From 91f1301d7fb26d7dc6bb17fb93f6786577a92b5a Mon Sep 17 00:00:00 2001 From: drklee3 Date: Fri, 1 Nov 2024 12:58:58 -0700 Subject: [PATCH] test: Validate EIP712 patch in tests (#2044) Tests various EIP712Domains in ante tests and assert EIP712 domain verifyingContract & salt fields in e2e tests. This is to ensure our patch has been properly applied and integrated. (cherry picked from commit 8776c95409fc3084f73d86bc8987c56ad3103874) --- app/ante/eip712_test.go | 409 +++++++++++++++++++++++++++++------ tests/e2e/testutil/eip712.go | 5 + 2 files changed, 351 insertions(+), 63 deletions(-) diff --git a/app/ante/eip712_test.go b/app/ante/eip712_test.go index 08aa0fb66d..def28a923e 100644 --- a/app/ante/eip712_test.go +++ b/app/ante/eip712_test.go @@ -6,6 +6,11 @@ import ( "time" sdkmath "cosmossdk.io/math" + abci "github.com/cometbft/cometbft/abci/types" + "github.com/cometbft/cometbft/crypto/tmhash" + tmproto "github.com/cometbft/cometbft/proto/tendermint/types" + tmversion "github.com/cometbft/cometbft/proto/tendermint/version" + "github.com/cometbft/cometbft/version" "github.com/cosmos/cosmos-sdk/client" codectypes "github.com/cosmos/cosmos-sdk/codec/types" cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types" @@ -17,14 +22,10 @@ import ( authtypes "github.com/cosmos/cosmos-sdk/x/auth/types" stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types" "github.com/ethereum/go-ethereum/common" + "github.com/ethereum/go-ethereum/common/math" ethtypes "github.com/ethereum/go-ethereum/core/types" "github.com/ethereum/go-ethereum/crypto" - - abci "github.com/cometbft/cometbft/abci/types" - "github.com/cometbft/cometbft/crypto/tmhash" - tmproto "github.com/cometbft/cometbft/proto/tendermint/types" - tmversion "github.com/cometbft/cometbft/proto/tendermint/version" - "github.com/cometbft/cometbft/version" + "github.com/ethereum/go-ethereum/signer/core/apitypes" "github.com/evmos/ethermint/crypto/ethsecp256k1" "github.com/evmos/ethermint/ethereum/eip712" "github.com/evmos/ethermint/tests" @@ -46,6 +47,7 @@ const ( ChainID = app.TestChainId USDCCoinDenom = "erc20/usdc" USDCCDPType = "erc20-usdc" + TxGas = uint64(sims.DefaultGenTxGas * 10) ) type EIP712TestSuite struct { @@ -70,31 +72,113 @@ func (suite *EIP712TestSuite) getEVMAmount(amount int64) sdkmath.Int { return sdkmath.NewInt(amount).Mul(sdkmath.NewIntFromUint64(incr.Uint64())) } -func (suite *EIP712TestSuite) createTestEIP712CosmosTxBuilder( - from sdk.AccAddress, priv cryptotypes.PrivKey, chainId string, gas uint64, gasAmount sdk.Coins, msgs []sdk.Msg, +func (suite *EIP712TestSuite) buildTransaction( + gasAmount sdk.Coins, + msgs []sdk.Msg, + nonce uint64, + pubKey cryptotypes.PubKey, + option *codectypes.Any, ) client.TxBuilder { - var err error + suite.clientCtx.TxConfig.SignModeHandler() + txBuilder := suite.clientCtx.TxConfig.NewTxBuilder() + builder, ok := txBuilder.(authtx.ExtensionOptionsTxBuilder) + suite.Require().True(ok) - nonce, err := suite.tApp.GetAccountKeeper().GetSequence(suite.ctx, from) + builder.SetExtensionOptions(option) + builder.SetFeeAmount(gasAmount) + builder.SetGasLimit(TxGas) + + sigsV2 := signing.SignatureV2{ + PubKey: pubKey, + Data: &signing.SingleSignatureData{ + SignMode: signing.SignMode_SIGN_MODE_LEGACY_AMINO_JSON, + }, + Sequence: nonce, + } + + err := builder.SetSignatures(sigsV2) suite.Require().NoError(err) - pc, err := etherminttypes.ParseChainID(chainId) + err = builder.SetMsgs(msgs...) suite.Require().NoError(err) - ethChainId := pc.Uint64() + + return builder +} + +func (suite *EIP712TestSuite) buildSigHash( + from sdk.AccAddress, + chainID string, + gasAmount sdk.Coins, + msgs []sdk.Msg, + nonce uint64, + customDomain *apitypes.TypedDataDomain, + customDomainTypes []apitypes.Type, +) []byte { + pc, err := etherminttypes.ParseChainID(chainID) + suite.Require().NoError(err) + ethChainID := pc.Uint64() // GenerateTypedData TypedData - fee := legacytx.NewStdFee(gas, gasAmount) + fee := legacytx.NewStdFee(TxGas, gasAmount) //nolint:staticcheck // Deprecated but EIP712 still uses legacytx accNumber := suite.tApp.GetAccountKeeper().GetAccount(suite.ctx, from).GetAccountNumber() - data := eip712.ConstructUntypedEIP712Data(chainId, accNumber, nonce, 0, fee, msgs, "", nil) - typedData, err := eip712.WrapTxToTypedData(ethChainId, msgs, data, &eip712.FeeDelegationOptions{ - FeePayer: from, - }, suite.tApp.GetEvmKeeper().GetParams(suite.ctx)) + data := eip712.ConstructUntypedEIP712Data(chainID, accNumber, nonce, 0, fee, msgs, "", nil) + typedData, err := eip712.WrapTxToTypedData( + ethChainID, + msgs, + data, + &eip712.FeeDelegationOptions{ + FeePayer: from, + }, + suite.tApp.GetEvmKeeper().GetParams(suite.ctx), + ) suite.Require().NoError(err) + + // Override Domain if provided, this will modify the hash to sign + if customDomain != nil { + typedData.Domain = *customDomain + } + + // Override EIP712Domain types if provided + if customDomainTypes != nil { + typedData.Types["EIP712Domain"] = customDomainTypes + } + + // Compute sigHash to sign sigHash, err := eip712.ComputeTypedDataHash(typedData) suite.Require().NoError(err) - // Sign typedData + return sigHash +} + +func (suite *EIP712TestSuite) createTestEIP712CosmosTxBuilderWithDomain( + from sdk.AccAddress, + priv cryptotypes.PrivKey, + chainID string, + gasAmount sdk.Coins, + msgs []sdk.Msg, + customDomain *apitypes.TypedDataDomain, + customDomainTypes []apitypes.Type, +) client.TxBuilder { + // Get required info + nonce, err := suite.tApp.GetAccountKeeper().GetSequence(suite.ctx, from) + suite.Require().NoError(err) + + pc, err := etherminttypes.ParseChainID(chainID) + suite.Require().NoError(err) + ethChainID := pc.Uint64() + + sigHash := suite.buildSigHash( + from, + chainID, + gasAmount, + msgs, + nonce, + customDomain, + customDomainTypes, + ) + + // Sign sigHash keyringSigner := tests.NewSigner(priv) signature, pubKey, err := keyringSigner.SignByAddress(from, sigHash) suite.Require().NoError(err) @@ -104,35 +188,36 @@ func (suite *EIP712TestSuite) createTestEIP712CosmosTxBuilder( var option *codectypes.Any option, err = codectypes.NewAnyWithValue(ðerminttypes.ExtensionOptionsWeb3Tx{ FeePayer: from.String(), - TypedDataChainID: ethChainId, + TypedDataChainID: ethChainID, FeePayerSig: signature, }) suite.Require().NoError(err) - suite.clientCtx.TxConfig.SignModeHandler() - txBuilder := suite.clientCtx.TxConfig.NewTxBuilder() - builder, ok := txBuilder.(authtx.ExtensionOptionsTxBuilder) - suite.Require().True(ok) - - builder.SetExtensionOptions(option) - builder.SetFeeAmount(gasAmount) - builder.SetGasLimit(gas) - - sigsV2 := signing.SignatureV2{ - PubKey: pubKey, - Data: &signing.SingleSignatureData{ - SignMode: signing.SignMode_SIGN_MODE_LEGACY_AMINO_JSON, - }, - Sequence: nonce, - } - - err = builder.SetSignatures(sigsV2) - suite.Require().NoError(err) - - err = builder.SetMsgs(msgs...) - suite.Require().NoError(err) + return suite.buildTransaction( + gasAmount, + msgs, + nonce, + pubKey, + option, + ) +} - return builder +func (suite *EIP712TestSuite) createTestEIP712CosmosTxBuilder( + from sdk.AccAddress, + priv cryptotypes.PrivKey, + chainID string, + gasAmount sdk.Coins, + msgs []sdk.Msg, +) client.TxBuilder { + return suite.createTestEIP712CosmosTxBuilderWithDomain( + from, + priv, + chainID, + gasAmount, + msgs, + nil, + nil, + ) } func (suite *EIP712TestSuite) SetupTest() { @@ -313,6 +398,7 @@ func (suite *EIP712TestSuite) SetupTest() { suite.ctx = ctx // We need to set the validator as calling the EVM looks up the validator address + //nolint:lll // ignore long line for link // https://github.com/evmos/ethermint/blob/f21592ebfe74da7590eb42ed926dae970b2a9a3f/x/evm/keeper/state_transition.go#L487 // evmkeeper.EVMConfig() will return error "failed to load evm config" if not set valAcc := ðerminttypes.EthAccount{ @@ -329,7 +415,7 @@ func (suite *EIP712TestSuite) SetupTest() { tApp.GetStakingKeeper().SetValidator(ctx, validator) // Deploy an ERC20 contract for USDC - contractAddr := suite.deployUSDCERC20(tApp, ctx) + contractAddr := suite.deployUSDCERC20() pair := evmutiltypes.NewConversionPair( contractAddr, USDCCoinDenom, @@ -422,21 +508,22 @@ func (suite *EIP712TestSuite) SetupTest() { }, }, } - evmKeeper.SetParams(suite.ctx, params) + err = evmKeeper.SetParams(suite.ctx, params) + suite.Require().NoError(err) // give test address 50k erc20 usdc to begin with initBal := suite.getEVMAmount(50_000) err = suite.evmutilKeeper.MintERC20( ctx, pair.GetAddress(), // contractAddr - suite.testEVMAddr, //receiver + suite.testEVMAddr, // receiver initBal.BigInt(), ) suite.Require().NoError(err) err = suite.evmutilKeeper.MintERC20( ctx, pair.GetAddress(), // contractAddr - suite.testEVMAddr2, //receiver + suite.testEVMAddr2, // receiver initBal.BigInt(), ) suite.Require().NoError(err) @@ -452,7 +539,7 @@ func (suite *EIP712TestSuite) SetupTest() { func (suite *EIP712TestSuite) Commit() { _ = suite.tApp.Commit() header := suite.ctx.BlockHeader() - header.Height += 1 + header.Height++ suite.tApp.BeginBlock(abci.RequestBeginBlock{ Header: header, }) @@ -461,13 +548,14 @@ func (suite *EIP712TestSuite) Commit() { suite.ctx = suite.tApp.NewContext(false, header) } -func (suite *EIP712TestSuite) deployUSDCERC20(app app.TestApp, ctx sdk.Context) evmutiltypes.InternalEVMAddress { +func (suite *EIP712TestSuite) deployUSDCERC20() evmutiltypes.InternalEVMAddress { // make sure module account is created - suite.tApp.FundModuleAccount( + err := suite.tApp.FundModuleAccount( suite.ctx, evmutiltypes.ModuleName, sdk.NewCoins(sdk.NewCoin("ukava", sdkmath.NewInt(0))), ) + suite.Require().NoError(err) contractAddr, err := suite.evmutilKeeper.DeployTestMintableERC20Contract(suite.ctx, "USDC", "USDC", uint8(18)) suite.Require().NoError(err) @@ -544,13 +632,14 @@ func (suite *EIP712TestSuite) TestEIP712Tx() { usdxToMintAmt: 90, failCheckTx: true, errMsg: "tx intended signer does not match the given signer", - updateTx: func(txBuilder client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { - var option *codectypes.Any - option, _ = codectypes.NewAnyWithValue(ðerminttypes.ExtensionOptionsWeb3Tx{ + updateTx: func(txBuilder client.TxBuilder, _ []sdk.Msg) client.TxBuilder { + option, err := codectypes.NewAnyWithValue(ðerminttypes.ExtensionOptionsWeb3Tx{ FeePayer: suite.testAddr.String(), TypedDataChainID: 2221, FeePayerSig: []byte("sig"), }) + suite.Require().NoError(err) + builder, _ := txBuilder.(authtx.ExtensionOptionsTxBuilder) builder.SetExtensionOptions(option) return txBuilder @@ -561,10 +650,16 @@ func (suite *EIP712TestSuite) TestEIP712Tx() { usdcDepositAmt: 100, usdxToMintAmt: 90, errMsg: "insufficient funds", - updateTx: func(txBuilder client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { + updateTx: func(txBuilder client.TxBuilder, _ []sdk.Msg) client.TxBuilder { bk := suite.tApp.GetBankKeeper() gasCoins := bk.GetBalance(suite.ctx, suite.testAddr, "ukava") - suite.tApp.GetBankKeeper().SendCoins(suite.ctx, suite.testAddr, suite.testAddr2, sdk.NewCoins(gasCoins)) + err := suite.tApp.GetBankKeeper().SendCoins( + suite.ctx, + suite.testAddr, + suite.testAddr2, + sdk.NewCoins(gasCoins), + ) + suite.Require().NoError(err) return txBuilder }, }, @@ -574,10 +669,14 @@ func (suite *EIP712TestSuite) TestEIP712Tx() { usdxToMintAmt: 90, failCheckTx: true, errMsg: "invalid chain-id", - updateTx: func(txBuilder client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { + updateTx: func(_ client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { gasAmt := sdk.NewCoins(sdk.NewCoin("ukava", sdkmath.NewInt(20))) return suite.createTestEIP712CosmosTxBuilder( - suite.testAddr, suite.testPrivKey, "kavatest_12-1", uint64(sims.DefaultGenTxGas*10), gasAmt, msgs, + suite.testAddr, + suite.testPrivKey, + "kavatest_12-1", + gasAmt, + msgs, ) }, }, @@ -587,10 +686,182 @@ func (suite *EIP712TestSuite) TestEIP712Tx() { usdxToMintAmt: 90, failCheckTx: true, errMsg: "invalid pubkey", - updateTx: func(txBuilder client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { + updateTx: func(_ client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { gasAmt := sdk.NewCoins(sdk.NewCoin("ukava", sdkmath.NewInt(20))) return suite.createTestEIP712CosmosTxBuilder( - suite.testAddr2, suite.testPrivKey2, ChainID, uint64(sims.DefaultGenTxGas*10), gasAmt, msgs, + suite.testAddr2, + suite.testPrivKey2, + ChainID, + gasAmt, + msgs, + ) + }, + }, + { + name: "passes when domain matches expected fields", + usdcDepositAmt: 100, + usdxToMintAmt: 90, + failCheckTx: false, + errMsg: "", + updateTx: func(_ client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { + gasAmt := sdk.NewCoins(sdk.NewCoin("ukava", sdkmath.NewInt(20))) + + pc, err := etherminttypes.ParseChainID(ChainID) + suite.Require().NoError(err) + ethChainID := pc.Int64() + + // Expected domain used in Ethermint ante handler + // These are explicitly set in this test to ensure Ethermint + // is using the expected domain for signature verification + domain := apitypes.TypedDataDomain{ + Name: "Kava Cosmos", + Version: "1.0.0", + ChainId: math.NewHexOrDecimal256(ethChainID), + + // Both should be omitted + Salt: "", + VerifyingContract: "", + } + + // Must be in order as defined in EIP-712 + // https://eips.ethereum.org/EIPS/eip-712#definition-of-domainseparator + // Internally the data is written in order of the types + domainTypes := []apitypes.Type{ + { + Name: "name", + Type: "string", + }, + { + Name: "version", + Type: "string", + }, + { + Name: "chainId", + Type: "uint256", + }, + // Exclude empty fields + } + + return suite.createTestEIP712CosmosTxBuilderWithDomain( + suite.testAddr, + suite.testPrivKey, + ChainID, + gasAmt, + msgs, + &domain, + domainTypes, + ) + }, + }, + { + name: "fails when domain.verifyingContract is non-empty string type", + usdcDepositAmt: 100, + usdxToMintAmt: 90, + failCheckTx: true, + errMsg: "signature verification failed", + updateTx: func(_ client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { + gasAmt := sdk.NewCoins(sdk.NewCoin("ukava", sdkmath.NewInt(20))) + + pc, err := etherminttypes.ParseChainID(ChainID) + suite.Require().NoError(err) + ethChainID := pc.Int64() + + // Domain and types are **not** included in the tx data. + // Both signature creation on client & verification in ante + // should match to produce a matching signature hash. + domain := apitypes.TypedDataDomain{ + Name: "Kava Cosmos", + Version: "1.0.0", + ChainId: math.NewHexOrDecimal256(ethChainID), + + Salt: "", + // Original value with string type instead of address. + // This has been changed to expect empty field + VerifyingContract: "kavaCosmos", + } + + domainTypes := []apitypes.Type{ + { + Name: "name", + Type: "string", + }, + { + Name: "version", + Type: "string", + }, + { + Name: "chainId", + Type: "uint256", + }, + { + Name: "verifyingContract", + // Incorrect! but old type in kava <= v0.26.0 + Type: "string", + }, + } + + return suite.createTestEIP712CosmosTxBuilderWithDomain( + suite.testAddr, + suite.testPrivKey, + ChainID, + gasAmt, + msgs, + &domain, + domainTypes, + ) + }, + }, + { + name: "fails when domain.verifyingContract is non-empty address type", + usdcDepositAmt: 100, + usdxToMintAmt: 90, + failCheckTx: true, + errMsg: "signature verification failed", + updateTx: func(_ client.TxBuilder, msgs []sdk.Msg) client.TxBuilder { + gasAmt := sdk.NewCoins(sdk.NewCoin("ukava", sdkmath.NewInt(20))) + + pc, err := etherminttypes.ParseChainID(ChainID) + suite.Require().NoError(err) + ethChainID := pc.Int64() + + domain := apitypes.TypedDataDomain{ + Name: "Kava Cosmos", + Version: "1.0.0", + ChainId: math.NewHexOrDecimal256(ethChainID), + + Salt: "", + // Address type + VerifyingContract: "0xc6d953c98f260cb7c3667cac87e5d508a0a81277", + } + + domainTypes := []apitypes.Type{ + { + Name: "name", + Type: "string", + }, + { + Name: "version", + Type: "string", + }, + { + Name: "chainId", + Type: "uint256", + }, + { + Name: "verifyingContract", + // Correct type, but is value is not empty when its expected to be + Type: "address", + }, + } + + return suite.createTestEIP712CosmosTxBuilderWithDomain( + suite.testAddr, + suite.testPrivKey, + ChainID, + gasAmt, + msgs, + &domain, + domainTypes, ) }, }, @@ -630,7 +901,11 @@ func (suite *EIP712TestSuite) TestEIP712Tx() { gasAmt := sdk.NewCoins(sdk.NewCoin("ukava", sdkmath.NewInt(20))) txBuilder := suite.createTestEIP712CosmosTxBuilder( - suite.testAddr, suite.testPrivKey, ChainID, uint64(sims.DefaultGenTxGas*10), gasAmt, msgs, + suite.testAddr, + suite.testPrivKey, + ChainID, + gasAmt, + msgs, ) if tc.updateTx != nil { txBuilder = tc.updateTx(txBuilder, msgs) @@ -670,13 +945,13 @@ func (suite *EIP712TestSuite) TestEIP712Tx() { suite.Require().True(found) suite.Require().Equal(suite.testAddr, cdp.Owner) suite.Require().Equal(sdk.NewCoin(USDCCoinDenom, suite.getEVMAmount(100)), cdp.Collateral) - suite.Require().Equal(sdk.NewCoin("usdx", sdkmath.NewInt(99_000_000)), cdp.Principal) + suite.Require().Equal(sdk.NewCoin("usdx", usdxAmt), cdp.Principal) // validate hard hardDeposit, found := suite.tApp.GetHardKeeper().GetDeposit(suite.ctx, suite.testAddr) suite.Require().True(found) suite.Require().Equal(suite.testAddr, hardDeposit.Depositor) - suite.Require().Equal(sdk.NewCoins(sdk.NewCoin("usdx", sdkmath.NewInt(99_000_000))), hardDeposit.Amount) + suite.Require().Equal(sdk.NewCoins(sdk.NewCoin("usdx", usdxAmt)), hardDeposit.Amount) } else { suite.Require().NotEqual(resDeliverTx.Code, uint32(0), resCheckTx.Log) suite.Require().Contains(resDeliverTx.Log, tc.errMsg) @@ -716,7 +991,11 @@ func (suite *EIP712TestSuite) TestEIP712Tx_DepositAndWithdraw() { // deliver deposit msg gasAmt := sdk.NewCoins(sdk.NewCoin("ukava", sdkmath.NewInt(20))) txBuilder := suite.createTestEIP712CosmosTxBuilder( - suite.testAddr, suite.testPrivKey, ChainID, uint64(sims.DefaultGenTxGas*10), gasAmt, depositMsgs, + suite.testAddr, + suite.testPrivKey, + ChainID, + gasAmt, + depositMsgs, ) txBytes, err := encodingConfig.TxConfig.TxEncoder()(txBuilder.GetTx()) suite.Require().NoError(err) @@ -761,7 +1040,11 @@ func (suite *EIP712TestSuite) TestEIP712Tx_DepositAndWithdraw() { // deliver withdraw msg txBuilder = suite.createTestEIP712CosmosTxBuilder( - suite.testAddr, suite.testPrivKey, ChainID, uint64(sims.DefaultGenTxGas*10), gasAmt, withdrawMsgs, + suite.testAddr, + suite.testPrivKey, + ChainID, + gasAmt, + withdrawMsgs, ) txBytes, err = encodingConfig.TxConfig.TxEncoder()(txBuilder.GetTx()) suite.Require().NoError(err) diff --git a/tests/e2e/testutil/eip712.go b/tests/e2e/testutil/eip712.go index f26ddf57f0..9347eb9118 100644 --- a/tests/e2e/testutil/eip712.go +++ b/tests/e2e/testutil/eip712.go @@ -62,6 +62,11 @@ func (suite *E2eTestSuite) NewEip712TxBuilder( }, evmParams.Params) suite.NoError(err) + // --- Validate the typed data for EMPTY EIP712 domain fields - verifyingContract and salt + // Related path for Metamask signing: https://github.com/Kava-Labs/ethermint/pull/75 + suite.Require().Equal("", typedData.Domain.VerifyingContract, "EIP712 domain.VerifyingContract should be empty") + suite.Require().Equal("", typedData.Domain.Salt, "EIP712 domain.Salt should be empty") + // -- raw data hash! data, err := eip712.ComputeTypedDataHash(typedData) suite.NoError(err)