(p)[31];
}
return bstr;
}
// @dev Parses a hexchar, like 'a', and returns its hex value, in this case 10
function parseInt16Char(string _char) public pure returns (uint) {
bytes memory bresult = bytes(_char);
// bool decimals = false;
if ((bresult[0] >= 48) && (bresult[0] <= 57)) {
return uint(bresult[0]) - 48;
} else if ((bresult[0] >= 65) && (bresult[0] <= 70)) {
return uint(bresult[0]) - 55;
} else if ((bresult[0] >= 97) && (bresult[0] <= 102)) {
return uint(bresult[0]) - 87;
} else {
revert();
}
}
// @dev Converts a uint to a bytes32
// @thanks https://ethereum.stackexchange.com/questions/4170/how-to-convert-a-uint-to-bytes-in-solidity
function uintToBytes32(uint _uint) public pure returns (bytes b) {
b = new bytes(32);
assembly {mstore(add(b, 32), _uint)}
}
// @dev Hashes the signed message
// @ref https://github.com/ethereum/go-ethereum/issues/3731#issuecomment-293866868
function toEthereumSignedMessage(string _msg) public pure returns (bytes32) {
uint len = bytes(_msg).length;
require(len > 0);
bytes memory prefix = "\x19Ethereum Signed Message:\n";
return keccak256(abi.encodePacked(prefix, uintToString(len), _msg));
}
// @dev Converts a uint in a string
function uintToString(uint _uint) public pure returns (string str) {
uint len = 0;
uint m = _uint + 0;
while (m != 0) {
len++;
m /= 10;
}
bytes memory b = new bytes(len);
uint i = len - 1;
while (_uint != 0) {
uint remainder = _uint % 10;
_uint = _uint / 10;
b[i--] = byte(48 + remainder);
}
str = string(b);
}
// @dev extract a substring
// @thanks https://ethereum.stackexchange.com/questions/31457/substring-in-solidity
function substring(string _str, uint _startIndex, uint _endIndex) public pure returns (string) {
bytes memory strBytes = bytes(_str);
require(_startIndex <= _endIndex);
require(_startIndex >= 0);
require(_endIndex <= strBytes.length);
bytes memory result = new bytes(_endIndex - _startIndex);
for (uint i = _startIndex; i < _endIndex; i++) {
result[i - _startIndex] = strBytes[i];
}
return string(result);
}
}
contract StandardToken is Token {
function transfer(address _to, uint256 _value) public returns (bool success) {
//Default assumes totalSupply can't be over max (2^256 - 1).
//If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap.
//Replace the if with this one instead.
//require(balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]);
require(balances[msg.sender] >= _value);
balances[msg.sender] -= _value;
balances[_to] += _value;
emit Transfer(msg.sender, _to, _value);
return true;
}
function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) {
//same as above. Replace this line with the following if you want to protect against wrapping uints.
//require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]);
require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value);
balances[_to] += _value;
balances[_from] -= _value;
allowed[_from][msg.sender] -= _value;
emit Transfer(_from, _to, _value);
return true;
}
function balanceOf(address _owner) public constant returns (uint256 balance) {
return balances[_owner];
}
function approve(address _spender, uint256 _value) public returns (bool success) {
allowed[msg.sender][_spender] = _value;
emit Approval(msg.sender, _spender, _value);
return true;
}
function allowance(address _owner, address _spender) public constant returns (uint256 remaining) {
return allowed[_owner][_spender];
}
mapping (address => uint256) balances;
mapping (address => mapping (address => uint256)) allowed;
}
contract HumanStandardToken is StandardToken {
/* Public variables of the token */
/*
NOTE:
The following variables are OPTIONAL vanities. One does not have to include them.
They allow one to customise the token contract & in no way influences the core functionality.
Some wallets/interfaces might not even bother to look at this information.
*/
string public name; //fancy name: eg Simon Bucks
uint8 public decimals; //How many decimals to show. ie. There could 1000 base units with 3 decimals. Meaning 0.980 SBX = 980 base units. It's like comparing 1 wei to 1 ether.
string public symbol; //An identifier: eg SBX
string public version = 'H0.1'; //human 0.1 standard. Just an arbitrary versioning scheme.
constructor(
uint256 _initialAmount,
string _tokenName,
uint8 _decimalUnits,
string _tokenSymbol
) public {
balances[msg.sender] = _initialAmount; // Give the creator all initial tokens
totalSupply = _initialAmount; // Update total supply
name = _tokenName; // Set the name for display purposes
decimals = _decimalUnits; // Amount of decimals for display purposes
symbol = _tokenSymbol; // Set the symbol for display purposes
}
/* Approves and then calls the receiving contract */
function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) {
allowed[msg.sender][_spender] = _value;
emit Approval(msg.sender, _spender, _value);
//call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this.
//receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData)
//it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead.
require(_spender.call(bytes4(bytes32(keccak256("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData));
return true;
}
}
contract LedgerChannel {
string public constant NAME = "Ledger Channel";
string public constant VERSION = "0.0.1";
uint256 public numChannels = 0;
event DidLCOpen (
bytes32 indexed channelId,
address indexed partyA,
address indexed partyI,
uint256 ethBalanceA,
address token,
uint256 tokenBalanceA,
uint256 LCopenTimeout
);
event DidLCJoin (
bytes32 indexed channelId,
uint256 ethBalanceI,
uint256 tokenBalanceI
);
event DidLCDeposit (
bytes32 indexed channelId,
address indexed recipient,
uint256 deposit,
bool isToken
);
event DidLCUpdateState (
bytes32 indexed channelId,
uint256 sequence,
uint256 numOpenVc,
uint256 ethBalanceA,
uint256 tokenBalanceA,
uint256 ethBalanceI,
uint256 tokenBalanceI,
bytes32 vcRoot,
uint256 updateLCtimeout
);
event DidLCClose (
bytes32 indexed channelId,
uint256 sequence,
uint256 ethBalanceA,
uint256 tokenBalanceA,
uint256 ethBalanceI,
uint256 tokenBalanceI
);
event DidVCInit (
bytes32 indexed lcId,
bytes32 indexed vcId,
bytes proof,
uint256 sequence,
address partyA,
address partyB,
uint256 balanceA,
uint256 balanceB
);
event DidVCSettle (
bytes32 indexed lcId,
bytes32 indexed vcId,
uint256 updateSeq,
uint256 updateBalA,
uint256 updateBalB,
address challenger,
uint256 updateVCtimeout
);
event DidVCClose(
bytes32 indexed lcId,
bytes32 indexed vcId,
uint256 balanceA,
uint256 balanceB
);
struct Channel {
//TODO: figure out if it's better just to split arrays by balances/deposits instead of eth/erc20
address[2] partyAddresses; // 0: partyA 1: partyI
uint256[4] ethBalances; // 0: balanceA 1:balanceI 2:depositedA 3:depositedI
uint256[4] erc20Balances; // 0: balanceA 1:balanceI 2:depositedA 3:depositedI
uint256[2] initialDeposit; // 0: eth 1: tokens
uint256 sequence;
uint256 confirmTime;
bytes32 VCrootHash;
uint256 LCopenTimeout;
uint256 updateLCtimeout; // when update LC times out
bool isOpen; // true when both parties have joined
bool isUpdateLCSettling;
uint256 numOpenVC;
HumanStandardToken token;
}
// virtual-channel state
struct VirtualChannel {
bool isClose;
bool isInSettlementState;
uint256 sequence;
address challenger; // Initiator of challenge
uint256 updateVCtimeout; // when update VC times out
// channel state
address partyA; // VC participant A
address partyB; // VC participant B
address partyI; // LC hub
uint256[2] ethBalances;
uint256[2] erc20Balances;
uint256[2] bond;
HumanStandardToken token;
}
mapping(bytes32 => VirtualChannel) public virtualChannels;
mapping(bytes32 => Channel) public Channels;
function createChannel(
bytes32 _lcID,
address _partyI,
uint256 _confirmTime,
address _token, // Hack Note: user provided `address` input
uint256[2] _balances // [eth, token]
)
public
payable
{
require(Channels[_lcID].partyAddresses[0] == address(0), "Channel has already been created.");
require(_partyI != 0x0, "No partyI address provided to LC creation");
require(_balances[0] >= 0 && _balances[1] >= 0, "Balances cannot be negative");
// Set initial ledger channel state
// Alice must execute this and we assume the initial state
// to be signed from this requirement
// Alternative is to check a sig as in joinChannel
Channels[_lcID].partyAddresses[0] = msg.sender;
Channels[_lcID].partyAddresses[1] = _partyI;
if(_balances[0] != 0) {
require(msg.value == _balances[0], "Eth balance does not match sent value");
Channels[_lcID].ethBalances[0] = msg.value;
}
if(_balances[1] != 0) {
Channels[_lcID].token = HumanStandardToken(_token); // Hack Note: cool, if the user say it's a token, it must be a token.
require(Channels[_lcID].token.transferFrom(msg.sender, this, _balances[1]),"CreateChannel: token transfer failure");
Channels[_lcID].erc20Balances[0] = _balances[1];
}
Channels[_lcID].sequence = 0;
Channels[_lcID].confirmTime = _confirmTime;
// is close flag, lc state sequence, number open vc, vc root hash, partyA...
//Channels[_lcID].stateHash = keccak256(uint256(0), uint256(0), uint256(0), bytes32(0x0), bytes32(msg.sender), bytes32(_partyI), balanceA, balanceI);
Channels[_lcID].LCopenTimeout = now + _confirmTime;
Channels[_lcID].initialDeposit = _balances;
emit DidLCOpen(_lcID, msg.sender, _partyI, _balances[0], _token, _balances[1], Channels[_lcID].LCopenTimeout);
}
function LCOpenTimeout(bytes32 _lcID) public {
require(msg.sender == Channels[_lcID].partyAddresses[0] && Channels[_lcID].isOpen == false);
require(now > Channels[_lcID].LCopenTimeout);
if(Channels[_lcID].initialDeposit[0] != 0) {
Channels[_lcID].partyAddresses[0].transfer(Channels[_lcID].ethBalances[0]);
}
if(Channels[_lcID].initialDeposit[1] != 0) {
require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[0], Channels[_lcID].erc20Balances[0]),"CreateChannel: token transfer failure");
}
emit DidLCClose(_lcID, 0, Channels[_lcID].ethBalances[0], Channels[_lcID].erc20Balances[0], 0, 0);
// only safe to delete since no action was taken on this channel
delete Channels[_lcID];
}
function joinChannel(bytes32 _lcID, uint256[2] _balances) public payable {
// require the channel is not open yet
require(Channels[_lcID].isOpen == false);
require(msg.sender == Channels[_lcID].partyAddresses[1]);
if(_balances[0] != 0) {
require(msg.value == _balances[0], "state balance does not match sent value");
Channels[_lcID].ethBalances[1] = msg.value;
}
if(_balances[1] != 0) {
// Hack Note: External call here
require(Channels[_lcID].token.transferFrom(msg.sender, this, _balances[1]),"joinChannel: token transfer failure");
Channels[_lcID].erc20Balances[1] = _balances[1];
}
// Hack note: State change here :(
Channels[_lcID].initialDeposit[0]+=_balances[0];
Channels[_lcID].initialDeposit[1]+=_balances[1];
// no longer allow joining functions to be called
Channels[_lcID].isOpen = true;
numChannels++;
emit DidLCJoin(_lcID, _balances[0], _balances[1]);
}
// additive updates of monetary state
// TODO check this for attack vectors // Hack Note: (╯°□°)╯︵ ┻━┻
function deposit(bytes32 _lcID, address recipient, uint256 _balance, bool isToken) public payable {
require(Channels[_lcID].isOpen == true, "Tried adding funds to a closed channel");
require(recipient == Channels[_lcID].partyAddresses[0] || recipient == Channels[_lcID].partyAddresses[1]);
//if(Channels[_lcID].token)
if (Channels[_lcID].partyAddresses[0] == recipient) {
if(isToken) {
// Hack Note: external call to user provided address, immediately followed by a state change
// See: https://consensys.github.io/smart-contract-best-practices/recommendations/#avoid-state-changes-after-external-calls
require(Channels[_lcID].token.transferFrom(msg.sender, this, _balance),"deposit: token transfer failure");
Channels[_lcID].erc20Balances[2] += _balance;
} else {
require(msg.value == _balance, "state balance does not match sent value");
Channels[_lcID].ethBalances[2] += msg.value;
}
}
if (Channels[_lcID].partyAddresses[1] == recipient) {
if(isToken) {
require(Channels[_lcID].token.transferFrom(msg.sender, this, _balance),"deposit: token transfer failure");
Channels[_lcID].erc20Balances[3] += _balance;
} else {
require(msg.value == _balance, "state balance does not match sent value");
Channels[_lcID].ethBalances[3] += msg.value;
}
}
emit DidLCDeposit(_lcID, recipient, _balance, isToken);
}
// TODO: Check there are no open virtual channels, the client should have cought this before signing a close LC state update
function consensusCloseChannel(
bytes32 _lcID,
uint256 _sequence,
uint256[4] _balances, // 0: ethBalanceA 1:ethBalanceI 2:tokenBalanceA 3:tokenBalanceI
string _sigA,
string _sigI
)
public
{
// assume num open vc is 0 and root hash is 0x0
//require(Channels[_lcID].sequence < _sequence);
require(Channels[_lcID].isOpen == true);
uint256 totalEthDeposit = Channels[_lcID].initialDeposit[0] + Channels[_lcID].ethBalances[2] + Channels[_lcID].ethBalances[3];
uint256 totalTokenDeposit = Channels[_lcID].initialDeposit[1] + Channels[_lcID].erc20Balances[2] + Channels[_lcID].erc20Balances[3];
require(totalEthDeposit == _balances[0] + _balances[1]);
require(totalTokenDeposit == _balances[2] + _balances[3]);
bytes32 _state = keccak256(
abi.encodePacked(
_lcID,
true,
_sequence,
uint256(0),
bytes32(0x0),
Channels[_lcID].partyAddresses[0],
Channels[_lcID].partyAddresses[1],
_balances[0],
_balances[1],
_balances[2],
_balances[3]
)
);
require(Channels[_lcID].partyAddresses[0] == ECTools.recoverSigner(_state, _sigA));
require(Channels[_lcID].partyAddresses[1] == ECTools.recoverSigner(_state, _sigI));
Channels[_lcID].isOpen = false;
if(_balances[0] != 0 || _balances[1] != 0) {
Channels[_lcID].partyAddresses[0].transfer(_balances[0]);
Channels[_lcID].partyAddresses[1].transfer(_balances[1]);
}
if(_balances[2] != 0 || _balances[3] != 0) {
require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[0], _balances[2]),"happyCloseChannel: token transfer failure");
require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[1], _balances[3]),"happyCloseChannel: token transfer failure");
}
numChannels--;
emit DidLCClose(_lcID, _sequence, _balances[0], _balances[1], _balances[2], _balances[3]);
}
// Byzantine functions
function updateLCstate(
bytes32 _lcID,
uint256[6] updateParams, // [sequence, numOpenVc, ethbalanceA, ethbalanceI, tokenbalanceA, tokenbalanceI]
bytes32 _VCroot,
string _sigA,
string _sigI
)
public
{
Channel storage channel = Channels[_lcID];
require(channel.isOpen);
require(channel.sequence < updateParams[0]); // do same as vc sequence check
require(channel.ethBalances[0] + channel.ethBalances[1] >= updateParams[2] + updateParams[3]);
require(channel.erc20Balances[0] + channel.erc20Balances[1] >= updateParams[4] + updateParams[5]);
if(channel.isUpdateLCSettling == true) {
require(channel.updateLCtimeout > now);
}
bytes32 _state = keccak256(
abi.encodePacked(
_lcID,
false,
updateParams[0],
updateParams[1],
_VCroot,
channel.partyAddresses[0],
channel.partyAddresses[1],
updateParams[2],
updateParams[3],
updateParams[4],
updateParams[5]
)
);
require(channel.partyAddresses[0] == ECTools.recoverSigner(_state, _sigA));
require(channel.partyAddresses[1] == ECTools.recoverSigner(_state, _sigI));
// update LC state
channel.sequence = updateParams[0];
channel.numOpenVC = updateParams[1];
channel.ethBalances[0] = updateParams[2];
channel.ethBalances[1] = updateParams[3];
channel.erc20Balances[0] = updateParams[4];
channel.erc20Balances[1] = updateParams[5];
channel.VCrootHash = _VCroot;
channel.isUpdateLCSettling = true;
channel.updateLCtimeout = now + channel.confirmTime;
// make settlement flag
emit DidLCUpdateState (
_lcID,
updateParams[0],
updateParams[1],
updateParams[2],
updateParams[3],
updateParams[4],
updateParams[5],
_VCroot,
channel.updateLCtimeout
);
}
// supply initial state of VC to "prime" the force push game
function initVCstate(
bytes32 _lcID,
bytes32 _vcID,
bytes _proof,
address _partyA,
address _partyB,
uint256[2] _bond,
uint256[4] _balances, // 0: ethBalanceA 1:ethBalanceI 2:tokenBalanceA 3:tokenBalanceI
string sigA
)
public
{
require(Channels[_lcID].isOpen, "LC is closed.");
// sub-channel must be open
require(!virtualChannels[_vcID].isClose, "VC is closed.");
// Check time has passed on updateLCtimeout and has not passed the time to store a vc state
require(Channels[_lcID].updateLCtimeout < now, "LC timeout not over.");
// prevent rentry of initializing vc state
require(virtualChannels[_vcID].updateVCtimeout == 0);
// partyB is now Ingrid
bytes32 _initState = keccak256(
abi.encodePacked(_vcID, uint256(0), _partyA, _partyB, _bond[0], _bond[1], _balances[0], _balances[1], _balances[2], _balances[3])
);
// Make sure Alice has signed initial vc state (A/B in oldState)
require(_partyA == ECTools.recoverSigner(_initState, sigA));
// Check the oldState is in the root hash
require(_isContained(_initState, _proof, Channels[_lcID].VCrootHash) == true);
virtualChannels[_vcID].partyA = _partyA; // VC participant A
virtualChannels[_vcID].partyB = _partyB; // VC participant B
virtualChannels[_vcID].sequence = uint256(0);
virtualChannels[_vcID].ethBalances[0] = _balances[0];
virtualChannels[_vcID].ethBalances[1] = _balances[1];
virtualChannels[_vcID].erc20Balances[0] = _balances[2];
virtualChannels[_vcID].erc20Balances[1] = _balances[3];
virtualChannels[_vcID].bond = _bond;
virtualChannels[_vcID].updateVCtimeout = now + Channels[_lcID].confirmTime;
virtualChannels[_vcID].isInSettlementState = true;
emit DidVCInit(_lcID, _vcID, _proof, uint256(0), _partyA, _partyB, _balances[0], _balances[1]);
}
//TODO: verify state transition since the hub did not agree to this state
// make sure the A/B balances are not beyond ingrids bonds
// Params: vc init state, vc final balance, vcID
function settleVC(
bytes32 _lcID,
bytes32 _vcID,
uint256 updateSeq,
address _partyA,
address _partyB,
uint256[4] updateBal, // [ethupdateBalA, ethupdateBalB, tokenupdateBalA, tokenupdateBalB]
string sigA
)
public
{
require(Channels[_lcID].isOpen, "LC is closed.");
// sub-channel must be open
require(!virtualChannels[_vcID].isClose, "VC is closed.");
require(virtualChannels[_vcID].sequence < updateSeq, "VC sequence is higher than update sequence.");
require(
virtualChannels[_vcID].ethBalances[1] < updateBal[1] && virtualChannels[_vcID].erc20Balances[1] < updateBal[3],
"State updates may only increase recipient balance."
);
require(
virtualChannels[_vcID].bond[0] == updateBal[0] + updateBal[1] &&
virtualChannels[_vcID].bond[1] == updateBal[2] + updateBal[3],
"Incorrect balances for bonded amount");
// Check time has passed on updateLCtimeout and has not passed the time to store a vc state
// virtualChannels[_vcID].updateVCtimeout should be 0 on uninitialized vc state, and this should
// fail if initVC() isn't called first
// require(Channels[_lcID].updateLCtimeout < now && now < virtualChannels[_vcID].updateVCtimeout);
require(Channels[_lcID].updateLCtimeout < now); // for testing!
bytes32 _updateState = keccak256(
abi.encodePacked(
_vcID,
updateSeq,
_partyA,
_partyB,
virtualChannels[_vcID].bond[0],
virtualChannels[_vcID].bond[1],
updateBal[0],
updateBal[1],
updateBal[2],
updateBal[3]
)
);
// Make sure Alice has signed a higher sequence new state
require(virtualChannels[_vcID].partyA == ECTools.recoverSigner(_updateState, sigA));
// store VC data
// we may want to record who is initiating on-chain settles
virtualChannels[_vcID].challenger = msg.sender;
virtualChannels[_vcID].sequence = updateSeq;
// channel state
virtualChannels[_vcID].ethBalances[0] = updateBal[0];
virtualChannels[_vcID].ethBalances[1] = updateBal[1];
virtualChannels[_vcID].erc20Balances[0] = updateBal[2];
virtualChannels[_vcID].erc20Balances[1] = updateBal[3];
virtualChannels[_vcID].updateVCtimeout = now + Channels[_lcID].confirmTime;
emit DidVCSettle(_lcID, _vcID, updateSeq, updateBal[0], updateBal[1], msg.sender, virtualChannels[_vcID].updateVCtimeout);
}
function closeVirtualChannel(bytes32 _lcID, bytes32 _vcID) public {
// require(updateLCtimeout > now)
require(Channels[_lcID].isOpen, "LC is closed.");
require(virtualChannels[_vcID].isInSettlementState, "VC is not in settlement state.");
require(virtualChannels[_vcID].updateVCtimeout < now, "Update vc timeout has not elapsed.");
require(!virtualChannels[_vcID].isClose, "VC is already closed");
// reduce the number of open virtual channels stored on LC
Channels[_lcID].numOpenVC--;
// close vc flags
virtualChannels[_vcID].isClose = true;
// re-introduce the balances back into the LC state from the settled VC
// decide if this lc is alice or bob in the vc
if(virtualChannels[_vcID].partyA == Channels[_lcID].partyAddresses[0]) {
Channels[_lcID].ethBalances[0] += virtualChannels[_vcID].ethBalances[0];
Channels[_lcID].ethBalances[1] += virtualChannels[_vcID].ethBalances[1];
Channels[_lcID].erc20Balances[0] += virtualChannels[_vcID].erc20Balances[0];
Channels[_lcID].erc20Balances[1] += virtualChannels[_vcID].erc20Balances[1];
} else if (virtualChannels[_vcID].partyB == Channels[_lcID].partyAddresses[0]) {
Channels[_lcID].ethBalances[0] += virtualChannels[_vcID].ethBalances[1];
Channels[_lcID].ethBalances[1] += virtualChannels[_vcID].ethBalances[0];
Channels[_lcID].erc20Balances[0] += virtualChannels[_vcID].erc20Balances[1];
Channels[_lcID].erc20Balances[1] += virtualChannels[_vcID].erc20Balances[0];
}
emit DidVCClose(_lcID, _vcID, virtualChannels[_vcID].erc20Balances[0], virtualChannels[_vcID].erc20Balances[1]);
}
// todo: allow ethier lc.end-user to nullify the settled LC state and return to off-chain
function byzantineCloseChannel(bytes32 _lcID) public {
Channel storage channel = Channels[_lcID];
// check settlement flag
require(channel.isOpen, "Channel is not open");
require(channel.isUpdateLCSettling == true);
require(channel.numOpenVC == 0);
require(channel.updateLCtimeout < now, "LC timeout over.");
// if off chain state update didnt reblance deposits, just return to deposit owner
uint256 totalEthDeposit = channel.initialDeposit[0] + channel.ethBalances[2] + channel.ethBalances[3];
uint256 totalTokenDeposit = channel.initialDeposit[1] + channel.erc20Balances[2] + channel.erc20Balances[3];
uint256 possibleTotalEthBeforeDeposit = channel.ethBalances[0] + channel.ethBalances[1];
uint256 possibleTotalTokenBeforeDeposit = channel.erc20Balances[0] + channel.erc20Balances[1];
if(possibleTotalEthBeforeDeposit < totalEthDeposit) {
channel.ethBalances[0]+=channel.ethBalances[2];
channel.ethBalances[1]+=channel.ethBalances[3];
} else {
require(possibleTotalEthBeforeDeposit == totalEthDeposit);
}
if(possibleTotalTokenBeforeDeposit < totalTokenDeposit) {
channel.erc20Balances[0]+=channel.erc20Balances[2];
channel.erc20Balances[1]+=channel.erc20Balances[3];
} else {
require(possibleTotalTokenBeforeDeposit == totalTokenDeposit);
}
// reentrancy
uint256 ethbalanceA = channel.ethBalances[0];
uint256 ethbalanceI = channel.ethBalances[1];
uint256 tokenbalanceA = channel.erc20Balances[0];
uint256 tokenbalanceI = channel.erc20Balances[1];
channel.ethBalances[0] = 0;
channel.ethBalances[1] = 0;
channel.erc20Balances[0] = 0;
channel.erc20Balances[1] = 0;
if(ethbalanceA != 0 || ethbalanceI != 0) {
channel.partyAddresses[0].transfer(ethbalanceA);
channel.partyAddresses[1].transfer(ethbalanceI);
}
if(tokenbalanceA != 0 || tokenbalanceI != 0) {
require(
channel.token.transfer(channel.partyAddresses[0], tokenbalanceA),
"byzantineCloseChannel: token transfer failure"
);
require(
channel.token.transfer(channel.partyAddresses[1], tokenbalanceI),
"byzantineCloseChannel: token transfer failure"
);
}
channel.isOpen = false;
numChannels--;
emit DidLCClose(_lcID, channel.sequence, ethbalanceA, ethbalanceI, tokenbalanceA, tokenbalanceI);
}
function _isContained(bytes32 _hash, bytes _proof, bytes32 _root) internal pure returns (bool) {
bytes32 cursor = _hash;
bytes32 proofElem;
for (uint256 i = 64; i <= _proof.length; i += 32) {
assembly { proofElem := mload(add(_proof, i)) }
if (cursor < proofElem) {
cursor = keccak256(abi.encodePacked(cursor, proofElem));
} else {
cursor = keccak256(abi.encodePacked(proofElem, cursor));
}
}
return cursor == _root;
}
//Struct Getters
function getChannel(bytes32 id) public view returns (
address[2],
uint256[4],
uint256[4],
uint256[2],
uint256,
uint256,
bytes32,
uint256,
uint256,
bool,
bool,
uint256
) {
Channel memory channel = Channels[id];
return (
channel.partyAddresses,
channel.ethBalances,
channel.erc20Balances,
channel.initialDeposit,
channel.sequence,
channel.confirmTime,
channel.VCrootHash,
channel.LCopenTimeout,
channel.updateLCtimeout,
channel.isOpen,
channel.isUpdateLCSettling,
channel.numOpenVC
);
}
function getVirtualChannel(bytes32 id) public view returns(
bool,
bool,
uint256,
address,
uint256,
address,
address,
address,
uint256[2],
uint256[2],
uint256[2]
) {
VirtualChannel memory virtualChannel = virtualChannels[id];
return(
virtualChannel.isClose,
virtualChannel.isInSettlementState,
virtualChannel.sequence,
virtualChannel.challenger,
virtualChannel.updateVCtimeout,
virtualChannel.partyA,
virtualChannel.partyB,
virtualChannel.partyI,
virtualChannel.ethBalances,
virtualChannel.erc20Balances,
virtualChannel.bond
);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment