Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(world): check the core module name is correct on initialisation [L-05] #2099

Closed
wants to merge 1 commit into from
Closed

fix(world): check the core module name is correct on initialisation [L-05] #2099

wants to merge 1 commit into from

Conversation

yonadaa
Copy link
Contributor

@yonadaa yonadaa commented Jan 9, 2024

No description provided.

@yonadaa yonadaa requested review from alvrs and holic as code owners January 9, 2024 17:15
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 9, 2024

⚠️ No Changeset found

Latest commit: bb51f91

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

yonadaa
yonadaa commented Jan 9, 2024
View reviewed changes
packages/world/src/World.sol
@@ -75,6 +75,11 @@ contract World is StoreData, IWorldKernel {
revert World_AlreadyInitialized();
}

// Require the module name to be core
if (coreModule.getName() != CORE_MODULE_NAME) {
revert("Module is not the core module");
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want a custom error for this?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes please!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thinking more about the original issue/report, I wonder if this check is actually useful

If the implementation of coreModule is malicious, couldn't it easily sidestep this check by returning different values from getName() based on the caller?

curious if @alvrs has opinions here

@alvrs
Copy link
Member

alvrs commented Jan 22, 2024

closing in favour of #2168

@alvrs alvrs closed this Jan 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alvrs alvrs Awaiting requested review from alvrs alvrs is a code owner

@holic holic Awaiting requested review from holic holic is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yonadaa @alvrs @holic