/* * @source: https://github.com/trailofbits/not-so-smart-contracts/blob/master/reentrancy/SpankChain_source_code/SpankChain_Payment.sol * @author: - * @vulnerable_at_lines: 426,430 */ // https://etherscan.io/address/0xf91546835f756da0c10cfa0cda95b15577b84aa7#code pragma solidity ^0.4.23; // produced by the Solididy File Flattener (c) David Appleton 2018 // contact : dave@akomba.com // released under Apache 2.0 licence contract Token { /* This is a slight change to the ERC20 base standard. function totalSupply() constant returns (uint256 supply); is replaced with: uint256 public totalSupply; This automatically creates a getter function for the totalSupply. This is moved to the base contract since public getter functions are not currently recognised as an implementation of the matching abstract function by the compiler. */ /// total amount of tokens uint256 public totalSupply; /// @param _owner The address from which the balance will be retrieved /// @return The balance function balanceOf(address _owner) public constant returns (uint256 balance); /// @notice send `_value` token to `_to` from `msg.sender` /// @param _to The address of the recipient /// @param _value The amount of token to be transferred /// @return Whether the transfer was successful or not function transfer(address _to, uint256 _value) public returns (bool success); /// @notice send `_value` token to `_to` from `_from` on the condition it is approved by `_from` /// @param _from The address of the sender /// @param _to The address of the recipient /// @param _value The amount of token to be transferred /// @return Whether the transfer was successful or not function transferFrom(address _from, address _to, uint256 _value) public returns (bool success); /// @notice `msg.sender` approves `_spender` to spend `_value` tokens /// @param _spender The address of the account able to transfer the tokens /// @param _value The amount of tokens to be approved for transfer /// @return Whether the approval was successful or not function approve(address _spender, uint256 _value) public returns (bool success); /// @param _owner The address of the account owning tokens /// @param _spender The address of the account able to transfer the tokens /// @return Amount of remaining tokens allowed to spent function allowance(address _owner, address _spender) public constant returns (uint256 remaining); event Transfer(address indexed _from, address indexed _to, uint256 _value); event Approval(address indexed _owner, address indexed _spender, uint256 _value); } library ECTools { // @dev Recovers the address which has signed a message // @thanks https://gist.github.com/axic/5b33912c6f61ae6fd96d6c4a47afde6d function recoverSigner(bytes32 _hashedMsg, string _sig) public pure returns (address) { require(_hashedMsg != 0x00); // need this for test RPC bytes memory prefix = "\x19Ethereum Signed Message:\n32"; bytes32 prefixedHash = keccak256(abi.encodePacked(prefix, _hashedMsg)); if (bytes(_sig).length != 132) { return 0x0; } bytes32 r; bytes32 s; uint8 v; bytes memory sig = hexstrToBytes(substring(_sig, 2, 132)); assembly { r := mload(add(sig, 32)) s := mload(add(sig, 64)) v := byte(0, mload(add(sig, 96))) } if (v < 27) { v += 27; } if (v < 27 || v > 28) { return 0x0; } return ecrecover(prefixedHash, v, r, s); } // @dev Verifies if the message is signed by an address function isSignedBy(bytes32 _hashedMsg, string _sig, address _addr) public pure returns (bool) { require(_addr != 0x0); return _addr == recoverSigner(_hashedMsg, _sig); } // @dev Converts an hexstring to bytes function hexstrToBytes(string _hexstr) public pure returns (bytes) { uint len = bytes(_hexstr).length; require(len % 2 == 0); bytes memory bstr = bytes(new string(len / 2)); uint k = 0; string memory s; string memory r; for (uint i = 0; i < len; i += 2) { s = substring(_hexstr, i, i + 1); r = substring(_hexstr, i + 1, i + 2); uint p = parseInt16Char(s) * 16 + parseInt16Char(r); bstr[k++] = uintToBytes32(p)[31]; } return bstr; } // @dev Parses a hexchar, like 'a', and returns its hex value, in this case 10 function parseInt16Char(string _char) public pure returns (uint) { bytes memory bresult = bytes(_char); // bool decimals = false; if ((bresult[0] >= 48) && (bresult[0] <= 57)) { return uint(bresult[0]) - 48; } else if ((bresult[0] >= 65) && (bresult[0] <= 70)) { return uint(bresult[0]) - 55; } else if ((bresult[0] >= 97) && (bresult[0] <= 102)) { return uint(bresult[0]) - 87; } else { revert(); } } // @dev Converts a uint to a bytes32 // @thanks https://ethereum.stackexchange.com/questions/4170/how-to-convert-a-uint-to-bytes-in-solidity function uintToBytes32(uint _uint) public pure returns (bytes b) { b = new bytes(32); assembly {mstore(add(b, 32), _uint)} } // @dev Hashes the signed message // @ref https://github.com/ethereum/go-ethereum/issues/3731#issuecomment-293866868 function toEthereumSignedMessage(string _msg) public pure returns (bytes32) { uint len = bytes(_msg).length; require(len > 0); bytes memory prefix = "\x19Ethereum Signed Message:\n"; return keccak256(abi.encodePacked(prefix, uintToString(len), _msg)); } // @dev Converts a uint in a string function uintToString(uint _uint) public pure returns (string str) { uint len = 0; uint m = _uint + 0; while (m != 0) { len++; m /= 10; } bytes memory b = new bytes(len); uint i = len - 1; while (_uint != 0) { uint remainder = _uint % 10; _uint = _uint / 10; b[i--] = byte(48 + remainder); } str = string(b); } // @dev extract a substring // @thanks https://ethereum.stackexchange.com/questions/31457/substring-in-solidity function substring(string _str, uint _startIndex, uint _endIndex) public pure returns (string) { bytes memory strBytes = bytes(_str); require(_startIndex <= _endIndex); require(_startIndex >= 0); require(_endIndex <= strBytes.length); bytes memory result = new bytes(_endIndex - _startIndex); for (uint i = _startIndex; i < _endIndex; i++) { result[i - _startIndex] = strBytes[i]; } return string(result); } } contract StandardToken is Token { function transfer(address _to, uint256 _value) public returns (bool success) { //Default assumes totalSupply can't be over max (2^256 - 1). //If your token leaves out totalSupply and can issue more tokens as time goes on, you need to check if it doesn't wrap. //Replace the if with this one instead. //require(balances[msg.sender] >= _value && balances[_to] + _value > balances[_to]); require(balances[msg.sender] >= _value); balances[msg.sender] -= _value; balances[_to] += _value; emit Transfer(msg.sender, _to, _value); return true; } function transferFrom(address _from, address _to, uint256 _value) public returns (bool success) { //same as above. Replace this line with the following if you want to protect against wrapping uints. //require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value && balances[_to] + _value > balances[_to]); require(balances[_from] >= _value && allowed[_from][msg.sender] >= _value); balances[_to] += _value; balances[_from] -= _value; allowed[_from][msg.sender] -= _value; emit Transfer(_from, _to, _value); return true; } function balanceOf(address _owner) public constant returns (uint256 balance) { return balances[_owner]; } function approve(address _spender, uint256 _value) public returns (bool success) { allowed[msg.sender][_spender] = _value; emit Approval(msg.sender, _spender, _value); return true; } function allowance(address _owner, address _spender) public constant returns (uint256 remaining) { return allowed[_owner][_spender]; } mapping (address => uint256) balances; mapping (address => mapping (address => uint256)) allowed; } contract HumanStandardToken is StandardToken { /* Public variables of the token */ /* NOTE: The following variables are OPTIONAL vanities. One does not have to include them. They allow one to customise the token contract & in no way influences the core functionality. Some wallets/interfaces might not even bother to look at this information. */ string public name; //fancy name: eg Simon Bucks uint8 public decimals; //How many decimals to show. ie. There could 1000 base units with 3 decimals. Meaning 0.980 SBX = 980 base units. It's like comparing 1 wei to 1 ether. string public symbol; //An identifier: eg SBX string public version = 'H0.1'; //human 0.1 standard. Just an arbitrary versioning scheme. constructor( uint256 _initialAmount, string _tokenName, uint8 _decimalUnits, string _tokenSymbol ) public { balances[msg.sender] = _initialAmount; // Give the creator all initial tokens totalSupply = _initialAmount; // Update total supply name = _tokenName; // Set the name for display purposes decimals = _decimalUnits; // Amount of decimals for display purposes symbol = _tokenSymbol; // Set the symbol for display purposes } /* Approves and then calls the receiving contract */ function approveAndCall(address _spender, uint256 _value, bytes _extraData) public returns (bool success) { allowed[msg.sender][_spender] = _value; emit Approval(msg.sender, _spender, _value); //call the receiveApproval function on the contract you want to be notified. This crafts the function signature manually so one doesn't have to include a contract in here just for this. //receiveApproval(address _from, uint256 _value, address _tokenContract, bytes _extraData) //it is assumed that when does this that the call *should* succeed, otherwise one would use vanilla approve instead. require(_spender.call(bytes4(bytes32(keccak256("receiveApproval(address,uint256,address,bytes)"))), msg.sender, _value, this, _extraData)); return true; } } contract LedgerChannel { string public constant NAME = "Ledger Channel"; string public constant VERSION = "0.0.1"; uint256 public numChannels = 0; event DidLCOpen ( bytes32 indexed channelId, address indexed partyA, address indexed partyI, uint256 ethBalanceA, address token, uint256 tokenBalanceA, uint256 LCopenTimeout ); event DidLCJoin ( bytes32 indexed channelId, uint256 ethBalanceI, uint256 tokenBalanceI ); event DidLCDeposit ( bytes32 indexed channelId, address indexed recipient, uint256 deposit, bool isToken ); event DidLCUpdateState ( bytes32 indexed channelId, uint256 sequence, uint256 numOpenVc, uint256 ethBalanceA, uint256 tokenBalanceA, uint256 ethBalanceI, uint256 tokenBalanceI, bytes32 vcRoot, uint256 updateLCtimeout ); event DidLCClose ( bytes32 indexed channelId, uint256 sequence, uint256 ethBalanceA, uint256 tokenBalanceA, uint256 ethBalanceI, uint256 tokenBalanceI ); event DidVCInit ( bytes32 indexed lcId, bytes32 indexed vcId, bytes proof, uint256 sequence, address partyA, address partyB, uint256 balanceA, uint256 balanceB ); event DidVCSettle ( bytes32 indexed lcId, bytes32 indexed vcId, uint256 updateSeq, uint256 updateBalA, uint256 updateBalB, address challenger, uint256 updateVCtimeout ); event DidVCClose( bytes32 indexed lcId, bytes32 indexed vcId, uint256 balanceA, uint256 balanceB ); struct Channel { //TODO: figure out if it's better just to split arrays by balances/deposits instead of eth/erc20 address[2] partyAddresses; // 0: partyA 1: partyI uint256[4] ethBalances; // 0: balanceA 1:balanceI 2:depositedA 3:depositedI uint256[4] erc20Balances; // 0: balanceA 1:balanceI 2:depositedA 3:depositedI uint256[2] initialDeposit; // 0: eth 1: tokens uint256 sequence; uint256 confirmTime; bytes32 VCrootHash; uint256 LCopenTimeout; uint256 updateLCtimeout; // when update LC times out bool isOpen; // true when both parties have joined bool isUpdateLCSettling; uint256 numOpenVC; HumanStandardToken token; } // virtual-channel state struct VirtualChannel { bool isClose; bool isInSettlementState; uint256 sequence; address challenger; // Initiator of challenge uint256 updateVCtimeout; // when update VC times out // channel state address partyA; // VC participant A address partyB; // VC participant B address partyI; // LC hub uint256[2] ethBalances; uint256[2] erc20Balances; uint256[2] bond; HumanStandardToken token; } mapping(bytes32 => VirtualChannel) public virtualChannels; mapping(bytes32 => Channel) public Channels; function createChannel( bytes32 _lcID, address _partyI, uint256 _confirmTime, address _token, uint256[2] _balances // [eth, token] ) public payable { require(Channels[_lcID].partyAddresses[0] == address(0), "Channel has already been created."); require(_partyI != 0x0, "No partyI address provided to LC creation"); require(_balances[0] >= 0 && _balances[1] >= 0, "Balances cannot be negative"); // Set initial ledger channel state // Alice must execute this and we assume the initial state // to be signed from this requirement // Alternative is to check a sig as in joinChannel Channels[_lcID].partyAddresses[0] = msg.sender; Channels[_lcID].partyAddresses[1] = _partyI; if(_balances[0] != 0) { require(msg.value == _balances[0], "Eth balance does not match sent value"); Channels[_lcID].ethBalances[0] = msg.value; } if(_balances[1] != 0) { Channels[_lcID].token = HumanStandardToken(_token); require(Channels[_lcID].token.transferFrom(msg.sender, this, _balances[1]),"CreateChannel: token transfer failure"); Channels[_lcID].erc20Balances[0] = _balances[1]; } Channels[_lcID].sequence = 0; Channels[_lcID].confirmTime = _confirmTime; // is close flag, lc state sequence, number open vc, vc root hash, partyA... //Channels[_lcID].stateHash = keccak256(uint256(0), uint256(0), uint256(0), bytes32(0x0), bytes32(msg.sender), bytes32(_partyI), balanceA, balanceI); Channels[_lcID].LCopenTimeout = now + _confirmTime; Channels[_lcID].initialDeposit = _balances; emit DidLCOpen(_lcID, msg.sender, _partyI, _balances[0], _token, _balances[1], Channels[_lcID].LCopenTimeout); } function LCOpenTimeout(bytes32 _lcID) public { require(msg.sender == Channels[_lcID].partyAddresses[0] && Channels[_lcID].isOpen == false); require(now > Channels[_lcID].LCopenTimeout); if(Channels[_lcID].initialDeposit[0] != 0) { // REENTRANCY Channels[_lcID].partyAddresses[0].transfer(Channels[_lcID].ethBalances[0]); } if(Channels[_lcID].initialDeposit[1] != 0) { // REENTRANCY require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[0], Channels[_lcID].erc20Balances[0]),"CreateChannel: token transfer failure"); } emit DidLCClose(_lcID, 0, Channels[_lcID].ethBalances[0], Channels[_lcID].erc20Balances[0], 0, 0); // only safe to delete since no action was taken on this channel delete Channels[_lcID]; } function joinChannel(bytes32 _lcID, uint256[2] _balances) public payable { // require the channel is not open yet require(Channels[_lcID].isOpen == false); require(msg.sender == Channels[_lcID].partyAddresses[1]); if(_balances[0] != 0) { require(msg.value == _balances[0], "state balance does not match sent value"); Channels[_lcID].ethBalances[1] = msg.value; } if(_balances[1] != 0) { require(Channels[_lcID].token.transferFrom(msg.sender, this, _balances[1]),"joinChannel: token transfer failure"); Channels[_lcID].erc20Balances[1] = _balances[1]; } Channels[_lcID].initialDeposit[0]+=_balances[0]; Channels[_lcID].initialDeposit[1]+=_balances[1]; // no longer allow joining functions to be called Channels[_lcID].isOpen = true; numChannels++; emit DidLCJoin(_lcID, _balances[0], _balances[1]); } // additive updates of monetary state // TODO check this for attack vectors function deposit(bytes32 _lcID, address recipient, uint256 _balance, bool isToken) public payable { require(Channels[_lcID].isOpen == true, "Tried adding funds to a closed channel"); require(recipient == Channels[_lcID].partyAddresses[0] || recipient == Channels[_lcID].partyAddresses[1]); //if(Channels[_lcID].token) if (Channels[_lcID].partyAddresses[0] == recipient) { if(isToken) { require(Channels[_lcID].token.transferFrom(msg.sender, this, _balance),"deposit: token transfer failure"); Channels[_lcID].erc20Balances[2] += _balance; } else { require(msg.value == _balance, "state balance does not match sent value"); Channels[_lcID].ethBalances[2] += msg.value; } } if (Channels[_lcID].partyAddresses[1] == recipient) { if(isToken) { require(Channels[_lcID].token.transferFrom(msg.sender, this, _balance),"deposit: token transfer failure"); Channels[_lcID].erc20Balances[3] += _balance; } else { require(msg.value == _balance, "state balance does not match sent value"); Channels[_lcID].ethBalances[3] += msg.value; } } emit DidLCDeposit(_lcID, recipient, _balance, isToken); } // TODO: Check there are no open virtual channels, the client should have cought this before signing a close LC state update function consensusCloseChannel( bytes32 _lcID, uint256 _sequence, uint256[4] _balances, // 0: ethBalanceA 1:ethBalanceI 2:tokenBalanceA 3:tokenBalanceI string _sigA, string _sigI ) public { // assume num open vc is 0 and root hash is 0x0 //require(Channels[_lcID].sequence < _sequence); require(Channels[_lcID].isOpen == true); uint256 totalEthDeposit = Channels[_lcID].initialDeposit[0] + Channels[_lcID].ethBalances[2] + Channels[_lcID].ethBalances[3]; uint256 totalTokenDeposit = Channels[_lcID].initialDeposit[1] + Channels[_lcID].erc20Balances[2] + Channels[_lcID].erc20Balances[3]; require(totalEthDeposit == _balances[0] + _balances[1]); require(totalTokenDeposit == _balances[2] + _balances[3]); bytes32 _state = keccak256( abi.encodePacked( _lcID, true, _sequence, uint256(0), bytes32(0x0), Channels[_lcID].partyAddresses[0], Channels[_lcID].partyAddresses[1], _balances[0], _balances[1], _balances[2], _balances[3] ) ); require(Channels[_lcID].partyAddresses[0] == ECTools.recoverSigner(_state, _sigA)); require(Channels[_lcID].partyAddresses[1] == ECTools.recoverSigner(_state, _sigI)); Channels[_lcID].isOpen = false; if(_balances[0] != 0 || _balances[1] != 0) { Channels[_lcID].partyAddresses[0].transfer(_balances[0]); Channels[_lcID].partyAddresses[1].transfer(_balances[1]); } if(_balances[2] != 0 || _balances[3] != 0) { require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[0], _balances[2]),"happyCloseChannel: token transfer failure"); require(Channels[_lcID].token.transfer(Channels[_lcID].partyAddresses[1], _balances[3]),"happyCloseChannel: token transfer failure"); } numChannels--; emit DidLCClose(_lcID, _sequence, _balances[0], _balances[1], _balances[2], _balances[3]); } // Byzantine functions function updateLCstate( bytes32 _lcID, uint256[6] updateParams, // [sequence, numOpenVc, ethbalanceA, ethbalanceI, tokenbalanceA, tokenbalanceI] bytes32 _VCroot, string _sigA, string _sigI ) public { Channel storage channel = Channels[_lcID]; require(channel.isOpen); require(channel.sequence < updateParams[0]); // do same as vc sequence check require(channel.ethBalances[0] + channel.ethBalances[1] >= updateParams[2] + updateParams[3]); require(channel.erc20Balances[0] + channel.erc20Balances[1] >= updateParams[4] + updateParams[5]); if(channel.isUpdateLCSettling == true) { require(channel.updateLCtimeout > now); } bytes32 _state = keccak256( abi.encodePacked( _lcID, false, updateParams[0], updateParams[1], _VCroot, channel.partyAddresses[0], channel.partyAddresses[1], updateParams[2], updateParams[3], updateParams[4], updateParams[5] ) ); require(channel.partyAddresses[0] == ECTools.recoverSigner(_state, _sigA)); require(channel.partyAddresses[1] == ECTools.recoverSigner(_state, _sigI)); // update LC state channel.sequence = updateParams[0]; channel.numOpenVC = updateParams[1]; channel.ethBalances[0] = updateParams[2]; channel.ethBalances[1] = updateParams[3]; channel.erc20Balances[0] = updateParams[4]; channel.erc20Balances[1] = updateParams[5]; channel.VCrootHash = _VCroot; channel.isUpdateLCSettling = true; channel.updateLCtimeout = now + channel.confirmTime; // make settlement flag emit DidLCUpdateState ( _lcID, updateParams[0], updateParams[1], updateParams[2], updateParams[3], updateParams[4], updateParams[5], _VCroot, channel.updateLCtimeout ); } // supply initial state of VC to "prime" the force push game function initVCstate( bytes32 _lcID, bytes32 _vcID, bytes _proof, address _partyA, address _partyB, uint256[2] _bond, uint256[4] _balances, // 0: ethBalanceA 1:ethBalanceI 2:tokenBalanceA 3:tokenBalanceI string sigA ) public { require(Channels[_lcID].isOpen, "LC is closed."); // sub-channel must be open require(!virtualChannels[_vcID].isClose, "VC is closed."); // Check time has passed on updateLCtimeout and has not passed the time to store a vc state require(Channels[_lcID].updateLCtimeout < now, "LC timeout not over."); // prevent rentry of initializing vc state require(virtualChannels[_vcID].updateVCtimeout == 0); // partyB is now Ingrid bytes32 _initState = keccak256( abi.encodePacked(_vcID, uint256(0), _partyA, _partyB, _bond[0], _bond[1], _balances[0], _balances[1], _balances[2], _balances[3]) ); // Make sure Alice has signed initial vc state (A/B in oldState) require(_partyA == ECTools.recoverSigner(_initState, sigA)); // Check the oldState is in the root hash require(_isContained(_initState, _proof, Channels[_lcID].VCrootHash) == true); virtualChannels[_vcID].partyA = _partyA; // VC participant A virtualChannels[_vcID].partyB = _partyB; // VC participant B virtualChannels[_vcID].sequence = uint256(0); virtualChannels[_vcID].ethBalances[0] = _balances[0]; virtualChannels[_vcID].ethBalances[1] = _balances[1]; virtualChannels[_vcID].erc20Balances[0] = _balances[2]; virtualChannels[_vcID].erc20Balances[1] = _balances[3]; virtualChannels[_vcID].bond = _bond; virtualChannels[_vcID].updateVCtimeout = now + Channels[_lcID].confirmTime; virtualChannels[_vcID].isInSettlementState = true; emit DidVCInit(_lcID, _vcID, _proof, uint256(0), _partyA, _partyB, _balances[0], _balances[1]); } //TODO: verify state transition since the hub did not agree to this state // make sure the A/B balances are not beyond ingrids bonds // Params: vc init state, vc final balance, vcID function settleVC( bytes32 _lcID, bytes32 _vcID, uint256 updateSeq, address _partyA, address _partyB, uint256[4] updateBal, // [ethupdateBalA, ethupdateBalB, tokenupdateBalA, tokenupdateBalB] string sigA ) public { require(Channels[_lcID].isOpen, "LC is closed."); // sub-channel must be open require(!virtualChannels[_vcID].isClose, "VC is closed."); require(virtualChannels[_vcID].sequence < updateSeq, "VC sequence is higher than update sequence."); require( virtualChannels[_vcID].ethBalances[1] < updateBal[1] && virtualChannels[_vcID].erc20Balances[1] < updateBal[3], "State updates may only increase recipient balance." ); require( virtualChannels[_vcID].bond[0] == updateBal[0] + updateBal[1] && virtualChannels[_vcID].bond[1] == updateBal[2] + updateBal[3], "Incorrect balances for bonded amount"); // Check time has passed on updateLCtimeout and has not passed the time to store a vc state // virtualChannels[_vcID].updateVCtimeout should be 0 on uninitialized vc state, and this should // fail if initVC() isn't called first // require(Channels[_lcID].updateLCtimeout < now && now < virtualChannels[_vcID].updateVCtimeout); require(Channels[_lcID].updateLCtimeout < now); // for testing! bytes32 _updateState = keccak256( abi.encodePacked( _vcID, updateSeq, _partyA, _partyB, virtualChannels[_vcID].bond[0], virtualChannels[_vcID].bond[1], updateBal[0], updateBal[1], updateBal[2], updateBal[3] ) ); // Make sure Alice has signed a higher sequence new state require(virtualChannels[_vcID].partyA == ECTools.recoverSigner(_updateState, sigA)); // store VC data // we may want to record who is initiating on-chain settles virtualChannels[_vcID].challenger = msg.sender; virtualChannels[_vcID].sequence = updateSeq; // channel state virtualChannels[_vcID].ethBalances[0] = updateBal[0]; virtualChannels[_vcID].ethBalances[1] = updateBal[1]; virtualChannels[_vcID].erc20Balances[0] = updateBal[2]; virtualChannels[_vcID].erc20Balances[1] = updateBal[3]; virtualChannels[_vcID].updateVCtimeout = now + Channels[_lcID].confirmTime; emit DidVCSettle(_lcID, _vcID, updateSeq, updateBal[0], updateBal[1], msg.sender, virtualChannels[_vcID].updateVCtimeout); } function closeVirtualChannel(bytes32 _lcID, bytes32 _vcID) public { // require(updateLCtimeout > now) require(Channels[_lcID].isOpen, "LC is closed."); require(virtualChannels[_vcID].isInSettlementState, "VC is not in settlement state."); require(virtualChannels[_vcID].updateVCtimeout < now, "Update vc timeout has not elapsed."); require(!virtualChannels[_vcID].isClose, "VC is already closed"); // reduce the number of open virtual channels stored on LC Channels[_lcID].numOpenVC--; // close vc flags virtualChannels[_vcID].isClose = true; // re-introduce the balances back into the LC state from the settled VC // decide if this lc is alice or bob in the vc if(virtualChannels[_vcID].partyA == Channels[_lcID].partyAddresses[0]) { Channels[_lcID].ethBalances[0] += virtualChannels[_vcID].ethBalances[0]; Channels[_lcID].ethBalances[1] += virtualChannels[_vcID].ethBalances[1]; Channels[_lcID].erc20Balances[0] += virtualChannels[_vcID].erc20Balances[0]; Channels[_lcID].erc20Balances[1] += virtualChannels[_vcID].erc20Balances[1]; } else if (virtualChannels[_vcID].partyB == Channels[_lcID].partyAddresses[0]) { Channels[_lcID].ethBalances[0] += virtualChannels[_vcID].ethBalances[1]; Channels[_lcID].ethBalances[1] += virtualChannels[_vcID].ethBalances[0]; Channels[_lcID].erc20Balances[0] += virtualChannels[_vcID].erc20Balances[1]; Channels[_lcID].erc20Balances[1] += virtualChannels[_vcID].erc20Balances[0]; } emit DidVCClose(_lcID, _vcID, virtualChannels[_vcID].erc20Balances[0], virtualChannels[_vcID].erc20Balances[1]); } // todo: allow ethier lc.end-user to nullify the settled LC state and return to off-chain function byzantineCloseChannel(bytes32 _lcID) public { Channel storage channel = Channels[_lcID]; // check settlement flag require(channel.isOpen, "Channel is not open"); require(channel.isUpdateLCSettling == true); require(channel.numOpenVC == 0); require(channel.updateLCtimeout < now, "LC timeout over."); // if off chain state update didnt reblance deposits, just return to deposit owner uint256 totalEthDeposit = channel.initialDeposit[0] + channel.ethBalances[2] + channel.ethBalances[3]; uint256 totalTokenDeposit = channel.initialDeposit[1] + channel.erc20Balances[2] + channel.erc20Balances[3]; uint256 possibleTotalEthBeforeDeposit = channel.ethBalances[0] + channel.ethBalances[1]; uint256 possibleTotalTokenBeforeDeposit = channel.erc20Balances[0] + channel.erc20Balances[1]; if(possibleTotalEthBeforeDeposit < totalEthDeposit) { channel.ethBalances[0]+=channel.ethBalances[2]; channel.ethBalances[1]+=channel.ethBalances[3]; } else { require(possibleTotalEthBeforeDeposit == totalEthDeposit); } if(possibleTotalTokenBeforeDeposit < totalTokenDeposit) { channel.erc20Balances[0]+=channel.erc20Balances[2]; channel.erc20Balances[1]+=channel.erc20Balances[3]; } else { require(possibleTotalTokenBeforeDeposit == totalTokenDeposit); } // reentrancy uint256 ethbalanceA = channel.ethBalances[0]; uint256 ethbalanceI = channel.ethBalances[1]; uint256 tokenbalanceA = channel.erc20Balances[0]; uint256 tokenbalanceI = channel.erc20Balances[1]; channel.ethBalances[0] = 0; channel.ethBalances[1] = 0; channel.erc20Balances[0] = 0; channel.erc20Balances[1] = 0; if(ethbalanceA != 0 || ethbalanceI != 0) { channel.partyAddresses[0].transfer(ethbalanceA); channel.partyAddresses[1].transfer(ethbalanceI); } if(tokenbalanceA != 0 || tokenbalanceI != 0) { require( channel.token.transfer(channel.partyAddresses[0], tokenbalanceA), "byzantineCloseChannel: token transfer failure" ); require( channel.token.transfer(channel.partyAddresses[1], tokenbalanceI), "byzantineCloseChannel: token transfer failure" ); } channel.isOpen = false; numChannels--; emit DidLCClose(_lcID, channel.sequence, ethbalanceA, ethbalanceI, tokenbalanceA, tokenbalanceI); } function _isContained(bytes32 _hash, bytes _proof, bytes32 _root) internal pure returns (bool) { bytes32 cursor = _hash; bytes32 proofElem; for (uint256 i = 64; i <= _proof.length; i += 32) { assembly { proofElem := mload(add(_proof, i)) } if (cursor < proofElem) { cursor = keccak256(abi.encodePacked(cursor, proofElem)); } else { cursor = keccak256(abi.encodePacked(proofElem, cursor)); } } return cursor == _root; } //Struct Getters function getChannel(bytes32 id) public view returns ( address[2], uint256[4], uint256[4], uint256[2], uint256, uint256, bytes32, uint256, uint256, bool, bool, uint256 ) { Channel memory channel = Channels[id]; return ( channel.partyAddresses, channel.ethBalances, channel.erc20Balances, channel.initialDeposit, channel.sequence, channel.confirmTime, channel.VCrootHash, channel.LCopenTimeout, channel.updateLCtimeout, channel.isOpen, channel.isUpdateLCSettling, channel.numOpenVC ); } function getVirtualChannel(bytes32 id) public view returns( bool, bool, uint256, address, uint256, address, address, address, uint256[2], uint256[2], uint256[2] ) { VirtualChannel memory virtualChannel = virtualChannels[id]; return( virtualChannel.isClose, virtualChannel.isInSettlementState, virtualChannel.sequence, virtualChannel.challenger, virtualChannel.updateVCtimeout, virtualChannel.partyA, virtualChannel.partyB, virtualChannel.partyI, virtualChannel.ethBalances, virtualChannel.erc20Balances, virtualChannel.bond ); } }