fix(security-issues): remove uniswap sdk with stale ethers

1inch · Jul 4, 2024 · 2f55bb3 · 2f55bb3
1 parent fde3bc3
commit 2f55bb3
Show file tree

Hide file tree

Showing 10 changed files with 327 additions and 63 deletions.
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ This is the package of utilities for building signature and call data of EIP-261
 
 | Statements                                                                     | Branches                                                                    | Functions                                                                     | Lines                                                                |
 | ------------------------------------------------------------------------------ | --------------------------------------------------------------------------- | ----------------------------------------------------------------------------- | -------------------------------------------------------------------- |
-| ![Statements](https://img.shields.io/badge/statements-98.54%25-brightgreen.svg) | ![Branches](https://img.shields.io/badge/branches-89.47%25-yellow.svg) | ![Functions](https://img.shields.io/badge/functions-94.74%25-brightgreen.svg) | ![Lines](https://img.shields.io/badge/lines-98.54%25-brightgreen.svg) |
+| ![Statements](https://img.shields.io/badge/statements-96.06%25-brightgreen.svg?style=flat) | ![Branches](https://img.shields.io/badge/branches-89.39%25-yellow.svg?style=flat) | ![Functions](https://img.shields.io/badge/functions-89.74%25-yellow.svg?style=flat) | ![Lines](https://img.shields.io/badge/lines-96.06%25-brightgreen.svg?style=flat) |
 
 ## Installation
 

diff --git a/package.json b/package.json
@@ -29,7 +29,6 @@
     },
     "homepage": "https://github.com/1inch/permit-signed-approvals-utils#readme",
     "dependencies": {
-        "@uniswap/permit2-sdk": "^1.2.0",
         "ethers": "^6.13.1"
     },
     "devDependencies": {
@@ -67,7 +66,8 @@
         "ts-mockito": "2.6.1",
         "ts-node": "10.9.2",
         "tslib": "2.6.2",
-        "typescript": "5.3.3"
+        "typescript": "5.3.3",
+        "yarn-audit-fix": "^10.0.7"
     },
     "husky": {
         "hooks": {

diff --git a/src/e2e/helpers/create-permit2-contract-and-deployt.ts b/src/e2e/helpers/create-permit2-contract-and-deployt.ts
@@ -1,12 +1,12 @@
-import { PERMIT2_ADDRESS } from "@uniswap/permit2-sdk";
 import byteCode from '../contracts/permit2.json'
 import PERMIT2_ABI from '../../abi/Permit2.abi.json';
 import { ethers } from "hardhat";
 import { Contract } from "ethers";
+import {Permit2Address} from '../../permit2.utils';
 
 export async function createPermit2ContractAndDeploy(): Promise<Contract> {
-    if ((await ethers.provider.getCode(PERMIT2_ADDRESS)) === '0x') {
-        await ethers.provider.send('hardhat_setCode', [PERMIT2_ADDRESS, byteCode.bytecode]);
+    if ((await ethers.provider.getCode(Permit2Address)) === '0x') {
+        await ethers.provider.send('hardhat_setCode', [Permit2Address, byteCode.bytecode]);
     }
-    return ethers.getContractAt(PERMIT2_ABI, PERMIT2_ADDRESS);
+    return ethers.getContractAt(PERMIT2_ABI, Permit2Address);
 }
diff --git a/src/e2e/helpers/decode-uncompressed-permit-single.ts b/src/e2e/helpers/decode-uncompressed-permit-single.ts
@@ -1,6 +1,6 @@
 
-import { PermitDetails, PermitSingle } from "@uniswap/permit2-sdk";
 import { AbiCoder, Signature } from "ethers";
+import {PermitDetails, PermitSingle} from '../../model/eip712-permit2.model';
 
 type DecodeResult = ReturnType<InstanceType<typeof AbiCoder>['decode']>;
 

diff --git a/src/e2e/permit2.utils.e2e.ts b/src/e2e/permit2.utils.e2e.ts
@@ -1,9 +1,8 @@
 import { ethers } from "hardhat";
 import { deploySwapTokens } from "./helpers/fixtures";
 import { loadFixture } from "@nomicfoundation/hardhat-network-helpers";
-import { Permit2Utils } from "../permit2.utils";
+import {Permit2Address, Permit2Utils} from "../permit2.utils";
 import { getProviderConnector, Signer } from "./helpers/provider-connector.mock";
-import { MaxUint256, PERMIT2_ADDRESS } from "@uniswap/permit2-sdk";
 import { expect } from 'chai';
 import { decodeUncompressedPermitSingle } from "./helpers/decode-uncompressed-permit-single";
 import { createPermit2ContractAndDeploy } from "./helpers/create-permit2-contract-and-deployt";
@@ -66,7 +65,7 @@ describe('permit2',  () => {
 
         describe('decompressed singlePermit',  () => {
             it('infinite expiry', async () => {
-                await dai.connect(addr1).approve(PERMIT2_ADDRESS, 1);
+                await dai.connect(addr1).approve(Permit2Address, 1);
 
                 const decompressedPermit = await permit2Builder.buildPermit2({
                     walletAddress: await addr1.getAddress(),
@@ -89,7 +88,7 @@ describe('permit2',  () => {
             });
 
             it('set expiry & sigDeadline', async () => {
-                await dai.connect(addr1).approve(PERMIT2_ADDRESS, MaxUint256.toBigInt());
+                await dai.connect(addr1).approve(Permit2Address, ethers.MaxUint256);
 
                 const deadline = Math.round((Date.now() / 1000)) + 3000;
 

diff --git a/src/eip-2612-permit.helper.ts b/src/eip-2612-permit.helper.ts
@@ -2,8 +2,7 @@ import { eip2612PermitModelFields, TOKEN_ADDRESSES_WITH_SALT } from './eip-2612-
 import {EIP712Object, EIP712TypedData} from './model/eip712.model';
 import { DaiPermitParams, PermitParams } from './model/permit.model';
 import {PermitTypedDataParamsModel} from './model/permit-typed-data-params.model';
-import { AllowanceTransfer } from "@uniswap/permit2-sdk";
-import { Eip712Permit2 } from "./model/eip712-permit2.model";
+import {Eip712Permit2, PermitSingleData} from "./model/eip712-permit2.model";
 import {abiCoder} from './connector/abi-coder';
 
 // eslint-disable-next-line max-lines-per-function
@@ -34,7 +33,7 @@ export function buildPermitTypedData(data: PermitTypedDataParamsModel): EIP712Ty
 }
 
 export function buildPermit2TypedData(
-    { domain, types, values }: ReturnType<typeof AllowanceTransfer.getPermitData>,
+    { domain, types, values }: PermitSingleData
 ): Eip712Permit2 {
     return {
         primaryType: 'PermitSingle',

diff --git a/src/helpers/get-permit2-contract.ts b/src/helpers/get-permit2-contract.ts
@@ -1,7 +1,7 @@
-import { PERMIT2_ADDRESS } from "@uniswap/permit2-sdk";
 import { Contract } from "ethers";
 import Permit2ABI from '../abi/Permit2.abi.json'
+import {Permit2Address} from '../permit2.utils';
 
 export function getPermit2Contract(): Contract {
-    return new Contract(PERMIT2_ADDRESS, Permit2ABI)
+    return new Contract(Permit2Address, Permit2ABI)
 }
diff --git a/src/model/eip712-permit2.model.ts b/src/model/eip712-permit2.model.ts
@@ -1,10 +1,35 @@
 import { EIP712TypedData } from "./eip712.model";
-import { TypedDataDomain, TypedDataField } from "@ethersproject/abstract-signer";
-import { PermitBatchData, PermitSingle } from "@uniswap/permit2-sdk/dist/allowanceTransfer";
+import {TypedDataDomain} from 'ethers';
+
+type BigNumberish = bigint | string | number
+
+export type PermitSingleData = {
+    domain: TypedDataDomain;
+    types: Record<string, TypedDataField[]>;
+    values: PermitSingle;
+};
+
+export interface PermitDetails {
+    token: string;
+    amount: BigNumberish;
+    expiration: BigNumberish
+    nonce: BigNumberish
+}
+
+export interface PermitSingle {
+    details: PermitDetails;
+    spender: string;
+    sigDeadline: BigNumberish;
+}
+
+export interface TypedDataField {
+    name: string;
+    type: string;
+}
 
 export type Eip712Permit2 = {
     types: Record<string, TypedDataField[]>;
     domain: TypedDataDomain;
-    message: PermitSingle | PermitBatchData;
+    message: PermitSingle;
     primaryType: string;
 } & EIP712TypedData;
diff --git a/src/permit2.utils.ts b/src/permit2.utils.ts
@@ -1,4 +1,3 @@
-import { AllowanceTransfer, PERMIT2_ADDRESS } from "@uniswap/permit2-sdk";
 import { ProviderConnector } from "./connector/provider.connector";
 import { buildPermit2TypedData } from "./eip-2612-permit.helper";
 import { getPermit2Contract } from "./helpers/get-permit2-contract";
@@ -7,6 +6,13 @@ import { decompressPermit } from "./helpers/decompress-permit";
 import { MAX_UINT48 } from "./helpers/constants";
 import { trim0x } from "./helpers/trim-0x";
 import { ethers, Signature } from 'ethers';
+import {
+    PermitDetails,
+    PermitSingle,
+    PermitSingleData,
+    TypedDataField
+} from './model/eip712-permit2.model';
+
 function cutSelector(data: string): string {
     const hexPrefix = '0x'
     return hexPrefix + data.substr(hexPrefix.length + 8)
@@ -24,10 +30,20 @@ export interface Permit2Params {
     compact?: boolean;
 }
 
-export interface AllowanceResponse {
-    amount: bigint;
-    expiration: number;
-    nonce: bigint;
+export const Permit2Address = '0x000000000022D473030F116dDEE9F6B43aC78BA3'
+
+const PERMIT_TYPES: Record<string, TypedDataField[]> = {
+    PermitSingle: [
+        { name: 'details', type: 'PermitDetails' },
+        { name: 'spender', type: 'address' },
+        { name: 'sigDeadline', type: 'uint256' },
+    ],
+    PermitDetails: [
+        { name: 'token', type: 'address' },
+        { name: 'amount', type: 'uint160' },
+        { name: 'expiration', type: 'uint48' },
+        { name: 'nonce', type: 'uint48' },
+    ],
 }
 
 export class Permit2Utils {
@@ -44,36 +60,40 @@ export class Permit2Utils {
         tokenAddress,
         nonce,
         chainId,
-        expiry = MAX_UINT48,
-        sigDeadline = MAX_UINT48,
+        expiry,
+        sigDeadline,
         compact = false
     }: Permit2Params): Promise<string> {
-        const details = {
+        const details: PermitDetails = {
             token: tokenAddress,
             amount: value,
-            expiration: expiry,
+            expiration: expiry || MAX_UINT48,
             nonce
         };
 
-        const permitSingle = {
+        const permitSingle: PermitSingle = {
             details,
             spender,
-            sigDeadline
-        };
-
-        const permitData = AllowanceTransfer.getPermitData(
-            permitSingle,
-            PERMIT2_ADDRESS,
-            chainId
-        );
+            sigDeadline: sigDeadline || MAX_UINT48
+        }
 
         const dataHash = ethers.TypedDataEncoder.hashStruct(
             'PermitSingle',
-            permitData.types,
-            permitData.values
+            PERMIT_TYPES,
+            permitSingle
         )
 
-        const typedData = buildPermit2TypedData(permitData);
+        const data: PermitSingleData = {
+            types: PERMIT_TYPES,
+            values: permitSingle,
+            domain: {
+                name: 'Permit2',
+                chainId,
+                verifyingContract: Permit2Address,
+            }
+        }
+
+        const typedData = buildPermit2TypedData(data);
 
         const signedPermit = await this.connector.signTypedData(walletAddress, typedData, dataHash);