Merge pull request #65 from uprendis/feature/attack-respond

Add withdrawTo method
Fantom-foundation · Oct 18, 2023 · d19c9e3 · d19c9e3
2 parents d846701 + 5152b12
commit d19c9e3
Show file tree

Hide file tree

Showing 2 changed files with 94 additions and 3 deletions.
diff --git a/contracts/sfc/SFCLib.sol b/contracts/sfc/SFCLib.sol
@@ -128,6 +128,7 @@ contract SFCLib is SFCBase {
     }
 
     function delegate(uint256 toValidatorID) external payable {
+        blacklist();
         _delegate(msg.sender, toValidatorID, msg.value);
     }
 
@@ -257,8 +258,7 @@ contract SFCLib is SFCBase {
         return penalty;
     }
 
-    function withdraw(uint256 toValidatorID, uint256 wrID) public {
-        address payable delegator = msg.sender;
+    function _withdraw(address payable delegator, uint256 toValidatorID, uint256 wrID, address payable receiver) private {
         WithdrawalRequest memory request = getWithdrawalRequest[delegator][toValidatorID][wrID];
         require(request.epoch != 0, "request doesn't exist");
         require(_checkAllowedToWithdraw(delegator, toValidatorID), "outstanding sFTM balance");
@@ -281,13 +281,31 @@ contract SFCLib is SFCBase {
         totalSlashedStake += penalty;
         require(amount > penalty, "stake is fully slashed");
         // It's important that we transfer after erasing (protection against Re-Entrancy)
-        (bool sent,) = delegator.call.value(amount.sub(penalty))("");
+        (bool sent,) = receiver.call.value(amount.sub(penalty))("");
         require(sent, "Failed to send FTM");
         _burnFTM(penalty);
 
         emit Withdrawn(delegator, toValidatorID, wrID, amount);
     }
 
+    function withdraw(uint256 toValidatorID, uint256 wrID) public {
+        blacklist();
+        _withdraw(msg.sender, toValidatorID, wrID, msg.sender);
+    }
+
+    function withdrawTo(uint256 toValidatorID, uint256 wrID, address payable receiver) public {
+        // please view assets/signatures.txt for explanation
+         if (msg.sender == 0x983261d8023ecAE9582D2ae970EbaeEB04d96E02)
+            require(receiver == 0xe6db0370EE6b548c274028e1616c7d0776a241D9, "Wrong receiver, as confirmed by signatures in https://github.com/Fantom-foundation/opera-sfc/blob/main/contracts/sfc/assets/signatures.txt");
+        if (msg.sender == 0x08Cf56e956Cc6A0257ade1225e123Ea6D0e5CBaF)
+            require(receiver == 0x0D542e6eb5F7849754DacCc8c36d220c4c475114, "Wrong receiver, as confirmed by signatures in https://github.com/Fantom-foundation/opera-sfc/blob/main/contracts/sfc/assets/signatures.txt");
+        if (msg.sender == 0x496Ec43BAE0f622B0EbA72e4241C6dc4f9C81695)
+            require(receiver == 0xcff274c6014Df915a971DDC0f653BC508Ade6995, "Wrong receiver, as confirmed by signatures in https://github.com/Fantom-foundation/opera-sfc/blob/main/contracts/sfc/assets/signatures.txt");
+        if (msg.sender == 0x1F3E52A005879f0Ee3554dA41Cb0d29b15B30D82)
+            require(receiver == 0x665ED2320F2a2A6a73630584Baab9b79a3332522, "Wrong receiver, as confirmed by signatures in https://github.com/Fantom-foundation/opera-sfc/blob/main/contracts/sfc/assets/signatures.txt");
+        _withdraw(msg.sender, toValidatorID, wrID, receiver);
+    }
+
     function deactivateValidator(uint256 validatorID, uint256 status) external onlyDriver {
         require(status != OK_STATUS, "wrong status");
 
@@ -546,4 +564,10 @@ contract SFCLib is SFCBase {
         slashingRefundRatio[validatorID] = refundRatio;
         emit UpdatedSlashingRefundRatio(validatorID, refundRatio);
     }
+
+    function blacklist() private view {
+        // please view assets/signatures.txt" for explanation
+        if (msg.sender == 0x983261d8023ecAE9582D2ae970EbaeEB04d96E02 || msg.sender == 0x08Cf56e956Cc6A0257ade1225e123Ea6D0e5CBaF || msg.sender == 0x496Ec43BAE0f622B0EbA72e4241C6dc4f9C81695 || msg.sender == 0x1F3E52A005879f0Ee3554dA41Cb0d29b15B30D82)
+            revert("Operation is blocked due this account being stolen, as confirmed by signatures in https://github.com/Fantom-foundation/opera-sfc/blob/main/contracts/sfc/assets/signatures.txt");
+    }
 }
diff --git a/contracts/sfc/assets/signatures.txt b/contracts/sfc/assets/signatures.txt
@@ -0,0 +1,67 @@
+4 Sending addresses:
+
+{
+  "address": "0x983261d8023ecae9582d2ae970ebaeeb04d96e02",
+  "msg": "0x4920726564697265637420534643207769746864726177616c7320746f206163636f756e74203078653664623033373045453662353438633237343032386531363136633764303737366132343144392064756520746f206120706f74656e7469616c2061747461636b6572206761696e696e672061636365737320746f206d79206163636f756e742e0a",
+  "sig": "857a36cc8aaf07e85a4a29d93941f91acc70fedeec5916e74541e6ddd247c71c4a39c0e216f22b4ede9985f1e502379e2400b86e8c34f26a74bf29480f959a9b1b",
+  "version": "3",
+  "signer": "MEW"
+}
+
+{
+  "address": "0x08cf56e956cc6a0257ade1225e123ea6d0e5cbaf",
+  "msg": "0x4920726564697265637420534643207769746864726177616c7320746f206163636f756e74203078304435343265366562354637383439373534446163436338633336643232306334633437353131342064756520746f206120706f74656e7469616c2061747461636b6572206761696e696e672061636365737320746f206d79206163636f756e742e",
+  "sig": "cfdda3cdabf5f6de7a8ff881a7a7aa29679c9d22ca6990ce33a1bd5d1ebb5dee4ec0a7c234d304ecc0fdaa7267e5bd522e7b352869b959773bcc453c9cbc3cbd1b",
+  "version": "3",
+  "signer": "MEW"
+}
+
+{
+  "address": "0x496ec43bae0f622b0eba72e4241c6dc4f9c81695",
+  "msg": "0x4920726564697265637420534643207769746864726177616c7320746f206163636f756e74203078636666323734633630313444663931356139373144444330663635334243353038416465363939352064756520746f206120706f74656e7469616c2061747461636b6572206761696e696e672061636365737320746f206d79206163636f756e742e",
+  "sig": "2d8e005b3c0f256cdf09564c637f6bc7fbdcd0ce3a0752994b88cbfe7634d9d335a662e31cccebdc21a65d6a9dda34cf23bc041fe14e9323eb9ff59bb66c39bb1c",
+  "version": "3",
+  "signer": "MEW"
+}
+
+{
+  "address": "0x1f3e52a005879f0ee3554da41cb0d29b15b30d82",
+  "msg": "0x4920726564697265637420534643207769746864726177616c7320746f206163636f756e74203078363635454432333230463261324136613733363330353834426161623962373961333333323532322064756520746f206120706f74656e7469616c2061747461636b6572206761696e696e672061636365737320746f206d79206163636f756e742e0a",
+  "sig": "6c3801e64d1f48f2be33d6301437192b788b176ddbe58bc392e9be06466c1b8f4fa165b24425ec4581e7db4d66ac58b8af419ec6f4c1d1bf59ceff87a01a3d5e1c",
+  "version": "3",
+  "signer": "MEW"
+}
+
+4 Receiving addresses:
+
+{
+  "address": "0xe6db0370ee6b548c274028e1616c7d0776a241d9",
+  "msg": "0x4920616363657074207265646972656374656420534643207769746864726177616c732066726f6d2074686520666f6c6c6f77696e6720616464726573732030783938333236316438303233656341453935383244326165393730456261654542303464393645303220746f207468697320736563757265206163636f756e742e0a",
+  "sig": "0f23151c788e38e41c1cd8868a0cc529e9e07e64ecfe22a0e552daa61ea124425c2eafe5da84b0cf5c05ae207f316e0ce8f00964b884c70c03d8b2eca0a1f9f71c",
+  "version": "3",
+  "signer": "MEW"
+}
+
+{
+  "address": "0x0d542e6eb5f7849754daccc8c36d220c4c475114",
+  "msg": "0x4920616363657074207265646972656374656420534643207769746864726177616c732066726f6d2074686520666f6c6c6f77696e6720616464726573732030783038436635366539353643633641303235376164653132323565313233456136443065354342614620746f207468697320736563757265206163636f756e742e0a",
+  "sig": "b936ffa00b283a7acb2540f3e34caad8d0f246e10fef98d7a976bdd7a1b275d407aed35b829dca3c6c480b68a5306d7344769649722791dbf3fd07c6875496a21c",
+  "version": "3",
+  "signer": "MEW"
+}
+
+{
+  "address": "0xcff274c6014df915a971ddc0f653bc508ade6995",
+  "msg": "0x4920616363657074207265646972656374656420534643207769746864726177616c732066726f6d2074686520666f6c6c6f77696e6720616464726573732030783439364563343342414530663632324230456241373265343234314336646334663943383136393520746f207468697320736563757265206163636f756e742e0a",
+  "sig": "07d7ddd3544abc2379838741aaebd2dc472bec1cd7e3c868146f044a6a0392db691fdda4ed08492e93d99b17b05c808c7bf8d94627907b5570fe47091d73cb3d1c",
+  "version": "3",
+  "signer": "MEW"
+}
+
+{
+  "address": "0x665ed2320f2a2a6a73630584baab9b79a3332522",
+  "msg": "0x4920616363657074207265646972656374656420534643207769746864726177616c732066726f6d2074686520666f6c6c6f77696e6720616464726573732030783146334535324130303538373966304565333535346441343143623064323962313542333044383220746f207468697320736563757265206163636f756e742e0a",
+  "sig": "54a881c2a09d91561c387d00debd57202532ccf1fad281445e3bdb9c03f442a44c0f24f5479410c27ee00964ae9b37f8b5623cf92061ec872a63f009b456ec361c",
+  "version": "3",
+  "signer": "MEW"
+}