Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: finish resolving audit findings: AST-001, AST-301, AST-302 and AST-303 #113

Open
wants to merge 19 commits into
base: main
Choose a base branch
from
Open

fix: finish resolving audit findings: AST-001, AST-301, AST-302 and AST-303 #113

wants to merge 19 commits into from

Conversation

francolq
Copy link
Contributor

@francolq francolq commented Feb 20, 2025
edited
Loading

NOTE: this PR is marked as draft because it is stacked on top of PR #112

Resolve AST-001 "Leaking admin tokens":

  • Solve for Asteria UTxO by checking that all value without lovelace is still locked into the Asteria UTxO.
  • Solve for pellet UTxOs in Provide redeemer by checking the complete pellet output value.

Finish resolving AST-302 "Crowded shipyard":

  • Move all possible checks from spacetime.ak:spend():MineAsteria to asteria.ak:spend():Mine.
  • Move all possible checks from spacetime.ak:spend():GatherFuel to pellet.ak:spend():Provide(amount).
  • Some checks are refactored to improve legibility.

Resolve AST-303: simplify MinFuel.

Resolve AST-301: remove ScriptAddress type and directly use Aiken's ScriptHash.

@francolq
fix: refactor checks in mine asteria, preparing for fixing AST-302
a0e67ab
@francolq
fix: in mine asteria move checks about mint and ship state from space…
b203b8e 
…time to asteria
@francolq
fix: in asteria mine check for ship input address
12392ac
@francolq
fix: in spacetime mine check for correct asteria purpose and redeemer
05d6945
@francolq
in asteria mine check for exactly one valid ship input and its redeem…
4df44b5 
…er, in spacetime mine check for exactly one valid asteria input
@francolq
fix: in asteria mine do not enforce emtpy staking address for asteria…
f09ac9b 
… (also add code comments)
@francolq
test: fix mine tests, moving failure tests from spaceship to asteria …
1c10548 
…validator tests
@francolq
fix: also in shipyard mint check for unique asteria input
6c84f65
@francolq
fix: in pellets resolve AST-001 and refactor checks towards solving A…
d5bbdfe 
…ST-302
@francolq
fix: AST-302 - in pellets Provide add checks taken from spacetime (a …
1169a5a 
…bit refactored): ship input state, minting, validity range, etc.
@francolq
fix: AST-302 - in spacetime GatherFuel, remove all validations moved …
4c72ca3 
…to pellets, and refactor remaining checks about the ship output: now the fuel can come from any external source
@francolq
test: fix pellet Provide tests, add new failing tests taken from spac…
5b1c13b 
…etime GatherFuel tests
@francolq
test: fix spacetime GatherFuel tests, remove tests that doesn't apply…
2496e80 
… anymore
@francolq
fix: AST-302 - wrap up by refactoring MoveShip to follow same style a…
d28841a 
…s the other redeemers
@francolq
fix: AST303 - resolve by simplifying MinFuel
4152299
@francolq francolq changed the title (draft) fix: progress resolving audit findings AST-001 and AST-302 for "mine" operation fix: finish resolving audit findings: AST-001, AST-301, AST-302 and AST-303 Feb 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@francolq