Post tx guard (#304)

Author: rmeissner

contracts/GnosisSafe.sol

@@ -42,11 +42,6 @@ contract GnosisSafe is
     // );
     bytes32 private constant SAFE_TX_TYPEHASH = 0xbb8310d486368db6bd6f849402fdd73ad53d316b5a4b2644ad6efe0f941286d8;
 
-    //keccak256(
-    //    "SafeMessage(bytes message)"
-    //);
-    bytes32 private constant SAFE_MSG_TYPEHASH = 0x60b3cbf8b4a223d68d641b3b6ddf9a298e7f33710cf3d3a9d1146b5a6150fbca;
-
     event SafeSetup(address indexed initiator, address[] owners, uint256 threshold, address initializer, address fallbackHandler);
     event ApproveHash(bytes32 indexed approvedHash, address indexed owner);
     event SignMsg(bytes32 indexed msgHash);
@@ -149,8 +144,8 @@ contract GnosisSafe is
             txHash = keccak256(txHashData);
             checkSignatures(txHash, txHashData, signatures);
         }
+        address guard = getGuard();
         {
-            address guard = getGuard();
             if (guard != address(0)) {
                 Guard(guard).checkTransaction(
                     // Transaction info
@@ -191,6 +186,11 @@ contract GnosisSafe is
             if (success) emit ExecutionSuccess(txHash, payment);
             else emit ExecutionFailure(txHash, payment);
         }
+        {
+            if (guard != address(0)) {
+                Guard(guard).checkAfterExecution(txHash, success);
+            }
+        }
     }
 
     function handlePayment(
@@ -336,17 +336,6 @@ contract GnosisSafe is
         emit ApproveHash(hashToApprove, msg.sender);
     }
 
-    /**
-     * @dev Marks a message as signed, so that it can be used with EIP-1271
-     * @notice Marks a message (`_data`) as signed.
-     * @param _data Arbitrary length data that should be marked as signed on the behalf of address(this)
-     */
-    function signMessage(bytes calldata _data) external authorized {
-        bytes32 msgHash = getMessageHash(_data);
-        signedMessages[msgHash] = 1;
-        emit SignMsg(msgHash);
-    }
-
     /// @dev Returns the chain id used by this contract.
     function getChainId() public view returns (uint256) {
         uint256 id;
@@ -361,14 +350,6 @@ contract GnosisSafe is
         return keccak256(abi.encode(DOMAIN_SEPARATOR_TYPEHASH, getChainId(), this));
     }
 
-    /// @dev Returns hash of a message that can be signed by owners.
-    /// @param message Message that should be hashed
-    /// @return Message hash.
-    function getMessageHash(bytes memory message) public view returns (bytes32) {
-        bytes32 safeMessageHash = keccak256(abi.encode(SAFE_MSG_TYPEHASH, keccak256(message)));
-        return keccak256(abi.encodePacked(bytes1(0x19), bytes1(0x01), domainSeparator(), safeMessageHash));
-    }
-
     /// @dev Returns the bytes that are hashed to be signed by owners.
     /// @param to Destination address.
     /// @param value Ether value.

contracts/base/GuardManager.sol

@@ -18,6 +18,8 @@ interface Guard {
         bytes memory signatures,
         address msgSender
     ) external;
+
+    function checkAfterExecution(bytes32 txHash, bool success) external;
 }
 
 /// @title Fallback Manager - A contract that manages fallback calls made to this contract

contracts/examples/guards/DebugTransactionGuard.sol

@@ -0,0 +1,65 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+pragma solidity >=0.7.0 <0.9.0;
+
+import "../../common/Enum.sol";
+import "../../base/GuardManager.sol";
+import "../../GnosisSafe.sol";
+
+/// @title Debug Transaction Guard - A guard that will emit events with extended information.
+/// @notice This guard is only meant as a development tool and example
+/// @author Richard Meissner - <richard@gnosis.pm>
+contract DebugTransactionGuard is Guard {
+    // solhint-disable-next-line payable-fallback
+    fallback() external {
+        // We don't revert on fallback to avoid issues in case of a Safe upgrade
+        // E.g. The expected check method might change and then the Safe would be locked.
+    }
+
+    event TransactionDetails(
+        address indexed safe,
+        bytes32 indexed txHash,
+        address to,
+        uint256 value,
+        bytes data,
+        Enum.Operation operation,
+        uint256 safeTxGas,
+        bool usesRefund,
+        uint256 nonce
+    );
+
+    event GasUsage(address indexed safe, bytes32 indexed txHash, uint256 indexed nonce, bool success);
+
+    mapping(bytes32 => uint256) public txNonces;
+
+    function checkTransaction(
+        address to,
+        uint256 value,
+        bytes memory data,
+        Enum.Operation operation,
+        uint256 safeTxGas,
+        uint256 baseGas,
+        uint256 gasPrice,
+        address gasToken,
+        // solhint-disable-next-line no-unused-vars
+        address payable refundReceiver,
+        bytes memory,
+        address
+    ) external override {
+        uint256 nonce;
+        bytes32 txHash;
+        {
+            GnosisSafe safe = GnosisSafe(payable(msg.sender));
+            nonce = safe.nonce() - 1;
+            txHash = safe.getTransactionHash(to, value, data, operation, safeTxGas, baseGas, gasPrice, gasToken, refundReceiver, nonce);
+        }
+        emit TransactionDetails(msg.sender, txHash, to, value, data, operation, safeTxGas, gasPrice > 0, nonce);
+        txNonces[txHash] = nonce;
+    }
+
+    function checkAfterExecution(bytes32 txHash, bool success) external override {
+        uint256 nonce = txNonces[txHash];
+        require(nonce != 0, "Could not get nonce");
+        txNonces[txHash] = 0;
+        emit GasUsage(msg.sender, txHash, nonce, success);
+    }
+}

…/guards/DelegateCallTransactionGuard.sol …/guards/DelegateCallTransactionGuard.solcontracts/guards/DelegateCallTransactionGuard.sol renamed to contracts/examples/guards/DelegateCallTransactionGuard.sol contracts/guards/DelegateCallTransactionGuard.sol renamed to contracts/examples/guards/DelegateCallTransactionGuard.sol

@@ -1,9 +1,9 @@
 // SPDX-License-Identifier: LGPL-3.0-only
 pragma solidity >=0.7.0 <0.9.0;
 
-import "../common/Enum.sol";
-import "../base/GuardManager.sol";
-import "../GnosisSafe.sol";
+import "../../common/Enum.sol";
+import "../../base/GuardManager.sol";
+import "../../GnosisSafe.sol";
 
 contract DelegateCallTransactionGuard is Guard {
     address public immutable allowedTarget;
@@ -34,4 +34,6 @@ contract DelegateCallTransactionGuard is Guard {
     ) external view override {
         require(operation != Enum.Operation.DelegateCall || to == allowedTarget, "This call is restricted");
     }
+
+    function checkAfterExecution(bytes32, bool) external view override {}
 }

contracts/examples/guards/ReentrencyTransactionGuard.sol

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+pragma solidity >=0.7.0 <0.9.0;
+
+import "../../common/Enum.sol";
+import "../../base/GuardManager.sol";
+import "../../GnosisSafe.sol";
+
+contract ReentrencyTransactionGuard is Guard {
+    bytes32 internal constant GUARD_STORAGE_SLOT = keccak256("reentrentry_guard.guard.struct");
+
+    struct GuardValue {
+        bool active;
+    }
+
+    // solhint-disable-next-line payable-fallback
+    fallback() external {
+        // We don't revert on fallback to avoid issues in case of a Safe upgrade
+        // E.g. The expected check method might change and then the Safe would be locked.
+    }
+
+    function getGuard() internal pure returns (GuardValue storage guard) {
+        bytes32 slot = GUARD_STORAGE_SLOT;
+        // solhint-disable-next-line no-inline-assembly
+        assembly {
+            guard.slot := slot
+        }
+    }
+
+    function checkTransaction(
+        address,
+        uint256,
+        bytes memory,
+        Enum.Operation,
+        uint256,
+        uint256,
+        uint256,
+        address,
+        // solhint-disable-next-line no-unused-vars
+        address payable,
+        bytes memory,
+        address
+    ) external override {
+        GuardValue storage guard = getGuard();
+        require(!guard.active, "Reentrency detected");
+        guard.active = true;
+    }
+
+    function checkAfterExecution(bytes32, bool) external override {
+        getGuard().active = false;
+    }
+}

contracts/examples/libraries/GnosisSafeStorage.sol

@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+pragma solidity >=0.7.0 <0.9.0;
+
+/// @title GnosisSafeStorage - Storage layout of the Safe contracts to be used in libraries
+/// @author Richard Meissner - <richard@gnosis.io>
+contract GnosisSafeStorage {
+    // From /common/Singleton.sol
+    address internal singleton;
+    // From /common/ModuleManager.sol
+    mapping(address => address) internal modules;
+    // From /common/OwnerManager.sol
+    mapping(address => address) internal owners;
+    uint256 internal ownerCount;
+    uint256 internal threshold;
+
+    // From /GnosisSafe.sol
+    bytes32 internal nonce;
+    bytes32 internal domainSeparator;
+    mapping(bytes32 => uint256) internal signedMessages;
+    mapping(address => mapping(bytes32 => uint256)) internal approvedHashes;
+}

…cts/libraries/Migrate_1_3_0_to_1_2_0.sol …les/libraries/Migrate_1_3_0_to_1_2_0.solcontracts/libraries/Migrate_1_3_0_to_1_2_0.sol renamed to contracts/examples/libraries/Migrate_1_3_0_to_1_2_0.sol contracts/libraries/Migrate_1_3_0_to_1_2_0.sol renamed to contracts/examples/libraries/Migrate_1_3_0_to_1_2_0.sol

@@ -1,9 +1,10 @@
 // SPDX-License-Identifier: LGPL-3.0-only
 pragma solidity >=0.7.0 <0.9.0;
+import "./GnosisSafeStorage.sol";
 
 /// @title Migration - migrates a Safe contract from 1.3.0 to 1.2.0
 /// @author Richard Meissner - <richard@gnosis.io>
-contract Migration {
+contract Migration is GnosisSafeStorage {
     bytes32 private constant DOMAIN_SEPARATOR_TYPEHASH = 0x035aff83d86937d35b32e04f0ddc6ff469290eef2f1b692d8a815c89404d4749;
 
     address public immutable migrationSingleton;
@@ -17,18 +18,6 @@ contract Migration {
 
     event ChangedMasterCopy(address singleton);
 
-    // Here to have the same storage layout as the Safe
-    address private singleton;
-    // Some unused slots to have the correct layout
-    bytes32 private _slot1;
-    bytes32 private _slot2;
-    bytes32 private _slot3;
-    bytes32 private _slot4;
-    bytes32 private _slot5;
-    // For the migration we need to set the old domain separator in storage
-    bytes32 private domainSeparator;
-
-    // Define guard last to avoid conflict with Safe storage layout
     bytes32 private guard;
 
     /// @dev Allows to migrate the contract. This can only be called via a delegatecall.

contracts/examples/libraries/SignMessage.sol

@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: LGPL-3.0-only
+pragma solidity >=0.7.0 <0.9.0;
+
+import "./GnosisSafeStorage.sol";
+import "../../GnosisSafe.sol";
+
+/// @title SignMessageLib - Allows to set an entry in the signedMessages
+/// @author Richard Meissner - <richard@gnosis.io>
+contract SignMessageLib is GnosisSafeStorage {
+    //keccak256(
+    //    "SafeMessage(bytes message)"
+    //);
+    bytes32 private constant SAFE_MSG_TYPEHASH = 0x60b3cbf8b4a223d68d641b3b6ddf9a298e7f33710cf3d3a9d1146b5a6150fbca;
+
+    event SignMsg(bytes32 indexed msgHash);
+
+    /// @dev Marks a message as signed, so that it can be used with EIP-1271
+    /// @notice Marks a message (`_data`) as signed.
+    /// @param _data Arbitrary length data that should be marked as signed on the behalf of address(this)
+    function signMessage(bytes calldata _data) external {
+        bytes32 msgHash = getMessageHash(_data);
+        signedMessages[msgHash] = 1;
+        emit SignMsg(msgHash);
+    }
+
+    /// @dev Returns hash of a message that can be signed by owners.
+    /// @param message Message that should be hashed
+    /// @return Message hash.
+    function getMessageHash(bytes memory message) public view returns (bytes32) {
+        bytes32 safeMessageHash = keccak256(abi.encode(SAFE_MSG_TYPEHASH, keccak256(message)));
+        return
+            keccak256(abi.encodePacked(bytes1(0x19), bytes1(0x01), GnosisSafe(payable(address(this))).domainSeparator(), safeMessageHash));
+    }
+}

contracts/handler/CompatibilityFallbackHandler.sol

@@ -8,6 +8,11 @@ import "../GnosisSafe.sol";
 /// @title Compatibility Fallback Handler - fallback handler to provider compatibility between pre 1.3.0 and 1.3.0+ Safe contracts
 /// @author Richard Meissner - <richard@gnosis.pm>
 contract CompatibilityFallbackHandler is DefaultCallbackHandler, ISignatureValidator {
+    //keccak256(
+    //    "SafeMessage(bytes message)"
+    //);
+    bytes32 private constant SAFE_MSG_TYPEHASH = 0x60b3cbf8b4a223d68d641b3b6ddf9a298e7f33710cf3d3a9d1146b5a6150fbca;
+
     bytes4 internal constant SIMULATE_SELECTOR = bytes4(keccak256("simulate(address,bytes)"));
 
     address internal constant SENTINEL_MODULES = address(0x1);
@@ -23,7 +28,7 @@ contract CompatibilityFallbackHandler is DefaultCallbackHandler, ISignatureValid
     function isValidSignature(bytes calldata _data, bytes calldata _signature) public view override returns (bytes4) {
         // Caller should be a Safe
         GnosisSafe safe = GnosisSafe(payable(msg.sender));
-        bytes32 messageHash = safe.getMessageHash(_data);
+        bytes32 messageHash = getMessageHashForSafe(safe, _data);
         if (_signature.length == 0) {
             require(safe.signedMessages(messageHash) != 0, "Hash not approved");
         } else {
@@ -32,6 +37,22 @@ contract CompatibilityFallbackHandler is DefaultCallbackHandler, ISignatureValid
         return EIP1271_MAGIC_VALUE;
     }
 
+    /// @dev Returns hash of a message that can be signed by owners.
+    /// @param message Message that should be hashed
+    /// @return Message hash.
+    function getMessageHash(bytes memory message) public view returns (bytes32) {
+        return getMessageHashForSafe(GnosisSafe(payable(msg.sender)), message);
+    }
+
+    /// @dev Returns hash of a message that can be signed by owners.
+    /// @param safe Safe to which the message is targeted
+    /// @param message Message that should be hashed
+    /// @return Message hash.
+    function getMessageHashForSafe(GnosisSafe safe, bytes memory message) public view returns (bytes32) {
+        bytes32 safeMessageHash = keccak256(abi.encode(SAFE_MSG_TYPEHASH, keccak256(message)));
+        return keccak256(abi.encodePacked(bytes1(0x19), bytes1(0x01), safe.domainSeparator(), safeMessageHash));
+    }
+
     /**
      * Implementation of updated EIP-1271
      * @dev Should return whether the signature provided is valid for the provided data.