implement Router.sol and associated functions (#92)

* start Router contract * use calldata for function args * var name changes * start testing router contract * test with and without abi.encode * cleanup * why tf isn't tests/utils working * cleanup tests * remove unused files * wip * fix router contract and tests, add set/update public keys funcs * impl some Froms * make execute non-reentrant * cleanup * update Router to use ReentrancyGuard * update contract to use errors, use bitfield in Executed event, minor other fixes * wip * fix build issues from merge, tests ok * Router.sol cleanup * cleanup, uncomment stuff * bump ethers.rs version to latest * make contract functions take generic middleware * update build script to assert no compiler errors * hardcode pubkey parity into contract, update tests * Polish coins/ethereum in various ways --------- Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2025-12-13 06:29:25 +00:00 · 2024-03-24 09:00:54 -04:00
parent 3d855c75be
commit 63521f6a96
20 changed files with 690 additions and 348 deletions
--- a/coins/ethereum/src/tests/crypto.rs
+++ b/coins/ethereum/src/tests/crypto.rs
@@ -0,0 +1,132 @@
+use rand_core::OsRng;
+
+use sha2::Sha256;
+use sha3::{Digest, Keccak256};
+
+use group::Group;
+use k256::{
+  ecdsa::{hazmat::SignPrimitive, signature::DigestVerifier, SigningKey, VerifyingKey},
+  elliptic_curve::{bigint::ArrayEncoding, ops::Reduce, point::DecompressPoint},
+  U256, Scalar, AffinePoint, ProjectivePoint,
+};
+
+use frost::{
+  curve::Secp256k1,
+  algorithm::{Hram, IetfSchnorr},
+  tests::{algorithm_machines, sign},
+};
+
+use crate::{crypto::*, tests::key_gen};
+
+pub fn hash_to_scalar(data: &[u8]) -> Scalar {
+  Scalar::reduce(U256::from_be_slice(&keccak256(data)))
+}
+
+pub(crate) fn ecrecover(message: Scalar, v: u8, r: Scalar, s: Scalar) -> Option<[u8; 20]> {
+  if r.is_zero().into() || s.is_zero().into() || !((v == 27) || (v == 28)) {
+    return None;
+  }
+
+  #[allow(non_snake_case)]
+  let R = AffinePoint::decompress(&r.to_bytes(), (v - 27).into());
+  #[allow(non_snake_case)]
+  if let Some(R) = Option::<AffinePoint>::from(R) {
+    #[allow(non_snake_case)]
+    let R = ProjectivePoint::from(R);
+
+    let r = r.invert().unwrap();
+    let u1 = ProjectivePoint::GENERATOR * (-message * r);
+    let u2 = R * (s * r);
+    let key: ProjectivePoint = u1 + u2;
+    if !bool::from(key.is_identity()) {
+      return Some(address(&key));
+    }
+  }
+
+  None
+}
+
+#[test]
+fn test_ecrecover() {
+  let private = SigningKey::random(&mut OsRng);
+  let public = VerifyingKey::from(&private);
+
+  // Sign the signature
+  const MESSAGE: &[u8] = b"Hello, World!";
+  let (sig, recovery_id) = private
+    .as_nonzero_scalar()
+    .try_sign_prehashed_rfc6979::<Sha256>(&Keccak256::digest(MESSAGE), b"")
+    .unwrap();
+
+  // Sanity check the signature verifies
+  #[allow(clippy::unit_cmp)] // Intended to assert this wasn't changed to Result<bool>
+  {
+    assert_eq!(public.verify_digest(Keccak256::new_with_prefix(MESSAGE), &sig).unwrap(), ());
+  }
+
+  // Perform the ecrecover
+  assert_eq!(
+    ecrecover(
+      hash_to_scalar(MESSAGE),
+      u8::from(recovery_id.unwrap().is_y_odd()) + 27,
+      *sig.r(),
+      *sig.s()
+    )
+    .unwrap(),
+    address(&ProjectivePoint::from(public.as_affine()))
+  );
+}
+
+// Run the sign test with the EthereumHram
+#[test]
+fn test_signing() {
+  let (keys, _) = key_gen();
+
+  const MESSAGE: &[u8] = b"Hello, World!";
+
+  let algo = IetfSchnorr::<Secp256k1, EthereumHram>::ietf();
+  let _sig =
+    sign(&mut OsRng, &algo, keys.clone(), algorithm_machines(&mut OsRng, &algo, &keys), MESSAGE);
+}
+
+#[allow(non_snake_case)]
+pub fn preprocess_signature_for_ecrecover(
+  R: ProjectivePoint,
+  public_key: &PublicKey,
+  chain_id: U256,
+  m: &[u8],
+  s: Scalar,
+) -> (u8, Scalar, Scalar) {
+  let c = EthereumHram::hram(
+    &R,
+    &public_key.A,
+    &[chain_id.to_be_byte_array().as_slice(), &keccak256(m)].concat(),
+  );
+  let sa = -(s * public_key.px);
+  let ca = -(c * public_key.px);
+  (public_key.parity, sa, ca)
+}
+
+#[test]
+fn test_ecrecover_hack() {
+  let (keys, public_key) = key_gen();
+
+  const MESSAGE: &[u8] = b"Hello, World!";
+  let hashed_message = keccak256(MESSAGE);
+  let chain_id = U256::ONE;
+  let full_message = &[chain_id.to_be_byte_array().as_slice(), &hashed_message].concat();
+
+  let algo = IetfSchnorr::<Secp256k1, EthereumHram>::ietf();
+  let sig = sign(
+    &mut OsRng,
+    &algo,
+    keys.clone(),
+    algorithm_machines(&mut OsRng, &algo, &keys),
+    full_message,
+  );
+
+  let (parity, sa, ca) =
+    preprocess_signature_for_ecrecover(sig.R, &public_key, chain_id, MESSAGE, sig.s);
+  let q = ecrecover(sa, parity, public_key.px, ca).unwrap();
+  assert_eq!(q, address(&sig.R));
+}
--- a/coins/ethereum/src/tests/mod.rs
+++ b/coins/ethereum/src/tests/mod.rs
@@ -0,0 +1,92 @@
+use std::{sync::Arc, time::Duration, fs::File, collections::HashMap};
+
+use rand_core::OsRng;
+
+use group::ff::PrimeField;
+use k256::{Scalar, ProjectivePoint};
+use frost::{curve::Secp256k1, Participant, ThresholdKeys, tests::key_gen as frost_key_gen};
+
+use ethers_core::{
+  types::{H160, Signature as EthersSignature},
+  abi::Abi,
+};
+use ethers_contract::ContractFactory;
+use ethers_providers::{Middleware, Provider, Http};
+
+use crate::crypto::PublicKey;
+
+mod crypto;
+mod schnorr;
+mod router;
+
+pub fn key_gen() -> (HashMap<Participant, ThresholdKeys<Secp256k1>>, PublicKey) {
+  let mut keys = frost_key_gen::<_, Secp256k1>(&mut OsRng);
+  let mut group_key = keys[&Participant::new(1).unwrap()].group_key();
+
+  let mut offset = Scalar::ZERO;
+  while PublicKey::new(group_key).is_none() {
+    offset += Scalar::ONE;
+    group_key += ProjectivePoint::GENERATOR;
+  }
+  for keys in keys.values_mut() {
+    *keys = keys.offset(offset);
+  }
+  let public_key = PublicKey::new(group_key).unwrap();
+
+  (keys, public_key)
+}
+
+// TODO: Replace with a contract deployment from an unknown account, so the environment solely has
+// to fund the deployer, not create/pass a wallet
+// TODO: Deterministic deployments across chains
+pub async fn deploy_contract(
+  chain_id: u32,
+  client: Arc<Provider<Http>>,
+  wallet: &k256::ecdsa::SigningKey,
+  name: &str,
+) -> eyre::Result<H160> {
+  let abi: Abi =
+    serde_json::from_reader(File::open(format!("./artifacts/{name}.abi")).unwrap()).unwrap();
+
+  let hex_bin_buf = std::fs::read_to_string(format!("./artifacts/{name}.bin")).unwrap();
+  let hex_bin =
+    if let Some(stripped) = hex_bin_buf.strip_prefix("0x") { stripped } else { &hex_bin_buf };
+  let bin = hex::decode(hex_bin).unwrap();
+  let factory = ContractFactory::new(abi, bin.into(), client.clone());
+
+  let mut deployment_tx = factory.deploy(())?.tx;
+  deployment_tx.set_chain_id(chain_id);
+  deployment_tx.set_gas(1_000_000);
+  let (max_fee_per_gas, max_priority_fee_per_gas) = client.estimate_eip1559_fees(None).await?;
+  deployment_tx.as_eip1559_mut().unwrap().max_fee_per_gas = Some(max_fee_per_gas);
+  deployment_tx.as_eip1559_mut().unwrap().max_priority_fee_per_gas = Some(max_priority_fee_per_gas);
+
+  let sig_hash = deployment_tx.sighash();
+  let (sig, rid) = wallet.sign_prehash_recoverable(sig_hash.as_ref()).unwrap();
+
+  // EIP-155 v
+  let mut v = u64::from(rid.to_byte());
+  assert!((v == 0) || (v == 1));
+  v += u64::from((chain_id * 2) + 35);
+
+  let r = sig.r().to_repr();
+  let r_ref: &[u8] = r.as_ref();
+  let s = sig.s().to_repr();
+  let s_ref: &[u8] = s.as_ref();
+  let deployment_tx =
+    deployment_tx.rlp_signed(&EthersSignature { r: r_ref.into(), s: s_ref.into(), v });
+
+  let pending_tx = client.send_raw_transaction(deployment_tx).await?;
+
+  let mut receipt;
+  while {
+    receipt = client.get_transaction_receipt(pending_tx.tx_hash()).await?;
+    receipt.is_none()
+  } {
+    tokio::time::sleep(Duration::from_secs(6)).await;
+  }
+  let receipt = receipt.unwrap();
+  assert!(receipt.status == Some(1.into()));
+
+  Ok(receipt.contract_address.unwrap())
+}
--- a/coins/ethereum/src/tests/router.rs
+++ b/coins/ethereum/src/tests/router.rs
@@ -0,0 +1,109 @@
+use std::{convert::TryFrom, sync::Arc, collections::HashMap};
+
+use rand_core::OsRng;
+
+use group::ff::PrimeField;
+use frost::{
+  curve::Secp256k1,
+  Participant, ThresholdKeys,
+  algorithm::IetfSchnorr,
+  tests::{algorithm_machines, sign},
+};
+
+use ethers_core::{
+  types::{H160, U256, Bytes},
+  abi::AbiEncode,
+  utils::{Anvil, AnvilInstance},
+};
+use ethers_providers::{Middleware, Provider, Http};
+
+use crate::{
+  crypto::{keccak256, PublicKey, EthereumHram, Signature},
+  router::{self, *},
+  tests::{key_gen, deploy_contract},
+};
+
+async fn setup_test() -> (
+  u32,
+  AnvilInstance,
+  Router<Provider<Http>>,
+  HashMap<Participant, ThresholdKeys<Secp256k1>>,
+  PublicKey,
+) {
+  let anvil = Anvil::new().spawn();
+
+  let provider = Provider::<Http>::try_from(anvil.endpoint()).unwrap();
+  let chain_id = provider.get_chainid().await.unwrap().as_u32();
+  let wallet = anvil.keys()[0].clone().into();
+  let client = Arc::new(provider);
+
+  let contract_address =
+    deploy_contract(chain_id, client.clone(), &wallet, "Router").await.unwrap();
+  let contract = Router::new(contract_address, client.clone());
+
+  let (keys, public_key) = key_gen();
+
+  // Set the key to the threshold keys
+  let tx = contract.init_serai_key(public_key.px.to_repr().into()).gas(100_000);
+  let pending_tx = tx.send().await.unwrap();
+  let receipt = pending_tx.await.unwrap().unwrap();
+  assert!(receipt.status == Some(1.into()));
+
+  (chain_id, anvil, contract, keys, public_key)
+}
+
+#[tokio::test]
+async fn test_deploy_contract() {
+  setup_test().await;
+}
+
+pub fn hash_and_sign(
+  keys: &HashMap<Participant, ThresholdKeys<Secp256k1>>,
+  public_key: &PublicKey,
+  chain_id: U256,
+  message: &[u8],
+) -> Signature {
+  let hashed_message = keccak256(message);
+
+  let mut chain_id_bytes = [0; 32];
+  chain_id.to_big_endian(&mut chain_id_bytes);
+  let full_message = &[chain_id_bytes.as_slice(), &hashed_message].concat();
+
+  let algo = IetfSchnorr::<Secp256k1, EthereumHram>::ietf();
+  let sig = sign(
+    &mut OsRng,
+    &algo,
+    keys.clone(),
+    algorithm_machines(&mut OsRng, &algo, keys),
+    full_message,
+  );
+
+  Signature::new(public_key, k256::U256::from_words(chain_id.0), message, sig).unwrap()
+}
+
+#[tokio::test]
+async fn test_router_execute() {
+  let (chain_id, _anvil, contract, keys, public_key) = setup_test().await;
+
+  let to = H160([0u8; 20]);
+  let value = U256([0u64; 4]);
+  let data = Bytes::from([0]);
+  let tx = OutInstruction { to, value, data: data.clone() };
+
+  let nonce_call = contract.nonce();
+  let nonce = nonce_call.call().await.unwrap();
+
+  let encoded =
+    ("execute".to_string(), nonce, vec![router::OutInstruction { to, value, data }]).encode();
+  let sig = hash_and_sign(&keys, &public_key, chain_id.into(), &encoded);
+
+  let tx = contract
+    .execute(vec![tx], router::Signature { c: sig.c.to_repr().into(), s: sig.s.to_repr().into() })
+    .gas(300_000);
+  let pending_tx = tx.send().await.unwrap();
+  let receipt = dbg!(pending_tx.await.unwrap().unwrap());
+  assert!(receipt.status == Some(1.into()));
+
+  println!("gas used: {:?}", receipt.cumulative_gas_used);
+  println!("logs: {:?}", receipt.logs);
+}
--- a/coins/ethereum/src/tests/schnorr.rs
+++ b/coins/ethereum/src/tests/schnorr.rs
@@ -0,0 +1,67 @@
+use std::{convert::TryFrom, sync::Arc};
+
+use rand_core::OsRng;
+
+use ::k256::{elliptic_curve::bigint::ArrayEncoding, U256, Scalar};
+
+use ethers_core::utils::{keccak256, Anvil, AnvilInstance};
+use ethers_providers::{Middleware, Provider, Http};
+
+use frost::{
+  curve::Secp256k1,
+  algorithm::IetfSchnorr,
+  tests::{algorithm_machines, sign},
+};
+
+use crate::{
+  crypto::*,
+  schnorr::*,
+  tests::{key_gen, deploy_contract},
+};
+
+async fn setup_test() -> (u32, AnvilInstance, Schnorr<Provider<Http>>) {
+  let anvil = Anvil::new().spawn();
+
+  let provider = Provider::<Http>::try_from(anvil.endpoint()).unwrap();
+  let chain_id = provider.get_chainid().await.unwrap().as_u32();
+  let wallet = anvil.keys()[0].clone().into();
+  let client = Arc::new(provider);
+
+  let contract_address =
+    deploy_contract(chain_id, client.clone(), &wallet, "Schnorr").await.unwrap();
+  let contract = Schnorr::new(contract_address, client.clone());
+  (chain_id, anvil, contract)
+}
+
+#[tokio::test]
+async fn test_deploy_contract() {
+  setup_test().await;
+}
+
+#[tokio::test]
+async fn test_ecrecover_hack() {
+  let (chain_id, _anvil, contract) = setup_test().await;
+  let chain_id = U256::from(chain_id);
+
+  let (keys, public_key) = key_gen();
+
+  const MESSAGE: &[u8] = b"Hello, World!";
+  let hashed_message = keccak256(MESSAGE);
+  let full_message = &[chain_id.to_be_byte_array().as_slice(), &hashed_message].concat();
+
+  let algo = IetfSchnorr::<Secp256k1, EthereumHram>::ietf();
+  let sig = sign(
+    &mut OsRng,
+    &algo,
+    keys.clone(),
+    algorithm_machines(&mut OsRng, &algo, &keys),
+    full_message,
+  );
+  let sig = Signature::new(&public_key, chain_id, MESSAGE, sig).unwrap();
+
+  call_verify(&contract, &public_key, MESSAGE, &sig).await.unwrap();
+  // Test an invalid signature fails
+  let mut sig = sig;
+  sig.s += Scalar::ONE;
+  assert!(call_verify(&contract, &public_key, MESSAGE, &sig).await.is_err());
+}