diff --git a/contracts/AttestationAuther.sol b/contracts/AttestationAuther.sol index a7cd6fef..077c2122 100644 --- a/contracts/AttestationAuther.sol +++ b/contracts/AttestationAuther.sol @@ -2,7 +2,7 @@ pragma solidity ^0.8.0; -import "./interfaces/IAttestationVerifier.sol"; +import {IAttestationVerifier} from "./interfaces/IAttestationVerifier.sol"; /// @notice Contract that allows children to check if a given address belongs to a verified enclave. /// @dev The Oyster platform works on the basis of attestations to ensure security. These attestations contain a @@ -25,14 +25,14 @@ contract AttestationAuther { uint256 public immutable ATTESTATION_MAX_AGE; struct EnclaveImage { - bytes PCR0; - bytes PCR1; - bytes PCR2; + bytes pcr0; + bytes pcr1; + bytes pcr2; } - mapping(bytes32 => EnclaveImage) whitelistedImages; - mapping(address => bytes32) verifiedKeys; - mapping(bytes32 => mapping(bytes32 => bool)) imageFamilies; + mapping(bytes32 => EnclaveImage) public whitelistedImages; + mapping(address => bytes32) public verifiedKeys; + mapping(bytes32 => mapping(bytes32 => bool)) public imageFamilies; /// @notice Expected a pubkey with length equal to 64. error AttestationAutherPubkeyLengthInvalid(); @@ -49,8 +49,8 @@ contract AttestationAuther { /// @notice Expected the arrays to have equal lengths. error AttestationAutherMismatchedLengths(); - /// @notice Emitted when enclave image `imageId` with PCRs `(PCR0,PCR1,PCR2)` is whitelisted. - event EnclaveImageWhitelisted(bytes32 indexed imageId, bytes PCR0, bytes PCR1, bytes PCR2); + /// @notice Emitted when enclave image `imageId` with PCRs `(pcr0,pcr1,pcr2)` is whitelisted. + event EnclaveImageWhitelisted(bytes32 indexed imageId, bytes pcr0, bytes pcr1, bytes pcr2); /// @notice Emitted when enclave image `imageId` is revoked. event EnclaveImageRevoked(bytes32 indexed imageId); /// @notice Emitted when enclave image `imageId` is added to `family`. @@ -76,6 +76,7 @@ contract AttestationAuther { /// @notice Initializes the contract by whitelisting the provided enclave images. /// @param images Enclave images to be whitelisted. + // solhint-disable-next-line func-name-mixedcase function __AttestationAuther_constructor(EnclaveImage[] memory images) internal { for (uint256 i = 0; i < images.length; i++) { _whitelistEnclaveImage(images[i]); @@ -86,6 +87,7 @@ contract AttestationAuther { /// to the respective families. /// @param images Enclave images to be whitelisted. /// @param families Corresponding family for each enclave images. + // solhint-disable-next-line func-name-mixedcase function __AttestationAuther_constructor(EnclaveImage[] memory images, bytes32[] memory families) internal { if (!(images.length == families.length)) revert AttestationAutherMismatchedLengths(); for (uint256 i = 0; i < images.length; i++) { @@ -109,14 +111,14 @@ contract AttestationAuther { /// @param image Image to be whitelisted. /// @return Computed image id and true if the image was freshly whitelisted, false otherwise. function _whitelistEnclaveImage(EnclaveImage memory image) internal virtual returns (bytes32, bool) { - if (!(image.PCR0.length == 48 && image.PCR1.length == 48 && image.PCR2.length == 48)) + if (!(image.pcr0.length == 48 && image.pcr1.length == 48 && image.pcr2.length == 48)) revert AttestationAutherPCRsInvalid(); - bytes32 imageId = keccak256(abi.encodePacked(image.PCR0, image.PCR1, image.PCR2)); - if (!(whitelistedImages[imageId].PCR0.length == 0)) return (imageId, false); + bytes32 imageId = keccak256(abi.encodePacked(image.pcr0, image.pcr1, image.pcr2)); + if (!(whitelistedImages[imageId].pcr0.length == 0)) return (imageId, false); - whitelistedImages[imageId] = EnclaveImage(image.PCR0, image.PCR1, image.PCR2); - emit EnclaveImageWhitelisted(imageId, image.PCR0, image.PCR1, image.PCR2); + whitelistedImages[imageId] = EnclaveImage(image.pcr0, image.pcr1, image.pcr2); + emit EnclaveImageWhitelisted(imageId, image.pcr0, image.pcr1, image.pcr2); return (imageId, true); } @@ -126,7 +128,7 @@ contract AttestationAuther { /// @param imageId Image to be revoked. /// @return true if the image was freshly revoked, false otherwise. function _revokeEnclaveImage(bytes32 imageId) internal virtual returns (bool) { - if (!(whitelistedImages[imageId].PCR0.length != 0)) return false; + if (!(whitelistedImages[imageId].pcr0.length != 0)) return false; delete whitelistedImages[imageId]; emit EnclaveImageRevoked(imageId); @@ -168,7 +170,7 @@ contract AttestationAuther { /// @param imageId Image to be whitelisted against. /// @return true if the key was freshly whitelisted against the image, false otherwise. function _whitelistEnclaveKey(bytes memory enclavePubKey, bytes32 imageId) internal virtual returns (bool) { - if (!(whitelistedImages[imageId].PCR0.length != 0)) revert AttestationAutherImageNotWhitelisted(); + if (!(whitelistedImages[imageId].pcr0.length != 0)) revert AttestationAutherImageNotWhitelisted(); address enclaveAddress = _pubKeyToAddress(enclavePubKey); if (!(verifiedKeys[enclaveAddress] == bytes32(0))) return false; @@ -201,8 +203,8 @@ contract AttestationAuther { bytes memory signature, IAttestationVerifier.Attestation memory attestation ) internal virtual returns (bool) { - bytes32 imageId = keccak256(abi.encodePacked(attestation.PCR0, attestation.PCR1, attestation.PCR2)); - if (!(whitelistedImages[imageId].PCR0.length != 0)) revert AttestationAutherImageNotWhitelisted(); + bytes32 imageId = keccak256(abi.encodePacked(attestation.pcr0, attestation.pcr1, attestation.pcr2)); + if (!(whitelistedImages[imageId].pcr0.length != 0)) revert AttestationAutherImageNotWhitelisted(); if (!(attestation.timestampInMilliseconds / 1000 > block.timestamp - ATTESTATION_MAX_AGE)) revert AttestationAutherAttestationTooOld(); @@ -234,7 +236,7 @@ contract AttestationAuther { function _allowOnlyVerified(address key) internal view virtual { bytes32 imageId = verifiedKeys[key]; if (!(imageId != bytes32(0))) revert AttestationAutherKeyNotVerified(); - if (!(whitelistedImages[imageId].PCR0.length != 0)) revert AttestationAutherImageNotWhitelisted(); + if (!(whitelistedImages[imageId].pcr0.length != 0)) revert AttestationAutherImageNotWhitelisted(); } /// @notice Returns only if the key is from a verified enclave of the given family, reverts otherwise. @@ -243,7 +245,7 @@ contract AttestationAuther { function _allowOnlyVerifiedFamily(address key, bytes32 family) internal view virtual { bytes32 imageId = verifiedKeys[key]; if (!(imageId != bytes32(0))) revert AttestationAutherKeyNotVerified(); - if (!(whitelistedImages[imageId].PCR0.length != 0)) revert AttestationAutherImageNotWhitelisted(); + if (!(whitelistedImages[imageId].pcr0.length != 0)) revert AttestationAutherImageNotWhitelisted(); if (!(imageFamilies[family][imageId])) revert AttestationAutherImageNotInFamily(); } diff --git a/contracts/AttestationAutherSample.sol b/contracts/AttestationAutherSample.sol index 435416cf..fc3bf190 100644 --- a/contracts/AttestationAutherSample.sol +++ b/contracts/AttestationAutherSample.sol @@ -2,12 +2,12 @@ pragma solidity ^0.8.0; -import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; -import "@openzeppelin/contracts/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts/utils/Context.sol"; -import "@openzeppelin/contracts/utils/introspection/ERC165.sol"; -import "@openzeppelin/contracts/access/AccessControl.sol"; -import "./AttestationAuther.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {Context} from "@openzeppelin/contracts/utils/Context.sol"; +import {ERC165} from "@openzeppelin/contracts/utils/introspection/ERC165.sol"; +import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol"; +import {AttestationAuther} from "./AttestationAuther.sol"; +import {IAttestationVerifier} from "./interfaces/IAttestationVerifier.sol"; contract AttestationAutherSample is Context, // _msgSender, _msgData @@ -55,11 +55,11 @@ contract AttestationAutherSample is //-------------------------------- Admin methods start --------------------------------// function whitelistEnclaveImage( - bytes memory PCR0, - bytes memory PCR1, - bytes memory PCR2 + bytes memory pcr0, + bytes memory pcr1, + bytes memory pcr2 ) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bytes32, bool) { - return _whitelistEnclaveImage(EnclaveImage(PCR0, PCR1, PCR2)); + return _whitelistEnclaveImage(EnclaveImage(pcr0, pcr1, pcr2)); } function revokeEnclaveImage(bytes32 imageId) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bool) { diff --git a/contracts/AttestationAutherSampleUpgradeable.sol b/contracts/AttestationAutherSampleUpgradeable.sol index 32ee51a1..a59053f7 100644 --- a/contracts/AttestationAutherSampleUpgradeable.sol +++ b/contracts/AttestationAutherSampleUpgradeable.sol @@ -2,13 +2,14 @@ pragma solidity ^0.8.0; -import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "./AttestationAutherUpgradeable.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {AttestationAutherUpgradeable} from "./AttestationAutherUpgradeable.sol"; +import {IAttestationVerifier} from "./interfaces/IAttestationVerifier.sol"; contract AttestationAutherSampleUpgradeable is Initializable, // initializer @@ -19,6 +20,7 @@ contract AttestationAutherSampleUpgradeable is AttestationAutherUpgradeable // auther { // in case we add more contracts in the inheritance chain + // solhint-disable-next-line var-name-mixedcase uint256[500] private __gap_0; /// @custom:oz-upgrades-unsafe-allow constructor @@ -39,6 +41,7 @@ contract AttestationAutherSampleUpgradeable is return super.supportsInterface(interfaceId); } + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// @@ -83,11 +86,11 @@ contract AttestationAutherSampleUpgradeable is //-------------------------------- Admin methods start --------------------------------// function whitelistEnclaveImage( - bytes memory PCR0, - bytes memory PCR1, - bytes memory PCR2 + bytes memory pcr0, + bytes memory pcr1, + bytes memory pcr2 ) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bytes32, bool) { - return _whitelistEnclaveImage(EnclaveImage(PCR0, PCR1, PCR2)); + return _whitelistEnclaveImage(EnclaveImage(pcr0, pcr1, pcr2)); } function revokeEnclaveImage(bytes32 imageId) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bool) { diff --git a/contracts/AttestationAutherUpgradeable.sol b/contracts/AttestationAutherUpgradeable.sol index 051b8f35..8fb1ba72 100644 --- a/contracts/AttestationAutherUpgradeable.sol +++ b/contracts/AttestationAutherUpgradeable.sol @@ -2,8 +2,8 @@ pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "./interfaces/IAttestationVerifier.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {IAttestationVerifier} from "./interfaces/IAttestationVerifier.sol"; /// @notice Contract that allows children to check if a given address belongs to a verified enclave. /// @dev The Oyster platform works on the basis of attestations to ensure security. These attestations contain a @@ -40,9 +40,9 @@ contract AttestationAutherUpgradeable is } struct EnclaveImage { - bytes PCR0; - bytes PCR1; - bytes PCR2; + bytes pcr0; + bytes pcr1; + bytes pcr2; } /// @custom:storage-location erc7201:marlin.oyster.storage.AttestationAuther @@ -53,12 +53,13 @@ contract AttestationAutherUpgradeable is } // keccak256(abi.encode(uint256(keccak256("marlin.oyster.storage.AttestationAuther")) - 1)) & ~bytes32(uint256(0xff)) - bytes32 private constant AttestationAutherStorageLocation = + bytes32 private constant ATTESTATION_AUTHER_STORAGE_LOCATION = 0xc17b4b708b6f44255c20913a9d97a05300b670342c71fe5ae5b617bd4db55000; function _getAttestationAutherStorage() private pure returns (AttestationAutherStorage storage $) { + // solhint-disable-next-line no-inline-assembly assembly { - $.slot := AttestationAutherStorageLocation + $.slot := ATTESTATION_AUTHER_STORAGE_LOCATION } } @@ -77,8 +78,8 @@ contract AttestationAutherUpgradeable is /// @notice Expected the arrays to have equal lengths. error AttestationAutherMismatchedLengths(); - /// @notice Emitted when enclave image `imageId` with PCRs `(PCR0,PCR1,PCR2)` is whitelisted. - event EnclaveImageWhitelisted(bytes32 indexed imageId, bytes PCR0, bytes PCR1, bytes PCR2); + /// @notice Emitted when enclave image `imageId` with PCRs `(pcr0,pcr1,pcr2)` is whitelisted. + event EnclaveImageWhitelisted(bytes32 indexed imageId, bytes pcr0, bytes pcr1, bytes pcr2); /// @notice Emitted when enclave image `imageId` is revoked. event EnclaveImageRevoked(bytes32 indexed imageId); /// @notice Emitted when enclave image `imageId` is added to `family`. @@ -94,6 +95,7 @@ contract AttestationAutherUpgradeable is /// @notice Initializes the contract by whitelisting the provided enclave images. /// @param images Enclave images to be whitelisted. + // solhint-disable-next-line func-name-mixedcase function __AttestationAuther_init_unchained(EnclaveImage[] memory images) internal onlyInitializing { for (uint256 i = 0; i < images.length; i++) { _whitelistEnclaveImage(images[i]); @@ -104,6 +106,7 @@ contract AttestationAutherUpgradeable is /// to the respective families. /// @param images Enclave images to be whitelisted. /// @param families Corresponding family for each enclave images. + // solhint-disable-next-line func-name-mixedcase function __AttestationAuther_init_unchained( EnclaveImage[] memory images, bytes32[] memory families @@ -132,14 +135,14 @@ contract AttestationAutherUpgradeable is function _whitelistEnclaveImage(EnclaveImage memory image) internal virtual returns (bytes32, bool) { AttestationAutherStorage storage $ = _getAttestationAutherStorage(); - if (!(image.PCR0.length == 48 && image.PCR1.length == 48 && image.PCR2.length == 48)) + if (!(image.pcr0.length == 48 && image.pcr1.length == 48 && image.pcr2.length == 48)) revert AttestationAutherPCRsInvalid(); - bytes32 imageId = keccak256(abi.encodePacked(image.PCR0, image.PCR1, image.PCR2)); - if (!($.whitelistedImages[imageId].PCR0.length == 0)) return (imageId, false); + bytes32 imageId = keccak256(abi.encodePacked(image.pcr0, image.pcr1, image.pcr2)); + if (!($.whitelistedImages[imageId].pcr0.length == 0)) return (imageId, false); - $.whitelistedImages[imageId] = EnclaveImage(image.PCR0, image.PCR1, image.PCR2); - emit EnclaveImageWhitelisted(imageId, image.PCR0, image.PCR1, image.PCR2); + $.whitelistedImages[imageId] = EnclaveImage(image.pcr0, image.pcr1, image.pcr2); + emit EnclaveImageWhitelisted(imageId, image.pcr0, image.pcr1, image.pcr2); return (imageId, true); } @@ -151,7 +154,7 @@ contract AttestationAutherUpgradeable is function _revokeEnclaveImage(bytes32 imageId) internal virtual returns (bool) { AttestationAutherStorage storage $ = _getAttestationAutherStorage(); - if (!($.whitelistedImages[imageId].PCR0.length != 0)) return false; + if (!($.whitelistedImages[imageId].pcr0.length != 0)) return false; delete $.whitelistedImages[imageId]; emit EnclaveImageRevoked(imageId); @@ -199,7 +202,7 @@ contract AttestationAutherUpgradeable is function _whitelistEnclaveKey(bytes memory enclavePubKey, bytes32 imageId) internal virtual returns (bool) { AttestationAutherStorage storage $ = _getAttestationAutherStorage(); - if (!($.whitelistedImages[imageId].PCR0.length != 0)) revert AttestationAutherImageNotWhitelisted(); + if (!($.whitelistedImages[imageId].pcr0.length != 0)) revert AttestationAutherImageNotWhitelisted(); address enclaveAddress = _pubKeyToAddress(enclavePubKey); if (!($.verifiedKeys[enclaveAddress] == bytes32(0))) return false; @@ -236,8 +239,8 @@ contract AttestationAutherUpgradeable is ) internal virtual returns (bool) { AttestationAutherStorage storage $ = _getAttestationAutherStorage(); - bytes32 imageId = keccak256(abi.encodePacked(attestation.PCR0, attestation.PCR1, attestation.PCR2)); - if (!($.whitelistedImages[imageId].PCR0.length != 0)) revert AttestationAutherImageNotWhitelisted(); + bytes32 imageId = keccak256(abi.encodePacked(attestation.pcr0, attestation.pcr1, attestation.pcr2)); + if (!($.whitelistedImages[imageId].pcr0.length != 0)) revert AttestationAutherImageNotWhitelisted(); if (!(attestation.timestampInMilliseconds / 1000 > block.timestamp - ATTESTATION_MAX_AGE)) revert AttestationAutherAttestationTooOld(); @@ -271,7 +274,7 @@ contract AttestationAutherUpgradeable is bytes32 imageId = $.verifiedKeys[key]; if (!(imageId != bytes32(0))) revert AttestationAutherKeyNotVerified(); - if (!($.whitelistedImages[imageId].PCR0.length != 0)) revert AttestationAutherImageNotWhitelisted(); + if (!($.whitelistedImages[imageId].pcr0.length != 0)) revert AttestationAutherImageNotWhitelisted(); } /// @notice Returns only if the key is from a verified enclave of the given family, reverts otherwise. @@ -282,7 +285,7 @@ contract AttestationAutherUpgradeable is bytes32 imageId = $.verifiedKeys[key]; if (!(imageId != bytes32(0))) revert AttestationAutherKeyNotVerified(); - if (!($.whitelistedImages[imageId].PCR0.length != 0)) revert AttestationAutherImageNotWhitelisted(); + if (!($.whitelistedImages[imageId].pcr0.length != 0)) revert AttestationAutherImageNotWhitelisted(); if (!($.imageFamilies[family][imageId])) revert AttestationAutherImageNotInFamily(); } diff --git a/contracts/AttestationVerifier.sol b/contracts/AttestationVerifier.sol index 282730cb..34288245 100644 --- a/contracts/AttestationVerifier.sol +++ b/contracts/AttestationVerifier.sol @@ -2,13 +2,13 @@ pragma solidity ^0.8.0; -import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "./interfaces/IAttestationVerifier.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {IAttestationVerifier} from "./interfaces/IAttestationVerifier.sol"; contract AttestationVerifier is Initializable, // initializer @@ -19,6 +19,7 @@ contract AttestationVerifier is IAttestationVerifier // interface { // in case we add more contracts in the inheritance chain + // solhint-disable-next-line var-name-mixedcase uint256[500] private __gap_0; /// @custom:oz-upgrades-unsafe-allow constructor @@ -38,6 +39,7 @@ contract AttestationVerifier is return super.supportsInterface(interfaceId); } + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// @@ -62,7 +64,7 @@ contract AttestationVerifier is _grantRole(DEFAULT_ADMIN_ROLE, _admin); - for (uint i = 0; i < enclaveKeys.length; i++) { + for (uint256 i = 0; i < enclaveKeys.length; i++) { (bytes32 imageId, ) = _whitelistEnclaveImage(images[i]); _whitelistEnclaveKey(enclaveKeys[i], imageId); } @@ -73,9 +75,9 @@ contract AttestationVerifier is //-------------------------------- Declarations start --------------------------------// struct EnclaveImage { - bytes PCR0; - bytes PCR1; - bytes PCR2; + bytes pcr0; + bytes pcr1; + bytes pcr2; } // ImageId -> image details @@ -83,6 +85,7 @@ contract AttestationVerifier is // enclaveAddress -> ImageId mapping(address => bytes32) public verifiedKeys; + // solhint-disable-next-line var-name-mixedcase uint256[48] private __gap_1; //-------------------------------- Declarations end --------------------------------// @@ -95,7 +98,7 @@ contract AttestationVerifier is error AttestationVerifierImageNotWhitelisted(); error AttestationVerifierKeyNotVerified(); - event EnclaveImageWhitelisted(bytes32 indexed imageId, bytes PCR0, bytes PCR1, bytes PCR2); + event EnclaveImageWhitelisted(bytes32 indexed imageId, bytes pcr0, bytes pcr1, bytes pcr2); event EnclaveImageRevoked(bytes32 indexed imageId); event EnclaveKeyWhitelisted(address indexed enclaveAddress, bytes32 indexed imageId, bytes enclavePubKey); event EnclaveKeyRevoked(address indexed enclaveAddress); @@ -113,20 +116,20 @@ contract AttestationVerifier is } function _whitelistEnclaveImage(EnclaveImage memory image) internal returns (bytes32, bool) { - if (!(image.PCR0.length == 48 && image.PCR1.length == 48 && image.PCR2.length == 48)) + if (!(image.pcr0.length == 48 && image.pcr1.length == 48 && image.pcr2.length == 48)) revert AttestationVerifierPCRsInvalid(); - bytes32 imageId = keccak256(abi.encodePacked(image.PCR0, image.PCR1, image.PCR2)); - if (!(whitelistedImages[imageId].PCR0.length == 0)) return (imageId, false); + bytes32 imageId = keccak256(abi.encodePacked(image.pcr0, image.pcr1, image.pcr2)); + if (!(whitelistedImages[imageId].pcr0.length == 0)) return (imageId, false); - whitelistedImages[imageId] = EnclaveImage(image.PCR0, image.PCR1, image.PCR2); - emit EnclaveImageWhitelisted(imageId, image.PCR0, image.PCR1, image.PCR2); + whitelistedImages[imageId] = EnclaveImage(image.pcr0, image.pcr1, image.pcr2); + emit EnclaveImageWhitelisted(imageId, image.pcr0, image.pcr1, image.pcr2); return (imageId, true); } function _revokeEnclaveImage(bytes32 imageId) internal returns (bool) { - if (!(whitelistedImages[imageId].PCR0.length != 0)) return false; + if (!(whitelistedImages[imageId].pcr0.length != 0)) return false; delete whitelistedImages[imageId]; emit EnclaveImageRevoked(imageId); @@ -135,7 +138,7 @@ contract AttestationVerifier is } function _whitelistEnclaveKey(bytes memory enclavePubKey, bytes32 imageId) internal returns (bool) { - if (!(whitelistedImages[imageId].PCR0.length != 0)) revert AttestationVerifierImageNotWhitelisted(); + if (!(whitelistedImages[imageId].pcr0.length != 0)) revert AttestationVerifierImageNotWhitelisted(); address enclaveAddress = _pubKeyToAddress(enclavePubKey); if (!(verifiedKeys[enclaveAddress] == bytes32(0))) return false; @@ -156,11 +159,11 @@ contract AttestationVerifier is } function whitelistEnclaveImage( - bytes memory PCR0, - bytes memory PCR1, - bytes memory PCR2 + bytes memory pcr0, + bytes memory pcr1, + bytes memory pcr2 ) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bytes32, bool) { - return _whitelistEnclaveImage(EnclaveImage(PCR0, PCR1, PCR2)); + return _whitelistEnclaveImage(EnclaveImage(pcr0, pcr1, pcr2)); } function revokeEnclaveImage(bytes32 imageId) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bool) { @@ -189,8 +192,8 @@ contract AttestationVerifier is function _verifyEnclaveKey(bytes memory signature, Attestation memory attestation) internal returns (bool) { if (!(attestation.timestampInMilliseconds / 1000 > block.timestamp - MAX_AGE)) revert AttestationVerifierAttestationTooOld(); - bytes32 imageId = keccak256(abi.encodePacked(attestation.PCR0, attestation.PCR1, attestation.PCR2)); - if (!(whitelistedImages[imageId].PCR0.length != 0)) revert AttestationVerifierImageNotWhitelisted(); + bytes32 imageId = keccak256(abi.encodePacked(attestation.pcr0, attestation.pcr1, attestation.pcr2)); + if (!(whitelistedImages[imageId].pcr0.length != 0)) revert AttestationVerifierImageNotWhitelisted(); _verify(signature, attestation); @@ -228,9 +231,9 @@ contract AttestationVerifier is abi.encode( ATTESTATION_TYPEHASH, keccak256(attestation.enclavePubKey), - keccak256(attestation.PCR0), - keccak256(attestation.PCR1), - keccak256(attestation.PCR2), + keccak256(attestation.pcr0), + keccak256(attestation.pcr1), + keccak256(attestation.pcr2), attestation.timestampInMilliseconds ) ); @@ -240,7 +243,7 @@ contract AttestationVerifier is bytes32 imageId = verifiedKeys[signer]; if (!(imageId != bytes32(0))) revert AttestationVerifierKeyNotVerified(); - if (!(whitelistedImages[imageId].PCR0.length != 0)) revert AttestationVerifierImageNotWhitelisted(); + if (!(whitelistedImages[imageId].pcr0.length != 0)) revert AttestationVerifierImageNotWhitelisted(); } function verify(bytes memory signature, Attestation memory attestation) external view { diff --git a/contracts/MarketV1.sol b/contracts/MarketV1.sol index 2a3e68c5..3b01cdea 100644 --- a/contracts/MarketV1.sol +++ b/contracts/MarketV1.sol @@ -2,13 +2,13 @@ pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "./lock/LockUpgradeable.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {LockUpgradeable} from "./lock/LockUpgradeable.sol"; contract MarketV1 is Initializable, // initializer @@ -19,6 +19,7 @@ contract MarketV1 is LockUpgradeable // time locks { // in case we add more contracts in the inheritance chain + // solhint-disable-next-line var-name-mixedcase uint256[500] private __gap_0; /// @custom:oz-upgrades-unsafe-allow constructor @@ -38,12 +39,14 @@ contract MarketV1 is return super.supportsInterface(interfaceId); } + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// //-------------------------------- Initializer start --------------------------------// + // solhint-disable-next-line var-name-mixedcase uint256[50] private __gap_1; error MarketV1InitLengthMismatch(); @@ -77,6 +80,7 @@ contract MarketV1 is mapping(address => Provider) public providers; + // solhint-disable-next-line var-name-mixedcase uint256[49] private __gap_2; error MarketV1ProviderNotFound(); @@ -146,6 +150,7 @@ contract MarketV1 is IERC20 public token; uint256 public constant EXTRA_DECIMALS = 12; + // solhint-disable-next-line var-name-mixedcase uint256[47] private __gap_3; error MarketV1JobOnlyOwner(); diff --git a/contracts/interfaces/IAttestationVerifier.sol b/contracts/interfaces/IAttestationVerifier.sol index 2aa9c292..cb4b4202 100644 --- a/contracts/interfaces/IAttestationVerifier.sol +++ b/contracts/interfaces/IAttestationVerifier.sol @@ -5,9 +5,9 @@ pragma solidity ^0.8.0; interface IAttestationVerifier { struct Attestation { bytes enclavePubKey; - bytes PCR0; - bytes PCR1; - bytes PCR2; + bytes pcr0; + bytes pcr1; + bytes pcr2; uint256 timestampInMilliseconds; } function verify(bytes memory signature, Attestation memory attestation) external view; diff --git a/contracts/lock/LockUpgradeable.sol b/contracts/lock/LockUpgradeable.sol index 839779da..34721565 100644 --- a/contracts/lock/LockUpgradeable.sol +++ b/contracts/lock/LockUpgradeable.sol @@ -2,8 +2,7 @@ pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; contract LockUpgradeable is Initializable // initializer @@ -20,11 +19,12 @@ contract LockUpgradeable is } // keccak256(abi.encode(uint256(keccak256("marlin.oyster.storage.Lock")) - 1)) & ~bytes32(uint256(0xff)) - bytes32 private constant LockStorageLocation = 0x2ba99b043df9e6db72821769dcc0757c8c1b1dc979dd0c3217f2e035fed90700; + bytes32 private constant LOCK_STORAGE_LOCATION = 0x2ba99b043df9e6db72821769dcc0757c8c1b1dc979dd0c3217f2e035fed90700; function _getLockStorage() private pure returns (LockStorage storage $) { + // solhint-disable-next-line no-inline-assembly assembly { - $.slot := LockStorageLocation + $.slot := LOCK_STORAGE_LOCATION } } @@ -42,6 +42,7 @@ contract LockUpgradeable is event LockCreated(bytes32 indexed selector, bytes32 indexed key, uint256 iValue, uint256 unlockTime); event LockDeleted(bytes32 indexed selector, bytes32 indexed key, uint256 iValue); + // solhint-disable-next-line func-name-mixedcase function __Lock_init_unchained( bytes32[] memory _selectors, uint256[] memory _lockWaitTimes diff --git a/contracts/mocks/JobsMock.sol b/contracts/mocks/JobsMock.sol index fd123f35..02557965 100644 --- a/contracts/mocks/JobsMock.sol +++ b/contracts/mocks/JobsMock.sol @@ -20,14 +20,16 @@ contract JobsMock { }); } + /* solhint-disable no-unused-vars */ function createJob( uint8 _env, bytes32 _codehash, bytes memory _codeInputs, uint256 _deadline // in milliseconds - ) external returns (uint256) { + ) external pure returns (uint256) { revert JobsMockError(); } + /* solhint-enable no-unused-vars */ function getJobExecutionFeePerMs(uint8 _env) public view returns (uint256) { return executionEnv[_env].executionFeePerMs + executionEnv[_env].stakingRewardPerMs; diff --git a/contracts/mocks/JobsUser.sol b/contracts/mocks/JobsUser.sol index 25207da9..e747cee1 100644 --- a/contracts/mocks/JobsUser.sol +++ b/contracts/mocks/JobsUser.sol @@ -1,8 +1,8 @@ // SPDX-License-Identifier: SEE LICENSE IN LICENSE pragma solidity ^0.8.0; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; contract JobsUser { using SafeERC20 for IERC20; @@ -30,6 +30,7 @@ contract JobsUser { ) external payable returns (bool success) { token.safeIncreaseAllowance(jobs, _usdcDeposit); + // solhint-disable-next-line avoid-low-level-calls (bool _success, ) = jobs.call( abi.encodeWithSignature( "createJob(uint8,bytes32,bytes,uint256)", diff --git a/contracts/mocks/Pond.sol b/contracts/mocks/Pond.sol index b4d8e718..884a0c92 100644 --- a/contracts/mocks/Pond.sol +++ b/contracts/mocks/Pond.sol @@ -2,9 +2,9 @@ pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; // stripped down Pond contract for use in tests // DO NOT use as a real token @@ -31,5 +31,6 @@ contract Pond is _mint(msg.sender, 10000000000e18); } + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override {} } diff --git a/contracts/mocks/USDCoin.sol b/contracts/mocks/USDCoin.sol index c29572b6..286d091d 100644 --- a/contracts/mocks/USDCoin.sol +++ b/contracts/mocks/USDCoin.sol @@ -2,10 +2,10 @@ // Compatible with OpenZeppelin Contracts ^5.0.0 pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {ERC20Upgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol"; +import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; contract USDCoin is Initializable, ERC20Upgradeable, OwnableUpgradeable, UUPSUpgradeable { /// @custom:oz-upgrades-unsafe-allow constructor @@ -21,6 +21,7 @@ contract USDCoin is Initializable, ERC20Upgradeable, OwnableUpgradeable, UUPSUpg _mint(msg.sender, 10000 * 10 ** decimals()); } + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address newImplementation) internal override onlyOwner {} function mint(address to, uint256 amount) public onlyOwner { diff --git a/contracts/serverless-v2/Executors.sol b/contracts/serverless-v2/Executors.sol index e02806e0..5815c559 100644 --- a/contracts/serverless-v2/Executors.sol +++ b/contracts/serverless-v2/Executors.sol @@ -1,17 +1,17 @@ // SPDX-License-Identifier: UNLICENSED pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; -import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; -import "../AttestationAutherUpgradeable.sol"; -import "./tree/TreeMapUpgradeable.sol"; -import "../interfaces/IAttestationVerifier.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {AttestationAutherUpgradeable} from "../AttestationAutherUpgradeable.sol"; +import {TreeMapUpgradeable} from "./tree/TreeMapUpgradeable.sol"; +import {IAttestationVerifier} from "../interfaces/IAttestationVerifier.sol"; /** * @title Executors Contract @@ -75,6 +75,7 @@ contract Executors is } /// @inheritdoc UUPSUpgradeable + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// @@ -223,18 +224,18 @@ contract Executors is /** * @notice Whitelists an enclave image for use by executors. - * @param PCR0 The first PCR value. - * @param PCR1 The second PCR value. - * @param PCR2 The third PCR value. + * @param pcr0 The first PCR value. + * @param pcr1 The second PCR value. + * @param pcr2 The third PCR value. * @return imageId The ID of the whitelisted image. * @return success Boolean indicating whether the image was successfully whitelisted. */ function whitelistEnclaveImage( - bytes memory PCR0, - bytes memory PCR1, - bytes memory PCR2 + bytes memory pcr0, + bytes memory pcr1, + bytes memory pcr2 ) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bytes32, bool) { - return _whitelistEnclaveImage(EnclaveImage(PCR0, PCR1, PCR2)); + return _whitelistEnclaveImage(EnclaveImage(pcr0, pcr1, pcr2)); } /** diff --git a/contracts/serverless-v2/GatewayJobs.sol b/contracts/serverless-v2/GatewayJobs.sol index d17ba0c1..89004f95 100644 --- a/contracts/serverless-v2/GatewayJobs.sol +++ b/contracts/serverless-v2/GatewayJobs.sol @@ -1,16 +1,16 @@ // SPDX-License-Identifier: UNLICENSED pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; -import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; -import "./Gateways.sol"; -import "./Jobs.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {Gateways} from "./Gateways.sol"; +import {Jobs} from "./Jobs.sol"; /** * @title GatewayJobs Contract @@ -84,6 +84,7 @@ contract GatewayJobs is } /// @inheritdoc UUPSUpgradeable + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// @@ -552,7 +553,7 @@ contract GatewayJobs is } function _oysterFailureCall(uint256 _execJobId, uint256 _slashAmount) internal { - uint jobId = execJobs[_execJobId]; + uint256 jobId = execJobs[_execJobId]; address gateway = relayJobs[jobId].gateway; uint256 usdcDeposit = relayJobs[jobId].usdcDeposit; address jobOwner = relayJobs[jobId].jobOwner; diff --git a/contracts/serverless-v2/Gateways.sol b/contracts/serverless-v2/Gateways.sol index 3d71ab3b..c3060c18 100644 --- a/contracts/serverless-v2/Gateways.sol +++ b/contracts/serverless-v2/Gateways.sol @@ -1,17 +1,16 @@ // SPDX-License-Identifier: UNLICENSED pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; -import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; -import "../AttestationAutherUpgradeable.sol"; -import "../interfaces/IAttestationVerifier.sol"; -import "./Jobs.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {AttestationAutherUpgradeable} from "../AttestationAutherUpgradeable.sol"; +import {IAttestationVerifier} from "../interfaces/IAttestationVerifier.sol"; /** * @title Gateways Contract @@ -73,6 +72,7 @@ contract Gateways is } /// @inheritdoc UUPSUpgradeable + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// @@ -281,18 +281,18 @@ contract Gateways is /** * @notice Whitelists an enclave image by adding its PCR values. * @dev Can only be called by an account with the DEFAULT_ADMIN_ROLE. - * @param PCR0 The first PCR value of the enclave image. - * @param PCR1 The second PCR value of the enclave image. - * @param PCR2 The third PCR value of the enclave image. + * @param pcr0 The first PCR value of the enclave image. + * @param pcr1 The second PCR value of the enclave image. + * @param pcr2 The third PCR value of the enclave image. * @return bytes32 The unique identifier (hash) of the whitelisted enclave image. * @return bool Whether the whitelisting was successful. */ function whitelistEnclaveImage( - bytes memory PCR0, - bytes memory PCR1, - bytes memory PCR2 + bytes memory pcr0, + bytes memory pcr1, + bytes memory pcr2 ) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bytes32, bool) { - return _whitelistEnclaveImage(EnclaveImage(PCR0, PCR1, PCR2)); + return _whitelistEnclaveImage(EnclaveImage(pcr0, pcr1, pcr2)); } /** diff --git a/contracts/serverless-v2/Jobs.sol b/contracts/serverless-v2/Jobs.sol index 604ee651..7d2a46e4 100644 --- a/contracts/serverless-v2/Jobs.sol +++ b/contracts/serverless-v2/Jobs.sol @@ -1,14 +1,15 @@ // SPDX-License-Identifier: UNLICENSED pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; -import "./Executors.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {Executors} from "./Executors.sol"; /** * @title Jobs Contract @@ -80,6 +81,7 @@ contract Jobs is } /// @inheritdoc UUPSUpgradeable + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// @@ -288,16 +290,16 @@ contract Jobs is /** * @dev Emitted when the job result callback is called. * @param jobId The ID of the job. - * @param callback_success Boolean indicating if the callback was successful. + * @param callbackSuccess Boolean indicating if the callback was successful. */ - event JobResultCallbackCalled(uint256 indexed jobId, bool callback_success); + event JobResultCallbackCalled(uint256 indexed jobId, bool callbackSuccess); /** * @dev Emitted when the job failure callback is called. * @param jobId The ID of the job. - * @param callback_success Boolean indicating if the callback was successful. + * @param callbackSuccess Boolean indicating if the callback was successful. */ - event JobFailureCallbackCalled(uint256 indexed jobId, bool callback_success); + event JobFailureCallbackCalled(uint256 indexed jobId, bool callbackSuccess); /// @notice Thrown when the signature is too old. error JobsSignatureTooOld(); @@ -384,6 +386,7 @@ contract Jobs is // TODO: add callback gas if (outputCount == 1) { address jobOwner = jobs[_jobId].jobOwner; + // solhint-disable-next-line avoid-low-level-calls (bool success, ) = jobOwner.call( abi.encodeWithSignature( "oysterResultCall(uint256,bytes,uint8,uint256)", @@ -566,6 +569,7 @@ contract Jobs is // transfer the slashed amount to job owner STAKING_TOKEN.safeTransfer(jobOwner, slashAmount); // TODO: add gas limit + // solhint-disable-next-line avoid-low-level-calls (bool success, ) = jobOwner.call( abi.encodeWithSignature("oysterFailureCall(uint256,uint256)", _jobId, slashAmount) ); diff --git a/contracts/serverless-v2/Relay.sol b/contracts/serverless-v2/Relay.sol index fa2ba639..a14a1148 100644 --- a/contracts/serverless-v2/Relay.sol +++ b/contracts/serverless-v2/Relay.sol @@ -1,16 +1,16 @@ // SPDX-License-Identifier: UNLICENSED pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; -import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; -import "../AttestationAutherUpgradeable.sol"; -import "../interfaces/IAttestationVerifier.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {AttestationAutherUpgradeable} from "../AttestationAutherUpgradeable.sol"; +import {IAttestationVerifier} from "../interfaces/IAttestationVerifier.sol"; /** * @title Relay Contract @@ -84,6 +84,7 @@ contract Relay is } /// @inheritdoc UUPSUpgradeable + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// @@ -148,17 +149,17 @@ contract Relay is /** * @notice Whitelist an enclave image for use by gateways. - * @param PCR0 The first PCR value of the enclave image. - * @param PCR1 The second PCR value of the enclave image. - * @param PCR2 The third PCR value of the enclave image. + * @param pcr0 The first PCR value of the enclave image. + * @param pcr1 The second PCR value of the enclave image. + * @param pcr2 The third PCR value of the enclave image. * @return Computed image id and true if the image was freshly whitelisted, false otherwise. */ function whitelistEnclaveImage( - bytes calldata PCR0, - bytes calldata PCR1, - bytes calldata PCR2 + bytes calldata pcr0, + bytes calldata pcr1, + bytes calldata pcr2 ) external onlyRole(DEFAULT_ADMIN_ROLE) returns (bytes32, bool) { - return _whitelistEnclaveImage(EnclaveImage(PCR0, PCR1, PCR2)); + return _whitelistEnclaveImage(EnclaveImage(pcr0, pcr1, pcr2)); } /** @@ -617,6 +618,7 @@ contract Relay is TOKEN.safeTransfer(job.jobOwner, usdcDeposit); // return back callback deposit to the user + // solhint-disable-next-line avoid-low-level-calls (bool success, ) = job.jobOwner.call{value: callbackDeposit}(""); if (!success) revert RelayCallbackDepositTransferFailed(); @@ -628,9 +630,10 @@ contract Relay is Job memory _job, bytes calldata _output, uint8 _errorCode - ) internal returns (bool success, uint callbackGas) { + ) internal returns (bool success, uint256 callbackGas) { if (tx.gasprice <= _job.maxGasPrice) { - uint startGas = gasleft(); + uint256 startGas = gasleft(); + // solhint-disable-next-line avoid-low-level-calls (success, ) = _job.callbackContract.call{gas: _job.callbackGasLimit}( abi.encodeWithSignature( "oysterResultCall(uint256,address,bytes32,bytes,bytes,uint8)", @@ -656,8 +659,10 @@ contract Relay is // TODO: If paySuccess is false then deposit will be stucked forever. Find a way out. // transfer callback cost to gateway _callbackCost = _callbackCost > _callbackDeposit ? _callbackDeposit : _callbackCost; + // solhint-disable-next-line avoid-low-level-calls (bool paySuccess, ) = _gatewayOwner.call{value: _callbackCost}(""); // transfer remaining native asset to the jobOwner + // solhint-disable-next-line avoid-low-level-calls (paySuccess, ) = _jobOwner.call{value: _callbackDeposit - _callbackCost}(""); } diff --git a/contracts/serverless-v2/RelaySubscriptions.sol b/contracts/serverless-v2/RelaySubscriptions.sol index ab31f208..e259b0dd 100644 --- a/contracts/serverless-v2/RelaySubscriptions.sol +++ b/contracts/serverless-v2/RelaySubscriptions.sol @@ -1,16 +1,15 @@ // SPDX-License-Identifier: UNLICENSED pragma solidity ^0.8.0; -import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; -import "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; -import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; -import "../interfaces/IAttestationVerifier.sol"; -import "./Relay.sol"; +import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol"; +import {ContextUpgradeable} from "@openzeppelin/contracts-upgradeable/utils/ContextUpgradeable.sol"; +import {ERC165Upgradeable} from "@openzeppelin/contracts-upgradeable/utils/introspection/ERC165Upgradeable.sol"; +import {AccessControlUpgradeable} from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol"; +import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; +import {Relay} from "./Relay.sol"; /** * @title RelaySubscriptions Contract @@ -61,6 +60,7 @@ contract RelaySubscriptions is } /// @inheritdoc UUPSUpgradeable + // solhint-disable-next-line no-empty-blocks function _authorizeUpgrade(address /*account*/) internal view override onlyRole(DEFAULT_ADMIN_ROLE) {} //-------------------------------- Overrides end --------------------------------// @@ -522,9 +522,10 @@ contract RelaySubscriptions is Relay.Job memory _job, bytes calldata _output, uint8 _errorCode - ) internal returns (bool success, uint callbackGas) { + ) internal returns (bool success, uint256 callbackGas) { if (tx.gasprice <= _job.maxGasPrice) { - uint startGas = gasleft(); + uint256 startGas = gasleft(); + // solhint-disable-next-line avoid-low-level-calls (success, ) = _job.callbackContract.call{gas: _job.callbackGasLimit}( abi.encodeWithSignature( "oysterResultCall(uint256,address,bytes32,bytes,bytes,uint8)", @@ -549,6 +550,7 @@ contract RelaySubscriptions is // TODO: If paySuccess is false then deposit will be stucked forever. Find a way out. // transfer callback cost to gateway _callbackCost = _callbackCost > _callbackDeposit ? _callbackDeposit : _callbackCost; + // solhint-disable-next-line no-unused-vars, avoid-low-level-calls (bool paySuccess, ) = _gatewayOwner.call{value: _callbackCost}(""); // transfer remaining native asset to the jobOwner @@ -633,6 +635,7 @@ contract RelaySubscriptions is RELAY.TOKEN().safeTransfer(_jobOwner, usdcAmount); // TODO: do we need to check this bool success + // solhint-disable-next-line avoid-low-level-calls (bool success, ) = _jobOwner.call{value: callbackAmount}(""); emit JobSubscriptionDepositsRefunded(_jobSubsId, _jobOwner, usdcAmount, callbackAmount, success); diff --git a/contracts/serverless-v2/UserSample.sol b/contracts/serverless-v2/UserSample.sol index 4f70d9ed..8d77469e 100644 --- a/contracts/serverless-v2/UserSample.sol +++ b/contracts/serverless-v2/UserSample.sol @@ -1,10 +1,10 @@ // SPDX-License-Identifier: SEE LICENSE IN LICENSE pragma solidity ^0.8.0; -import "@openzeppelin/contracts/token/ERC20/IERC20.sol"; -import "@openzeppelin/contracts/access/Ownable.sol"; -import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; -import "./RelaySubscriptions.sol"; +import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol"; +import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol"; +import {SafeERC20} from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol"; +import {RelaySubscriptions} from "./RelaySubscriptions.sol"; contract UserSample is Ownable { using SafeERC20 for IERC20; @@ -56,6 +56,7 @@ contract UserSample is Ownable { // usdcDeposit = _userTimeout * EXECUTION_FEE_PER_MS + GATEWAY_FEE_PER_JOB; token.safeIncreaseAllowance(relayAddress, _usdcDeposit); + // solhint-disable-next-line avoid-low-level-calls (bool success, ) = relayAddress.call{value: _callbackDeposit}( abi.encodeWithSignature( "relayJob(uint8,bytes32,bytes,uint256,uint256,address,address,uint256)", @@ -90,6 +91,7 @@ contract UserSample is Ownable { // usdcDeposit = _userTimeout * EXECUTION_FEE_PER_MS + GATEWAY_FEE_PER_JOB; token.safeIncreaseAllowance(relaySubscriptionsAddress, _jobSubsParams.usdcDeposit); + // solhint-disable-next-line avoid-low-level-calls (bool success, ) = relaySubscriptionsAddress.call{value: _callbackDeposit}( abi.encodeWithSignature( "startJobSubscription((uint8,uint256,uint256,uint256,uint256,address,bytes32,bytes,uint256,uint256,uint256,address))", @@ -100,6 +102,7 @@ contract UserSample is Ownable { } function withdrawEth() external onlyOwner { + // solhint-disable-next-line avoid-low-level-calls (bool success, ) = msg.sender.call{value: address(this).balance}(""); if (!success) revert EthWithdrawalFailed();