Merge pull request #72 from multiversx/signature-fix-growth-program

fix signature replay issue

growth-program/output/growth-program.abi.json

@@ -10,7 +10,7 @@
         "contractCrate": {
             "name": "growth-program",
             "version": "0.0.0",
-            "gitVersion": "v1.0.2-179-g5cb95cc"
+            "gitVersion": "v1.0.2-190-g05a3ba5"
         },
         "framework": {
             "name": "multiversx-sc",
@@ -539,6 +539,16 @@
             ],
             "outputs": []
         },
+        {
+            "name": "getSignaturePrefix",
+            "mutability": "readonly",
+            "inputs": [],
+            "outputs": [
+                {
+                    "type": "bytes"
+                }
+            ]
+        },
         {
             "docs": [
                 "Week starts from 1"

growth-program/output/growth-program.imports.json

@@ -31,6 +31,7 @@
   "mBufferGetLength",
   "mBufferNew",
   "mBufferSetBytes",
+  "mBufferSetRandom",
   "mBufferStorageLoad",
   "mBufferStorageLoadFromAddress",
   "mBufferStorageStore",

growth-program/src/lib.rs

@@ -19,8 +19,6 @@ pub const WEEK_IN_SECONDS: Timestamp = 7 * DAY_IN_SECONDS;
 pub const WEEKS_PER_YEAR: u32 = 52;
 pub const PRECISION: u64 = 1_000_000_000_000_000_000;
 
-pub static GROWTH_SIGNATURE_PREFIX: &[u8] = b"xExchangeGrowthV1TaskCompleted";
-
 pub const DEFAULT_MIN_REWARDS_PERIOD: Week = 26;
 pub const DEFAULT_MIN_WEEKLY_REWARDS_DOLLARS_VALUE: u64 = 1_000;
 pub const USDC_DECIMALS: u32 = 6;
@@ -97,6 +95,8 @@ pub trait GrowthProgram:
         self.first_week_start_timestamp()
             .set(first_week_start_timestamp);
 
+        self.generate_signature_prefix();
+
         self.set_paused(true);
     }
 

growth-program/src/validation.rs

@@ -1,9 +1,10 @@
-use crate::{project::ProjectId, rewards::week_timekeeping::Week, GROWTH_SIGNATURE_PREFIX};
+use crate::{project::ProjectId, rewards::week_timekeeping::Week};
 
 multiversx_sc::imports!();
 
 pub type Signature<M> = ManagedByteArray<M, ED25519_SIGNATURE_BYTE_LEN>;
 pub const ED25519_SIGNATURE_BYTE_LEN: usize = 64;
+pub const SIGNATURE_PREFIX_LEN: usize = 20;
 
 pub struct SignatureData<'a, M: ManagedTypeApi> {
     pub caller: &'a ManagedAddress<M>,
@@ -29,8 +30,9 @@ pub trait ValidationModule: crate::project::ProjectsModule + crate::events::Even
         signature_data: SignatureData<Self::Api>,
         signature: &Signature<Self::Api>,
     ) {
+        let signature_prefix = self.signature_prefix().get();
         let mut data = ManagedBuffer::new();
-        let _ = GROWTH_SIGNATURE_PREFIX.dep_encode(&mut data);
+        let _ = signature_prefix.dep_encode(&mut data);
         let _ = signature_data.project_id.dep_encode(&mut data);
         let _ = signature_data.week.dep_encode(&mut data);
         let _ = signature_data.caller.dep_encode(&mut data);
@@ -44,6 +46,16 @@ pub trait ValidationModule: crate::project::ProjectsModule + crate::events::Even
         );
     }
 
+    fn generate_signature_prefix(&self) {
+        let mut rng = RandomnessSource::new();
+        let prefix = rng.next_bytes(SIGNATURE_PREFIX_LEN);
+        self.signature_prefix().set_if_empty(prefix);
+    }
+
     #[storage_mapper("signer")]
     fn signer(&self, project_id: ProjectId) -> SingleValueMapper<ManagedAddress>;
+
+    #[view(getSignaturePrefix)]
+    #[storage_mapper("signaturePrefix")]
+    fn signature_prefix(&self) -> SingleValueMapper<ManagedBuffer>;
 }

growth-program/tests/test.rs

@@ -225,7 +225,7 @@ fn claim_ok_first_week_unlocked_test() {
     // advance to week 2
     setup.advance_week();
 
-    let sig_first_user_week_2 = hex_literal::hex!("3360e54f357cbb67b1c34771b633d0f7ad9779019a0dcee252d972315c1edb8178012f057c94714e52b3d461ef333cb3020c29e3f98e467a4d3341880891690e");
+    let sig_first_user_week_2 = hex_literal::hex!("5457dfa67583f102a6f9ea9368de59ce795216c98d7a90bd3173c1fdf1073c5e38044f19d785c47bb9c4be09f9c9ad793474e9a0dd8cea814c3812ab52bcd00b");
     setup
         .claim(
             &setup.first_user_addr.clone(),
@@ -289,7 +289,7 @@ fn claim_ok_first_week_locked_test() {
     // advance to week 2
     setup.advance_week();
 
-    let sig_first_user_week_2 = hex_literal::hex!("3360e54f357cbb67b1c34771b633d0f7ad9779019a0dcee252d972315c1edb8178012f057c94714e52b3d461ef333cb3020c29e3f98e467a4d3341880891690e");
+    let sig_first_user_week_2 = hex_literal::hex!("5457dfa67583f102a6f9ea9368de59ce795216c98d7a90bd3173c1fdf1073c5e38044f19d785c47bb9c4be09f9c9ad793474e9a0dd8cea814c3812ab52bcd00b");
     setup
         .claim(
             &setup.first_user_addr.clone(),
@@ -348,7 +348,7 @@ fn claim_too_many_rewards_test() {
     // advance to week 2
     setup.advance_week();
 
-    let sig_first_user_week_2 = hex_literal::hex!("3360e54f357cbb67b1c34771b633d0f7ad9779019a0dcee252d972315c1edb8178012f057c94714e52b3d461ef333cb3020c29e3f98e467a4d3341880891690e");
+    let sig_first_user_week_2 = hex_literal::hex!("5457dfa67583f102a6f9ea9368de59ce795216c98d7a90bd3173c1fdf1073c5e38044f19d785c47bb9c4be09f9c9ad793474e9a0dd8cea814c3812ab52bcd00b");
     setup
         .b_mock
         .execute_tx(
@@ -389,7 +389,7 @@ fn claim_attempts_test() {
     // advance to week 2
     setup.advance_week();
 
-    let sig_first_user_week_2 = hex_literal::hex!("3360e54f357cbb67b1c34771b633d0f7ad9779019a0dcee252d972315c1edb8178012f057c94714e52b3d461ef333cb3020c29e3f98e467a4d3341880891690e");
+    let sig_first_user_week_2 = hex_literal::hex!("5457dfa67583f102a6f9ea9368de59ce795216c98d7a90bd3173c1fdf1073c5e38044f19d785c47bb9c4be09f9c9ad793474e9a0dd8cea814c3812ab52bcd00b");
     setup
         .claim(
             &setup.first_user_addr.clone(),
@@ -492,7 +492,7 @@ fn exempted_user_claim_next_week_test() {
     setup.advance_week();
 
     // first user try claim exemption while rewards remain
-    let sig_first_user_week_2 = hex_literal::hex!("3360e54f357cbb67b1c34771b633d0f7ad9779019a0dcee252d972315c1edb8178012f057c94714e52b3d461ef333cb3020c29e3f98e467a4d3341880891690e");
+    let sig_first_user_week_2 = hex_literal::hex!("5457dfa67583f102a6f9ea9368de59ce795216c98d7a90bd3173c1fdf1073c5e38044f19d785c47bb9c4be09f9c9ad793474e9a0dd8cea814c3812ab52bcd00b");
     setup
         .b_mock
         .execute_tx(
@@ -517,7 +517,7 @@ fn exempted_user_claim_next_week_test() {
         .assert_user_error("Can claim full rewards");
 
     // first user claim exemption
-    let sig_first_user_week_2 = hex_literal::hex!("3360e54f357cbb67b1c34771b633d0f7ad9779019a0dcee252d972315c1edb8178012f057c94714e52b3d461ef333cb3020c29e3f98e467a4d3341880891690e");
+    let sig_first_user_week_2 = hex_literal::hex!("5457dfa67583f102a6f9ea9368de59ce795216c98d7a90bd3173c1fdf1073c5e38044f19d785c47bb9c4be09f9c9ad793474e9a0dd8cea814c3812ab52bcd00b");
     setup
         .b_mock
         .execute_tx(

growth-program/wasm/src/lib.rs

@@ -6,9 +6,9 @@
 
 // Init:                                 1
 // Upgrade:                              1
-// Endpoints:                           37
+// Endpoints:                           38
 // Async Callback (empty):               1
-// Total number of exported functions:  40
+// Total number of exported functions:  41
 
 #![no_std]
 
@@ -49,6 +49,7 @@ multiversx_sc_wasm_adapter::endpoints! {
         getRewardsRemainingAmount => rewards_remaining_amount
         getNotesHistory => get_notes_history
         changeSigner => change_signer
+        getSignaturePrefix => signature_prefix
         getCurrentWeek => get_current_week
         getTimestampsStartAndEndOfWeek => get_timestamps_start_and_end_of_week
         getFirstWeekStartTimestamp => first_week_start_timestamp

router-mock/output/router-mock.abi.json

@@ -10,7 +10,7 @@
         "contractCrate": {
             "name": "router-mock",
             "version": "0.0.0",
-            "gitVersion": "v1.0.2-179-g5cb95cc"
+            "gitVersion": "v1.0.2-190-g05a3ba5"
         },
         "framework": {
             "name": "multiversx-sc",