Relayer: increase nonce even if execution fails (#180)

izqui · web-flow · commit 5ae86d329d9e · 2023-02-16T20:10:42.000+01:00
* Relayer: increase nonce even if execution fails * More tests * Relayer: prevent return gas bomb (#181)
diff --git a/src/metatx/FirmRelayer.sol b/src/metatx/FirmRelayer.sol
@@ -56,6 +56,8 @@ contract FirmRelayer is EIP712 {
     bytes32 internal constant ZERO_HASH = 0xc5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470;
 
     uint256 internal constant ASSERTION_WORD_SIZE = 32;
+    uint256 internal constant RELAY_GAS_BUFFER = 10000;
+    uint256 internal constant MAX_REVERT_DATA = 320;
 
     mapping(address => uint256) public getNonce;
 
@@ -64,11 +66,14 @@ contract FirmRelayer is EIP712 {
     error CallExecutionFailed(uint256 callIndex, address to, bytes revertData);
     error BadAssertionIndex(uint256 callIndex);
     error AssertionPositionOutOfBounds(uint256 callIndex, uint256 returnDataLenght);
-    error AssertionFailed(uint256 callIndex, bytes32 actualValue, bytes32 expectedValue);
+    error UnexpectedReturnValue(uint256 callIndex, bytes32 actualValue, bytes32 expectedValue);
     error UnauthorizedSenderNotFrom();
+    error InsufficientGas();
+    error BadExecutionContext();
 
     event Relayed(address indexed relayer, address indexed signer, uint256 nonce, uint256 numCalls);
     event SelfRelayed(address indexed sender, uint256 numCalls);
+    event RelayExecutionFailed(address indexed relayer, address indexed signer, uint256 nonce, bytes revertData);
 
     constructor() EIP712("Firm Relayer", "0.0.1") {}
 
@@ -100,9 +105,35 @@ contract FirmRelayer is EIP712 {
         }
         getNonce[signer] = request.nonce + 1;
 
-        _execute(signer, request.calls, request.assertions);
+        // We check how much gas all calls are going to use and make sure we have enough
+        // This is to ensure that the external execute call will not fail due to OOG
+        // which would allow to block the request by forcing it to fail
+        uint256 callsGas = 0;
+        uint256 callsLength = request.calls.length;
+        for (uint256 i = 0; i < callsLength;) {
+            callsGas += request.calls[i].gas;
+            unchecked {
+                i++;
+            }
+        }
+
+        if (gasleft() < callsGas + RELAY_GAS_BUFFER) {
+            revert InsufficientGas();
+        }
+
+        // We perform the execution as an external call so if the execution fails,
+        // everything that happened in that sub-call is reverted, but not this
+        // top-level call. This is important because we don't want to revert the
+        // nonce increase if the execution fails.
+        (bool ok, bytes memory returnData) = address(this).call(
+            abi.encodeWithSelector(this.__externalSelfCall_execute.selector, signer, request.calls, request.assertions)
+        );
 
-        emit Relayed(msg.sender, signer, request.nonce, request.calls.length);
+        if (ok) {
+            emit Relayed(msg.sender, signer, request.nonce, request.calls.length);
+        } else {
+            emit RelayExecutionFailed(msg.sender, signer, request.nonce, returnData);
+        }
     }
 
     /**
@@ -120,14 +151,40 @@ contract FirmRelayer is EIP712 {
         emit SelfRelayed(msg.sender, calls.length);
     }
 
+    function __externalSelfCall_execute(address asSender, Call[] calldata calls, Assertion[] calldata assertions) external {
+        if (msg.sender != address(this)) {
+            revert BadExecutionContext();
+        }
+
+        _execute(asSender, calls, assertions);
+    }
+
     function _execute(address asSender, Call[] calldata calls, Assertion[] calldata assertions) internal {
         for (uint256 i = 0; i < calls.length;) {
             Call calldata call = calls[i];
 
+            address to = call.to;
+            uint256 value = call.value;
+            uint256 callGas = call.gas;
             bytes memory payload = abi.encodePacked(call.data, asSender);
-            (bool success, bytes memory returnData) = call.to.call{value: call.value, gas: call.gas}(payload);
+            uint256 returnDataSize;
+            bool success;
+
+            /// @solidity memory-safe-assembly
+            assembly {
+                success := call(callGas, to, value, add(payload, 0x20), mload(payload), 0, 0)
+                returnDataSize := returndatasize()
+            }
+
             if (!success) {
-                revert CallExecutionFailed(i, call.to, returnData);
+                // Prevent revert data from being too large
+                uint256 revertDataSize = returnDataSize > MAX_REVERT_DATA ? MAX_REVERT_DATA : returnDataSize;
+                bytes memory revertData = new bytes(revertDataSize);
+                /// @solidity memory-safe-assembly
+                assembly {
+                    returndatacopy(add(revertData, 0x20), 0, revertDataSize)
+                }
+                revert CallExecutionFailed(i, call.to, revertData);
             }
 
             uint256 assertionIndex = call.assertionIndex;
@@ -137,20 +194,21 @@ contract FirmRelayer is EIP712 {
                 }
 
                 Assertion calldata assertion = assertions[assertionIndex - 1];
-                uint256 returnDataMinLength = assertion.position + ASSERTION_WORD_SIZE;
-                if (returnDataMinLength > returnData.length) {
-                    revert AssertionPositionOutOfBounds(i, returnData.length);
+                uint256 assertionPosition = assertion.position;
+                if (assertion.position + ASSERTION_WORD_SIZE > returnDataSize) {
+                    revert AssertionPositionOutOfBounds(i, returnDataSize);
                 }
 
+                // Only copy the return data word we need to check
                 bytes32 returnValue;
                 /// @solidity memory-safe-assembly
                 assembly {
-                    // Position in memory for the value to be read is returnData + 0x20 + position
-                    // so we can reuse returnDataMinLength (position + 32) from above as an optimization
-                    returnValue := mload(add(returnData, returnDataMinLength))
+                    let copyPosition := mload(0x40)
+                    returndatacopy(copyPosition, assertionPosition, ASSERTION_WORD_SIZE)
+                    returnValue := mload(copyPosition)
                 }
                 if (returnValue != assertion.expectedValue) {
-                    revert AssertionFailed(i, returnValue, assertion.expectedValue);
+                    revert UnexpectedReturnValue(i, returnValue, assertion.expectedValue);
                 }
             }
             unchecked {
diff --git a/src/metatx/test/FirmRelayer.t.sol b/src/metatx/test/FirmRelayer.t.sol
@@ -104,22 +104,33 @@ contract FirmRelayerTest is FirmTest {
         relayer.relay(request, _signPacked(hash, USER_PK));
     }
 
-    function testRevertOnTargetBadSender() public {
+    function testExecutionCallRevertsAllCalls() public {
         (address otherUser, uint256 otherUserPk) = accountAndKey("other user");
 
-        FirmRelayer.Call memory call = _defaultCallWithData(address(target), abi.encodeCall(target.onlySender, (USER)));
-        FirmRelayer.RelayRequest memory request = _defaultRequestWithCall(call);
+        FirmRelayer.Call memory call1 = _defaultCallWithData(address(target), abi.encodeCall(target.onlySender, (otherUser)));
+        FirmRelayer.Call memory call2 = _defaultCallWithData(address(target), abi.encodeCall(target.onlySender, (USER)));
+
+        FirmRelayer.RelayRequest memory request = _defaultRequestWithCall(call1);
+        request.calls = new FirmRelayer.Call[](2);
+        request.calls[0] = call1;
+        request.calls[1] = call2;
         request.from = otherUser;
         bytes32 hash = relayer.requestTypedDataHash(request);
 
         bytes memory targetError = abi.encodeWithSelector(RelayTarget.BadSender.selector, USER, otherUser);
-        vm.expectRevert(
-            abi.encodeWithSelector(FirmRelayer.CallExecutionFailed.selector, 0, address(target), targetError)
+        assertFailureEvent(
+            otherUser,
+            abi.encodeWithSelector(FirmRelayer.CallExecutionFailed.selector, 1, address(target), targetError)
         );
         relayer.relay(request, _signPacked(hash, otherUserPk));
+
+        // Nonce should have been incremented
+        assertEq(relayer.getNonce(otherUser), 1);
+        // Successful call on target should have been reverted
+        assertEq(target.lastSender(), address(0));
     }
 
-    function testRevertOnAssertionFailure() public {
+    function testExecutionRevertOnAssertionFailure() public {
         bytes32 actualReturnValue = bytes32(abi.encode(USER));
         bytes32 badExpectedValue = bytes32(uint256(0));
 
@@ -128,31 +139,60 @@ contract FirmRelayerTest is FirmTest {
         FirmRelayer.RelayRequest memory request = _defaultRequestWithCallAndAssertion(call, assertion);
 
         bytes32 hash = relayer.requestTypedDataHash(request);
-        vm.expectRevert(
-            abi.encodeWithSelector(FirmRelayer.AssertionFailed.selector, 0, actualReturnValue, badExpectedValue)
-        );
+
+        assertFailureEvent(USER, abi.encodeWithSelector(FirmRelayer.UnexpectedReturnValue.selector, 0, actualReturnValue, badExpectedValue));
         relayer.relay(request, _signPacked(hash, USER_PK));
+
+        // Nonce should have been incremented
+        assertEq(relayer.getNonce(USER), 1);
     }
 
-    function testRevertOnAssertionOutOfBounds() public {
+    function testExecutionRevertOnAssertionOutOfBounds() public {
         FirmRelayer.Call memory call = _defaultCallWithData(address(target), abi.encodeCall(target.onlySender, (USER)));
         FirmRelayer.Assertion memory assertion = FirmRelayer.Assertion(1, bytes32(abi.encode(USER)));
         FirmRelayer.RelayRequest memory request = _defaultRequestWithCallAndAssertion(call, assertion);
 
         bytes32 hash = relayer.requestTypedDataHash(request);
-        vm.expectRevert(abi.encodeWithSelector(FirmRelayer.AssertionPositionOutOfBounds.selector, 0, 32));
+        assertFailureEvent(USER, abi.encodeWithSelector(FirmRelayer.AssertionPositionOutOfBounds.selector, 0, 32));
         relayer.relay(request, _signPacked(hash, USER_PK));
+        
+        // Nonce should have been incremented
+        assertEq(relayer.getNonce(USER), 1);
     }
 
-    function testRevertOnBadAssertionIndex() public {
+    function testExecutionRevertOnBadAssertionIndex() public {
         FirmRelayer.Call memory call = _defaultCallWithData(address(target), abi.encodeCall(target.onlySender, (USER)));
         FirmRelayer.Assertion memory assertion = FirmRelayer.Assertion(0, bytes32(abi.encode(USER)));
         FirmRelayer.RelayRequest memory request = _defaultRequestWithCallAndAssertion(call, assertion);
         request.calls[0].assertionIndex = 2;
 
         bytes32 hash = relayer.requestTypedDataHash(request);
-        vm.expectRevert(abi.encodeWithSelector(FirmRelayer.BadAssertionIndex.selector, 0));
+        assertFailureEvent(USER, abi.encodeWithSelector(FirmRelayer.BadAssertionIndex.selector, 0));
         relayer.relay(request, _signPacked(hash, USER_PK));
+
+        // Nonce should have been incremented
+        assertEq(relayer.getNonce(USER), 1);
+    }
+
+    function testRevertOnInsufficientGas() public {
+        FirmRelayer.Call memory call = _defaultCallWithData(address(target), abi.encodeCall(target.onlySender, (USER)));
+        FirmRelayer.RelayRequest memory request = _defaultRequestWithCall(call);
+        bytes memory sig = _signPacked(relayer.requestTypedDataHash(request), USER_PK);
+
+        vm.expectRevert(abi.encodeWithSelector(FirmRelayer.InsufficientGas.selector));
+        relayer.relay{ gas: call.gas - 100 }(request, sig);
+
+        // Nonce not incremented, can relay the same request again
+        assertEq(relayer.getNonce(USER), 0);
+
+        // Relay should succeed with enough gas (account for buffer)
+        relayer.relay{ gas: call.gas + 40000 }(request, sig);
+        assertEq(target.lastSender(), USER);
+    }
+
+    function testRevertOnExternalSelfExecute() public {
+        vm.expectRevert(abi.encodeWithSelector(FirmRelayer.BadExecutionContext.selector));
+        relayer.__externalSelfCall_execute(address(this), new FirmRelayer.Call[](0), new FirmRelayer.Assertion[](0));
     }
 
     function testSelfRelay() public {
@@ -181,7 +221,7 @@ contract FirmRelayerTest is FirmTest {
         call.to = to;
         call.data = data;
         call.value = 0;
-        call.gas = 10_000_000; // random big value for testing
+        call.gas = 200_000; // random big value for testing
         call.assertionIndex = 0;
     }
 
@@ -207,6 +247,17 @@ contract FirmRelayerTest is FirmTest {
         request.calls[0].assertionIndex = 1;
     }
 
+    event RelayExecutionFailed(address indexed relayer, address indexed signer, uint256 nonce, bytes revertData);
+    function assertFailureEvent(address sender, bytes memory revertData) internal {
+        vm.expectEmit(true, true, true, true, address(relayer));
+        emit RelayExecutionFailed(
+            address(this),
+            sender,
+            0,
+            revertData
+        );
+    }
+
     // For this test we need to fix both the address of FirmRelayer and chainId so that the hash
     // matches a hash generated off-chain with those parameters
     // Gen script: https://gist.github.com/izqui/f0379eb81c5e46f79696f88736ce1ffa
