Added tx_origin check

aalavandhan · aalavandhan · commit 709b6fccac00 · 2021-06-18T15:05:04.000-04:00
diff --git a/contracts/_mocks/MockConstructorRebaseCallerContract.sol b/contracts/_mocks/MockConstructorRebaseCallerContract.sol
@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+pragma solidity 0.6.12;
+
+import "../_interfaces/IXCAmpleController.sol";
+
+contract MockConstructorRebaseCallerContract {
+    constructor(address policy) public {
+        // Take out a flash loan.
+        // Do something funky...
+        IXCAmpleController(policy).rebase(); // should fail
+        // pay back flash loan.
+    }
+}
diff --git a/contracts/_mocks/MockRebaseCallerContract.sol b/contracts/_mocks/MockRebaseCallerContract.sol
@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+pragma solidity 0.6.12;
+
+import "../_interfaces/IXCAmpleController.sol";
+
+contract MockRebaseCallerContract {
+    function callRebase(address policy) public returns (bool) {
+        // Take out a flash loan.
+        // Do something funky...
+        IXCAmpleController(policy).rebase(); // should fail
+        // pay back flash loan.
+        return true;
+    }
+}
diff --git a/contracts/satellite-chain/xc-ampleforth/XCAmpleController.sol b/contracts/satellite-chain/xc-ampleforth/XCAmpleController.sol
@@ -172,6 +172,8 @@ contract XCAmpleController is OwnableUpgradeable {
      *      on the rebase relayer.
      */
     function rebase() external {
+        require(msg.sender == tx.origin, "XCAmpleController: expected caller to be eoa");
+
         // recently reported epoch needs to be more than current globalEpoch in storage
         require(
             nextGlobalAmpleforthEpoch > globalAmpleforthEpoch,
diff --git a/test/unit/satellite-chain/xc-ampleforth/xc_controller_rebase.js b/test/unit/satellite-chain/xc-ampleforth/xc_controller_rebase.js
@@ -69,6 +69,31 @@ describe('XCAmpleController:rebase:epoch', async () => {
   });
 });
 
+describe('XCAmpleController:rebase:called by a contract', function () {
+  it('should fail', async function () {
+    await controller.connect(bridge).reportRebase(2, 1000);
+    const rebaseCallerContract = await (
+      await ethers.getContractFactory('MockRebaseCallerContract')
+    )
+      .connect(deployer)
+      .deploy();
+    await expect(
+      rebaseCallerContract.callRebase(controller.address),
+    ).to.be.revertedWith('XCAmpleController: expected caller to be eoa');
+  });
+});
+
+describe('XCAmpleController:rebase:called by a contract which is being constructed', function () {
+  it('should fail', async function () {
+    await controller.connect(bridge).reportRebase(2, 1000);
+    await expect(
+      (await ethers.getContractFactory('MockConstructorRebaseCallerContract'))
+        .connect(deployer)
+        .deploy(controller.address),
+    ).to.be.revertedWith('XCAmpleController: expected caller to be eoa');
+  });
+});
+
 describe('XCAmpleController:rebase', async () => {
   beforeEach('setup XCAmpleController contract', async () => {
     await setupContracts();
