Is it possible to pass a struct as an argument to delegatecall ?
I have this function that calls delegatecall and takes a struct (a 0x quote) as an argument which is later used on the function signature and in the proper call:
function executeDelegate(address _weth, address _contract, ZrxQuote memory _zrxQuote) private returns(uint, string memory) {
console.log('spender address: ', _zrxQuote.spender); //----> testing
(bool success, ) = logicContract.delegatecall(
abi.encodeWithSignature('execute(address,address,uint256,ZrxQuote)', _weth, _contract, borrowed, _zrxQuote)
);
console.log(success);
require(success, 'Delegate Call failed');
return (0, '');
}
...but it doesn't work and returns false every time and the error Delegate Call failed.
I have this console.log('spender address: ', _zrxQuote.spender); to test if my struct is being read successfully and it is.
Also, if I remove the struct entirely of the equation (from the function, from delegatecall, from the call, from the logic contract), delegatecall works perfectly, something like:
function executeDelegate(address _weth, address _contract) private returns(uint, string memory) {
(bool success, ) = logicContract.delegatecall(
abi.encodeWithSignature('execute(address,address,uint256)', _weth, _contract, borrowed)
);
require(success, 'Delegate Call failed');
return (0, '');
}
So the problem is directly with the struct being passed to delegatecall, but I can't seem to find on any docs what the issue is (storage variables are the same).
These are the contracts:
Proxy:
//SPDX-License-Identifier: Unlicense
pragma solidity ^0.5.0;
pragma experimental ABIEncoderV2;
import "#studydefi/money-legos/dydx/contracts/DydxFlashloanBase.sol";
import "#studydefi/money-legos/dydx/contracts/ICallee.sol";
import "#openzeppelin/contracts/token/ERC20/IERC20.sol";
import "hardhat/console.sol";
contract DydxFlashloaner is ICallee, DydxFlashloanBase {
struct ZrxQuote {
address sellTokenAddress;
address buyTokenAddress;
address spender;
address swapTarget;
bytes swapCallData;
}
struct MyCustomData {
address token;
uint256 repayAmount;
}
address public logicContract;
uint public borrowed;
constructor(address _logicContract, uint _borrowed) public {
logicContract = _logicContract;
borrowed = _borrowed;
}
/******* Part that matters ******/
function callFunction(
address sender,
Account.Info memory account,
bytes memory data
) public {
(MyCustomData memory mcd, ZrxQuote memory zrx) = abi.decode(data, (MyCustomData, ZrxQuote));
uint256 balOfLoanedToken = IERC20(mcd.token).balanceOf(address(this));
require(
balOfLoanedToken >= mcd.repayAmount,
"Not enough funds to repay dydx loan!"
);
executeDelegate(mcd.token, address(this), zrx); //----> calls delegatecall
}
function executeDelegate(address _weth, address _contract, ZrxQuote memory _zrxQuote) private returns(uint, string memory) {
console.log('this is: ', _zrxQuote.spender);
(bool success, ) = logicContract.delegatecall(
abi.encodeWithSignature('execute(address,address,uint256,ZrxQuote)', _weth, _contract, borrowed, _zrxQuote)
);
console.log(success);
require(success, 'Delegate Call failed');
return (0, '');
}
/******* End ******/
function initiateFlashLoan(
address _solo,
address _token,
uint256 _amount,
address[] calldata _quoteAddr,
bytes calldata _quoteData
) external
{
ZrxQuote memory zrxQuote = ZrxQuote({
sellTokenAddress: _quoteAddr[0],
buyTokenAddress: _quoteAddr[1],
spender: _quoteAddr[2],
swapTarget: _quoteAddr[3],
swapCallData: _quoteData
});
ISoloMargin solo = ISoloMargin(_solo);
uint256 marketId = _getMarketIdFromTokenAddress(_solo, _token);
uint256 repayAmount = _getRepaymentAmountInternal(_amount);
IERC20(_token).approve(_solo, repayAmount);
Actions.ActionArgs[] memory operations = new Actions.ActionArgs[](3);
operations[0] = _getWithdrawAction(marketId, _amount);
operations[1] = _getCallAction(
abi.encode(MyCustomData({token: _token, repayAmount: repayAmount}), zrxQuote)
);
operations[2] = _getDepositAction(marketId, repayAmount);
Account.Info[] memory accountInfos = new Account.Info[](1);
accountInfos[0] = _getAccountInfo();
solo.operate(accountInfos, operations);
}
}
Logic:
//SPDX-License-Identifier: Unlicense
pragma solidity ^0.8.0;
pragma abicoder v2; //tried with pragma experimental ABIEncoderV2 also
import '#uniswap/v2-periphery/contracts/interfaces/IUniswapV2Router02.sol';
import './interfaces/MyILendingPool.sol';
import './interfaces/MyIERC20.sol';
import "hardhat/console.sol";
contract FlashLoaner {
struct ZrxQuote {
address sellTokenAddress;
address buyTokenAddress;
address spender;
address swapTarget;
bytes swapCallData;
}
struct MyCustomData {
address token;
uint256 repayAmount;
}
address public logicContract;
uint public borrowed;
function execute(address _weth, address _contract, uint256 _borrowed, ZrxQuote memory _zrxQuote) public {
console.log('hello');
//I removed the code for simplicity, but it never executes, not even the 'hello'.
}
Thanks for the help!
Solution:
Have to pass a tuple instead to abi.encodeWithSignature, according to the docs: https://docs.soliditylang.org/en/v0.8.6/abi-spec.html#mapping-solidity-to-abi-types
So it would be:
execute(address,address,uint256,(address, address, address, address, bytes))
...instead of :
execute(address,address,uint256,ZrxQuote)
Related
`import "#openzeppelin/contracts/token/ERC721/ERC721.sol";
import "#openzeppelin/contracts/access/Ownable.sol";
import "#openzeppelin/contracts/utils/Strings.sol";
contract GoTekERC721 is ERC721, Ownable {
constructor() ERC721("Go NFT", "GoN") {}
//Owner to Phone
mapping(address => uint256[]) public phones;
//change
// Phone to Balance
mapping(uint256 => uint256) public balance;
//mapping(uint256 => uint256) public userBalances;
function register(uint256 phone, uint256 Balance) public {
_mint(msg.sender, phone);
phones[msg.sender].push(phone);
balance[phone] = Balance;
}
function details(address owner) public view returns(string[] memory) {
uint256[] memory ownerPhones = phones[owner];
string memory var1;
string memory var2;
string[] memory result;
for (uint256 i = 0; i < ownerPhones.length; i++) {
uint256 phone = ownerPhones[i];
mapping(uint256 => uint256) storage userBalances=balance;
var1=Strings.toString(userBalances[phone]);
var2=Strings.toString(balance[phone]);
result.push(string(bytes.concat(bytes(var1),":",bytes(var2))));
}
return result;
}
}
I'm trying to return an array but get an error ...if i return return string(bytes.concat(bytes(var1),":",bytes(var2))) and in returns (string memory) then only 1 string o/p i get i.e 199:199 balance:balance but i want phone:balance 9685968596:199,9865986598:299,
thanks in advance.`
`I'm trying to return an array but get an error ...if i return return string(bytes.concat(bytes(var1),":",bytes(var2))) and in returns (string memory) then only 1 string o/p i get i.e 199:199 balance:balance but i want phone:balance 9685968596:199,9865986598:299,
thanks in advance.``
I am working on smart contract for a simple payment system where u deposit and get a code. Then u can give a code to anyone and they can withdraw to any address.
I have already tested on all testnets and it works fine.
But on ethereum mainnet as soon as I deposit the eth, it is stolen and transferred by a mev bot.
//SPDX-License-Identifier: UNLICENSED
// It will be used by the Solidity compiler to validate its version.
pragma solidity ^0.8.9;
// We import this library to be able to use console.log
import "hardhat/console.sol";
import "#openzeppelin/contracts/access/Ownable.sol";
contract Payment is Ownable {
address payable public feeWallet;
uint256 public feeAmount;
uint256 private numberOfDeposits = 0;
struct Deposit {
uint256 time;
bytes32 id;
uint256 amount;
}
// mapping(address => bytes32[]) public addressToHashes;
mapping(bytes32 => uint256) public hashToAmount;
mapping(address => Deposit[]) public addressToDeposits;
mapping(bytes32 => bool) public isWithdrawn;
event DepositCreated(address _payer, uint256 _amount);
event DepositWithdrawn(
address _withdrawer,
uint256 _amount,
address indexed _withdrawTo
);
constructor(address _feeWallet) {
feeWallet = payable(_feeWallet);
}
function createDeposit(string memory _id) public payable returns (bytes32) {
//Check if value is greater than 0
require(msg.value > 0, "Amount cannot be equal to 0");
//Fetch mapppings
Deposit[] storage deposits = addressToDeposits[msg.sender];
//Create Hash from id
bytes32 hash = generateId(_id);
//Update Mappings
hashToAmount[hash] = msg.value;
numberOfDeposits += 1;
deposits.push(Deposit(block.timestamp, hash, msg.value));
addressToDeposits[msg.sender] = deposits;
emit DepositCreated(msg.sender, msg.value);
return hash;
}
function generateId(string memory _id) internal view returns (bytes32) {
uint id = uint(
keccak256(
abi.encodePacked(
_id,
block.difficulty,
block.timestamp,
numberOfDeposits
)
)
);
return bytes32(id % 100000000000000);
}
function checkDepositExist(uint _id) public view returns (bool) {
bytes32 hash = bytes32(_id);
uint256 amount = hashToAmount[hash];
console.log("amount", amount);
if (amount > 0) {
return true;
} else {
return false;
}
}
function viewDeposit(uint _id) public view returns (uint256) {
bytes32 hash = bytes32(_id);
uint256 amount = hashToAmount[hash];
return amount;
}
function withdrawDeposit(uint _id, address _to) public {
require(checkDepositExist(_id), "ID invalid");
bytes32 hash = bytes32(_id);
uint256 amount = hashToAmount[hash] - feeAmount;
hashToAmount[hash] = 0;
(bool sent, bytes memory data) = payable(_to).call{value: amount}("");
require(sent, "Failed to send deposit amount");
require(sendFees(), "Failed to send fee amount");
isWithdrawn[hash] = true;
emit DepositWithdrawn(msg.sender, amount, _to);
}
function getUserDeposits() public view returns (Deposit[] memory) {
Deposit[] memory deposits = addressToDeposits[msg.sender];
return deposits;
}
function setFeeAmount(uint _amount) public onlyOwner {
feeAmount = _amount;
}
function setFeeWallet(address _wallet) public onlyOwner {
feeWallet = payable(_wallet);
}
function sendFees() internal returns (bool) {
(bool sent, bytes memory data) = payable(feeWallet).call{
value: feeAmount
}("");
return sent;
}
}
Here's the transaction of eth being stolen https://etherscan.io/tx/0xd4f92a3346ff51cf41c40b47b1270eda5ca57c4aaae2b3c9858298d8c6269725
I can point out many vulnerabilities that this smart contract has.
One of them is that there is no private data in a smart contract. Anybody can read the data in the storage of a smart contract. In this case, I see that hashToAmount has the hashes that you send to the user who created the deposit. But this can be read by anyone (using something like web3.eth.getStorageAt(contractAddress, storageIndex)) and call the withdrawDeposit function and steal the funds.
Something else, miners can temper with some blockchain data, like the timestamp, etc. Miners can see the _id that is being sent to the createDeposit and use it to immediately steal the funds from the contract.
Also, I see a lack of checks in the withdrawDeposit function.
I suggest that you use well known patterns and modifiers and other checks. Relying more on things like msg.sender since nobody can fake or tamper with msg.sender value. The sender is always the user that created the request, and if the sender is the owner of some ether, than only they can withdraw it.
Instead of checking the balance of that hash, save the msg.sender in the mapping instead when someone makes a deposit. Then, while withdrawing, check that the msg.sender has balance and if so, send the balance to the _to address.
Also, check for reentrancy attacks in your withdrawDeposit deposit function.
Trying to generate an id in a smart contract with the block data is not that secure. There are oracle libraries that can help you get a pseudo-random number from outside of the contract, but again, it can be read by a miner before the transaction is included in a block and compromise your funds.
I'm not sure if any of these are causing your problem exactly, but I'm sure that all of these could be potential issues for your contract.
I recommend you follow security standard patterns like from OpenZeppelin: https://www.openzeppelin.com/.
I am doing a project for my Honours year at the University of Cape Town using solidity and openzeppelin for my NFTs. I have uploaded a folder of json/png for the metadata. I need to now use the tokenID + .json to set the tokens correct uri when minting them. Below is the simple contract:
//SPDX-License-Identifier: MIT
pragma solidity ^0.8;
import "#openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";
import "#openzeppelin/contracts/utils/Strings.sol";
contract ImpactCollection is ERC721URIStorage {
uint256 public tokenCounter;
constructor () ERC721 ("Impact Tokens", "COLLECTION_TICKER"){
tokenCounter = 0;
}
function concatenate(string memory a,uint256 memory b,string memory c) public pure returns (string memory){
return string(abi.encodePacked(a,b,c));
}
function createCollectible() public returns (uint256) {
uint256 newItemId = tokenCounter;
string urinumber = string(abi.encodePacked(newItemId.toString()))
tokenURI = "https://ipfs.io/ipfs/QmQh54Rb8ZFY33P9bWUzgonRvA7XeChVWaAWG3nMqQ19xW/" + urinumber + ".json";
_safeMint(msg.sender, newItemId);
_setTokenURI(newItemId, tokenURI);
tokenCounter = tokenCounter + 1;
return newItemId;
}
}
I have the folder url above and i just need to add the token id and then add a .json. My C# brain says: "ipfsurl" + newItemId.toString() + ".json";
What is the remix (solidity) equivalent?
From solidity version 0.8.12 you can use string.concat(s1,s2) for concatenate the strings.
I adjusted and put some notes in your smart contract code:
//SPDX-License-Identifier: MIT
pragma solidity ^0.8;
import "#openzeppelin/contracts/token/ERC721/extensions/ERC721URIStorage.sol";
import "#openzeppelin/contracts/utils/Strings.sol";
contract ImpactCollection is ERC721URIStorage {
uint256 public tokenCounter;
using Strings for *;
constructor () ERC721 ("Impact Tokens", "COLLECTION_TICKER"){
tokenCounter = 0;
}
function concatenate(string memory a,uint256 b,string memory c) public pure returns (string memory){
return string(abi.encodePacked(a,b,c));
}
function createCollectible() public returns (uint256) {
uint256 newItemId = tokenCounter;
// NOTE: Use Strings.toString for convert a uint to string datatype
string memory urinumber = Strings.toString(newItemId);
// NOTE: I declared a new variable for contain token URI
string memory tokenURI = "https://ipfs.io/ipfs/QmQh54Rb8ZFY33P9bWUzgonRvA7XeChVWaAWG3nMqQ19xW/";
// NOTE: I declare a new variable for contain tokenURI concatenated
string memory fullTokenURI = string.concat("https://ipfs.io/ipfs/QmQh54Rb8ZFY33P9bWUzgonRvA7XeChVWaAWG3nMqQ19xW/", urinumber, ".json");
_safeMint(msg.sender, newItemId);
_setTokenURI(newItemId, tokenURI);
tokenCounter = tokenCounter + 1;
return newItemId;
}
}
This will work!
_setTokenURI(newItemId, string(abi.encodePacked(_uri, '/', newItemId.toString(), '.json')));
struct Campaign {
address payable campaignOwner;
string campaignTitle;
string campaignDescription;
uint256 goalAmount;
uint256 totalAmountFunded;
uint256 deadline;
bool goalAchieved;
bool isCampaignOpen;
bool isExists;
mapping(address => uint256) contributions;
}
//stores a Campaign struct for each unique campaign ID.
mapping(uint256 => Campaign) campaigns;
function createCampaign(string memory _campaignTitle, string memory _campaignDescription, uint256 _goalAmount, uint256 _fundingPeriodInDays ) public {
++totalCampaigns;
uint256 period = block.timestamp + (_fundingPeriodInDays * 1 days);
Campaign memory aCampaign = Campaign(payable(msg.sender),_campaignTitle, _campaignDescription, _goalAmount, 0, period , false, true, true);
campaigns[totalCampaigns] = aCampaign;
}
I am using Solc version 0.8.0. When I try to create a Struct that contains mapping, I received an error:
Struct containing a (nested) mapping cannot be constructed.
When I use older versions of solc (0.5.8), the code compiles without problems. But this version is not supported with other solidity files and giving error as:
Source file requires different compiler version (current compiler is
0.8.13+commit.abaa5c0e.Emscripten.clang) - note that nightly builds are considered to be strictly less than the released version
You can not keep a struct containing a mapping in memory, and you can not initialize a storage object in a function, it must be a state variable. So what you can do is, get an object from your mapping, assign it to a local variable and modify it. Like this:
function createCampaign(string memory _campaignTitle, string memory _campaignDescription, uint256 _goalAmount, uint256 _fundingPeriodInDays ) public {
++totalCampaigns;
uint256 period = block.timestamp + (_fundingPeriodInDays * 1 days);
Campaign storage aCampaign = campaigns[totalCampaigns];
aCampaign.campaignOwner = payable(msg.sender);
aCampaign.campaignTitle = _campaignTitle;
aCampaign.campaignDescription = _campaignDescription;
aCampaign.goalAmount = _goalAmount;
aCampaign.totalAmountFunded = 0;
aCampaign.deadline = period;
aCampaign.goalAchieved = false;
aCampaign.isCampaignOpen = true;
aCampaign.isExists = true;
}
I can not verify my test smart contract on BSC Main Network using #chainlink.
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.7;
import "#chainlink/contracts/src/v0.6/interfaces/AggregatorV3Interface.sol";
contract PriceTest {
AggregatorV3Interface internal priceFeed;
constructor() public {
priceFeed = AggregatorV3Interface(0x0567F2323251f0Aab15c8dFb1967E4e8A7D42aeE); // for BSC Main Net
}
function getLatestPrice() public view returns (uint256) {
(,int price,,,) = priceFeed.latestRoundData();
return uint256(price/100000000);
}
}
What I have done :
Make Flattened file and put in the contract code using truffle-flattener. I did it before for a test net and it's ok.
Copy ABI from remix and pasted to abi.hashex.org
But I tried many time end up with problem in verifying the contract. I think I am not really understand how to put constructor parameter correctly to get the ABI auto-parse.
I am quite new to smart contract. Need learn more from experts.
My contract :
https://bscscan.com/address/0x0849a15338a5f0787696cea335757b608ff92a85
Flattened file :
// File: #chainlink\contracts\src\v0.6\interfaces\AggregatorV3Interface.sol
// SPDX-License-Identifier: MIT
pragma solidity ^0.6.0;
interface AggregatorV3Interface {
function decimals()
external
view
returns (
uint8
);
function description()
external
view
returns (
string memory
);
function version()
external
view
returns (
uint256
);
// getRoundData and latestRoundData should both raise "No data present"
// if they do not have data to report, instead of returning unset values
// which could be misinterpreted as actual reported values.
function getRoundData(
uint80 _roundId
)
external
view
returns (
uint80 roundId,
int256 answer,
uint256 startedAt,
uint256 updatedAt,
uint80 answeredInRound
);
function latestRoundData()
external
view
returns (
uint80 roundId,
int256 answer,
uint256 startedAt,
uint256 updatedAt,
uint80 answeredInRound
);
}
// File: contracts\Getprice.sol
pragma solidity ^0.6.7;
contract PriceTest {
AggregatorV3Interface internal priceFeed;
constructor() public {
priceFeed = AggregatorV3Interface(0x0567F2323251f0Aab15c8dFb1967E4e8A7D42aeE); // for BSC Main Net
}
function getLatestPrice() public view returns (uint256) {
(,int price,,,) = priceFeed.latestRoundData();
return uint256(price/100000000);
}
}