From 5590b29c2d443c9875119e0f60255b6886c8cb77 Mon Sep 17 00:00:00 2001 From: Victor Baranov Date: Wed, 22 Jan 2020 00:54:34 +0300 Subject: [PATCH] Fix bug in skipping of constructor arguments inn contract verification --- CHANGELOG.md | 1 + .../api/rpc/contract_controller_test.exs | 2 +- ...erified_smart_contract_controller_test.exs | 2 +- .../smart_contract/contract_with_lib.json | 13 ++++++ .../lib/explorer/smart_contract/verifier.ex | 5 +++ .../smart_contract/publisher_test.exs | 2 +- .../explorer/smart_contract/verifier_test.exs | 44 ++++++++++++++++++- .../smart_contract/contract_with_lib.json | 13 ++++++ 8 files changed, 77 insertions(+), 5 deletions(-) create mode 100644 apps/block_scout_web/test/support/fixture/smart_contract/contract_with_lib.json create mode 100644 apps/explorer/test/support/fixture/smart_contract/contract_with_lib.json diff --git a/CHANGELOG.md b/CHANGELOG.md index 81c3b028b8..328b70a62a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ - [#2918](https://github.com/poanetwork/blockscout/pull/2918) - Add tokenID for tokentx API action explicitly ### Fixes +- [#2964](https://github.com/poanetwork/blockscout/pull/2964) - Fix bug in skipping of constructor arguments in contract verification - [#2961](https://github.com/poanetwork/blockscout/pull/2961) - Add a guard that addresses is enum in `values` function in `read contract` page - [#2960](https://github.com/poanetwork/blockscout/pull/2960) - Add BLOCKSCOUT_HOST to docker setup - [#2956](https://github.com/poanetwork/blockscout/pull/2956) - Add support of 0.6.x version of compiler diff --git a/apps/block_scout_web/test/block_scout_web/controllers/api/rpc/contract_controller_test.exs b/apps/block_scout_web/test/block_scout_web/controllers/api/rpc/contract_controller_test.exs index 505520a2c0..b00d457426 100644 --- a/apps/block_scout_web/test/block_scout_web/controllers/api/rpc/contract_controller_test.exs +++ b/apps/block_scout_web/test/block_scout_web/controllers/api/rpc/contract_controller_test.exs @@ -647,7 +647,7 @@ defmodule BlockScoutWeb.API.RPC.ContractControllerTest do test "with external libraries", %{conn: conn} do contract_data = - "#{File.cwd!()}/test/support/fixture/smart_contract/compiler_tests.json" + "#{File.cwd!()}/test/support/fixture/smart_contract/contract_with_lib.json" |> File.read!() |> Jason.decode!() |> List.first() diff --git a/apps/block_scout_web/test/block_scout_web/controllers/api/v1/verified_smart_contract_controller_test.exs b/apps/block_scout_web/test/block_scout_web/controllers/api/v1/verified_smart_contract_controller_test.exs index 7e5d41e930..19dd22151a 100644 --- a/apps/block_scout_web/test/block_scout_web/controllers/api/v1/verified_smart_contract_controller_test.exs +++ b/apps/block_scout_web/test/block_scout_web/controllers/api/v1/verified_smart_contract_controller_test.exs @@ -28,7 +28,7 @@ defmodule BlockScoutWeb.API.V1.VerifiedControllerTest do test "verifying a smart contract with external libraries", %{conn: conn} do contract_data = - "#{File.cwd!()}/test/support/fixture/smart_contract/compiler_tests.json" + "#{File.cwd!()}/test/support/fixture/smart_contract/contract_with_lib.json" |> File.read!() |> Jason.decode!() |> List.first() diff --git a/apps/block_scout_web/test/support/fixture/smart_contract/contract_with_lib.json b/apps/block_scout_web/test/support/fixture/smart_contract/contract_with_lib.json new file mode 100644 index 0000000000..aba02b0ec4 --- /dev/null +++ b/apps/block_scout_web/test/support/fixture/smart_contract/contract_with_lib.json @@ -0,0 +1,13 @@ +[ + { + "compiler_version": "v0.5.11+commit.c082d0b4", + "contract": "pragma solidity 0.5.11;library BadSafeMath { function add(uint256 a, uint256 b) public pure returns (uint256) { uint256 c = a + 2 * b; require(c >= a, \"SafeMath: addition overflow\"); return c; }}contract SimpleStorage { uint256 storedData = 10; using BadSafeMath for uint256; function increment(uint256 x) public { storedData = storedData.add(x); } function set(uint256 x) public { storedData = x; } function get() public view returns (uint256) { return storedData; }}", + "expected_bytecode": "608060405234801561001057600080fd5b50600436106100415760003560e01c806360fe47b1146100465780636d4ce63c146100655780637cf5dab01461007f575b600080fd5b6100636004803603602081101561005c57600080fd5b503561009c565b005b61006d6100a1565b60408051918252519081900360200190f35b6100636004803603602081101561009557600080fd5b50356100a7565b600055565b60005490565b600054733662e222908fa35f013bee37695d0510098b6d7363771602f79091836040518363ffffffff1660e01b8152600401808381526020018281526020019250505060206040518083038186803b15801561010257600080fd5b505af4158015610116573d6000803e3d6000fd5b505050506040513d602081101561012c57600080fd5b50516000555056fea265627a7a723158203e59bfb9a5a2e55d38231922c86d8b2ec9b66cb2f6595613674bc4e15290b60764736f6c634300050b0032", + "external_libraries": { + "BadSafeMath": "0x3662e222908fa35f013bee37695d0510098b6d73" + }, + "name": "SimpleStorage", + "optimize": true + } + ] + \ No newline at end of file diff --git a/apps/explorer/lib/explorer/smart_contract/verifier.ex b/apps/explorer/lib/explorer/smart_contract/verifier.ex index 9b49dca97d..5eef57d64a 100644 --- a/apps/explorer/lib/explorer/smart_contract/verifier.ex +++ b/apps/explorer/lib/explorer/smart_contract/verifier.ex @@ -60,6 +60,7 @@ defmodule Explorer.SmartContract.Verifier do defp compare_bytecodes({:error, :name}, _, _, _), do: {:error, :name} defp compare_bytecodes({:error, _}, _, _, _), do: {:error, :compilation} + # credo:disable-for-next-line /Complexity/ defp compare_bytecodes( {:ok, %{"abi" => abi, "bytecode" => bytecode}}, address_hash, @@ -73,6 +74,7 @@ defmodule Explorer.SmartContract.Verifier do |> Chain.smart_contract_bytecode() blockchain_bytecode_without_whisper = extract_bytecode(blockchain_bytecode) + empty_constructor_arguments = arguments_data == "" or arguments_data == nil cond do generated_bytecode != blockchain_bytecode_without_whisper && @@ -88,6 +90,9 @@ defmodule Explorer.SmartContract.Verifier do {:error, :constructor_arguments} end + has_constructor_with_params?(abi) && empty_constructor_arguments -> + {:error, :constructor_arguments} + has_constructor_with_params?(abi) && !ConstructorArguments.verify(address_hash, blockchain_bytecode_without_whisper, arguments_data) -> {:error, :constructor_arguments} diff --git a/apps/explorer/test/explorer/smart_contract/publisher_test.exs b/apps/explorer/test/explorer/smart_contract/publisher_test.exs index 7a0d33fb45..79fbe55f63 100644 --- a/apps/explorer/test/explorer/smart_contract/publisher_test.exs +++ b/apps/explorer/test/explorer/smart_contract/publisher_test.exs @@ -131,7 +131,7 @@ defmodule Explorer.SmartContract.PublisherTest do test "validates and creates smart contract with external libraries" do contract_data = - "#{File.cwd!()}/test/support/fixture/smart_contract/compiler_tests.json" + "#{File.cwd!()}/test/support/fixture/smart_contract/contract_with_lib.json" |> File.read!() |> Jason.decode!() |> List.first() diff --git a/apps/explorer/test/explorer/smart_contract/verifier_test.exs b/apps/explorer/test/explorer/smart_contract/verifier_test.exs index 4cab8028c8..1fdbc2331b 100644 --- a/apps/explorer/test/explorer/smart_contract/verifier_test.exs +++ b/apps/explorer/test/explorer/smart_contract/verifier_test.exs @@ -30,7 +30,7 @@ defmodule Explorer.SmartContract.VerifierTest do test "verifies the generated bytecode with external libraries" do contract_data = - "#{File.cwd!()}/test/support/fixture/smart_contract/compiler_tests.json" + "#{File.cwd!()}/test/support/fixture/smart_contract/contract_with_lib.json" |> File.read!() |> Jason.decode!() |> List.first() @@ -113,8 +113,17 @@ defmodule Explorer.SmartContract.VerifierTest do bytecode = "0x60606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff168063256fec88146100545780633fa4f245146100a9578063812600df146100d2575b600080fd5b341561005f57600080fd5b6100676100f5565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34156100b457600080fd5b6100bc61011b565b6040518082815260200191505060405180910390f35b34156100dd57600080fd5b6100f36004808035906020019091905050610121565b005b600160009054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b60005481565b806000540160008190555033600160006101000a81548173ffffffffffffffffffffffffffffffffffffffff021916908373ffffffffffffffffffffffffffffffffffffffff1602179055505b505600a165627a7a72305820b81379d1ae9d8e0fde05ee02b8bd170f43f8bd3d54da8b7ec203434a23a298980029" + constructor_arguments = "000000000000000000000000000000000000000000000000000000000000000a" + contract_address = insert(:contract_address, contract_code: bytecode) + :transaction + |> insert( + created_contract_address_hash: contract_address.hash, + input: bytecode <> constructor_arguments + ) + |> with_block() + code = """ pragma solidity ^0.4.15; contract Incrementer { @@ -137,7 +146,8 @@ defmodule Explorer.SmartContract.VerifierTest do "compiler_version" => "v0.4.15+commit.bbb8e64f", "evm_version" => "homestead", "name" => "Incrementer", - "optimization" => false + "optimization" => false, + "constructor_arguments" => constructor_arguments } assert {:ok, %{abi: abi}} = Verifier.evaluate_authenticity(contract_address.hash, params) @@ -222,6 +232,36 @@ defmodule Explorer.SmartContract.VerifierTest do assert {:error, :generated_bytecode} = response end + test "returns error when contract has constructor arguments ut they were not provided" do + path = File.cwd!() <> "/test/support/fixture/smart_contract/solidity_0.5.9_smart_contract.sol" + contract = File.read!(path) + + constructor_arguments = "" + + bytecode = + "0x608060405234801561001057600080fd5b50600436106100a95760003560e01c80633177029f116100715780633177029f1461025f57806354fd4d50146102c557806370a082311461034857806395d89b41146103a0578063a9059cbb14610423578063dd62ed3e14610489576100a9565b806306fdde03146100ae578063095ea7b31461013157806318160ddd1461019757806323b872dd146101b5578063313ce5671461023b575b600080fd5b6100b6610501565b6040518080602001828103825283818151815260200191508051906020019080838360005b838110156100f65780820151818401526020810190506100db565b50505050905090810190601f1680156101235780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b61017d6004803603604081101561014757600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff1690602001909291908035906020019092919050505061059f565b604051808215151515815260200191505060405180910390f35b61019f610691565b6040518082815260200191505060405180910390f35b610221600480360360608110156101cb57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050610696565b604051808215151515815260200191505060405180910390f35b61024361090f565b604051808260ff1660ff16815260200191505060405180910390f35b6102ab6004803603604081101561027557600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050610922565b604051808215151515815260200191505060405180910390f35b6102cd610a14565b6040518080602001828103825283818151815260200191508051906020019080838360005b8381101561030d5780820151818401526020810190506102f2565b50505050905090810190601f16801561033a5780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b61038a6004803603602081101561035e57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610ab2565b6040518082815260200191505060405180910390f35b6103a8610afa565b6040518080602001828103825283818151815260200191508051906020019080838360005b838110156103e85780820151818401526020810190506103cd565b50505050905090810190601f1680156104155780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b61046f6004803603604081101561043957600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff16906020019092919080359060200190929190505050610b98565b604051808215151515815260200191505060405180910390f35b6104eb6004803603604081101561049f57600080fd5b81019080803573ffffffffffffffffffffffffffffffffffffffff169060200190929190803573ffffffffffffffffffffffffffffffffffffffff169060200190929190505050610cfe565b6040518082815260200191505060405180910390f35b60038054600181600116156101000203166002900480601f0160208091040260200160405190810160405280929190818152602001828054600181600116156101000203166002900480156105975780601f1061056c57610100808354040283529160200191610597565b820191906000526020600020905b81548152906001019060200180831161057a57829003601f168201915b505050505081565b600081600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055508273ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff167f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925846040518082815260200191505060405180910390a36001905092915050565b600090565b6000816000808673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205410158015610762575081600160008673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205410155b801561076e5750600082115b1561090357816000808573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008282540192505081905550816000808673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000206000828254039250508190555081600160008673ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825403925050819055508273ffffffffffffffffffffffffffffffffffffffff168473ffffffffffffffffffffffffffffffffffffffff167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a360019050610908565b600090505b9392505050565b600460009054906101000a900460ff1681565b600081600160003373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020819055508273ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff167f8c5be1e5ebec7d5bd14f71427d1e84f3dd0314c0f7b2291e5b200ac8c7c3b925846040518082815260200191505060405180910390a36001905092915050565b60068054600181600116156101000203166002900480601f016020809104026020016040519081016040528092919081815260200182805460018160011615610100020316600290048015610aaa5780601f10610a7f57610100808354040283529160200191610aaa565b820191906000526020600020905b815481529060010190602001808311610a8d57829003601f168201915b505050505081565b60008060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020549050919050565b60058054600181600116156101000203166002900480601f016020809104026020016040519081016040528092919081815260200182805460018160011615610100020316600290048015610b905780601f10610b6557610100808354040283529160200191610b90565b820191906000526020600020905b815481529060010190602001808311610b7357829003601f168201915b505050505081565b6000816000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205410158015610be85750600082115b15610cf357816000803373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008282540392505081905550816000808573ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff168152602001908152602001600020600082825401925050819055508273ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff167fddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef846040518082815260200191505060405180910390a360019050610cf8565b600090505b92915050565b6000600160008473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200190815260200160002060008373ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff1681526020019081526020016000205490509291505056fea265627a7a72305820fe0ba5210ac95870683c2cb054304b04565703bd16c7d7e956df694c9643c6d264736f6c63430005090032" + + contract_address = insert(:contract_address, contract_code: bytecode) + + :transaction + |> insert( + created_contract_address_hash: contract_address.hash, + input: bytecode <> constructor_arguments + ) + |> with_block() + + params = %{ + "contract_source_code" => contract, + "compiler_version" => "v0.5.9+commit.e560f70d", + "evm_version" => "petersburg", + "name" => "TestToken", + "optimization" => false, + "constructor_arguments" => constructor_arguments + } + + assert {:error, :generated_bytecode} = Verifier.evaluate_authenticity(contract_address.hash, params) + end + test "returns error when there is a compilation problem", %{contract_code_info: contract_code_info} do contract_address = insert(:contract_address, contract_code: contract_code_info.bytecode) diff --git a/apps/explorer/test/support/fixture/smart_contract/contract_with_lib.json b/apps/explorer/test/support/fixture/smart_contract/contract_with_lib.json new file mode 100644 index 0000000000..aba02b0ec4 --- /dev/null +++ b/apps/explorer/test/support/fixture/smart_contract/contract_with_lib.json @@ -0,0 +1,13 @@ +[ + { + "compiler_version": "v0.5.11+commit.c082d0b4", + "contract": "pragma solidity 0.5.11;library BadSafeMath { function add(uint256 a, uint256 b) public pure returns (uint256) { uint256 c = a + 2 * b; require(c >= a, \"SafeMath: addition overflow\"); return c; }}contract SimpleStorage { uint256 storedData = 10; using BadSafeMath for uint256; function increment(uint256 x) public { storedData = storedData.add(x); } function set(uint256 x) public { storedData = x; } function get() public view returns (uint256) { return storedData; }}", + "expected_bytecode": "608060405234801561001057600080fd5b50600436106100415760003560e01c806360fe47b1146100465780636d4ce63c146100655780637cf5dab01461007f575b600080fd5b6100636004803603602081101561005c57600080fd5b503561009c565b005b61006d6100a1565b60408051918252519081900360200190f35b6100636004803603602081101561009557600080fd5b50356100a7565b600055565b60005490565b600054733662e222908fa35f013bee37695d0510098b6d7363771602f79091836040518363ffffffff1660e01b8152600401808381526020018281526020019250505060206040518083038186803b15801561010257600080fd5b505af4158015610116573d6000803e3d6000fd5b505050506040513d602081101561012c57600080fd5b50516000555056fea265627a7a723158203e59bfb9a5a2e55d38231922c86d8b2ec9b66cb2f6595613674bc4e15290b60764736f6c634300050b0032", + "external_libraries": { + "BadSafeMath": "0x3662e222908fa35f013bee37695d0510098b6d73" + }, + "name": "SimpleStorage", + "optimize": true + } + ] + \ No newline at end of file