fix: invalidate compromised endorsers in isVerified#81
Conversation
WalkthroughThe Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Suggested labels
Poem
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/IdentityToken.sol`:
- Line 245: Reformat the boolean assignment that sets the local variable active
in IdentityToken.sol (the line using e.revokedAt, e.validUntil, block.timestamp
and identityStates[e.endorserTokenId].isCompromised) to satisfy the repository
Prettier rules; either run the project's Prettier/format command or adjust
spacing/line breaks around the && and || operators so the expression is split or
spaced per style guidelines and the CI formatting error is resolved.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: a9bef3ed-a6f7-4be1-8a14-e8510d6b5f72
📒 Files selected for processing (2)
src/IdentityToken.soltest/IdentityToken.t.sol
| for (uint256 i = 0; i < list.length; i++) { | ||
| DataTypes.Endorsement storage e = list[i]; | ||
| bool active = e.revokedAt == 0 && (e.validUntil == 0 || e.validUntil >= block.timestamp); | ||
| bool active = e.revokedAt == 0 && (e.validUntil == 0 || e.validUntil >= block.timestamp) && !identityStates[e.endorserTokenId].isCompromised; |
There was a problem hiding this comment.
Fix CI formatting failure on this updated expression.
Line 245 is likely the Prettier violation reported by CI; please reformat this statement (or run the repo Prettier command) before merge.
💄 Suggested formatting
- bool active = e.revokedAt == 0 && (e.validUntil == 0 || e.validUntil >= block.timestamp) && !identityStates[e.endorserTokenId].isCompromised;
+ bool active = e.revokedAt == 0 &&
+ (e.validUntil == 0 || e.validUntil >= block.timestamp) &&
+ !identityStates[e.endorserTokenId].isCompromised;📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| bool active = e.revokedAt == 0 && (e.validUntil == 0 || e.validUntil >= block.timestamp) && !identityStates[e.endorserTokenId].isCompromised; | |
| bool active = e.revokedAt == 0 && | |
| (e.validUntil == 0 || e.validUntil >= block.timestamp) && | |
| !identityStates[e.endorserTokenId].isCompromised; |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/IdentityToken.sol` at line 245, Reformat the boolean assignment that sets
the local variable active in IdentityToken.sol (the line using e.revokedAt,
e.validUntil, block.timestamp and
identityStates[e.endorserTokenId].isCompromised) to satisfy the repository
Prettier rules; either run the project's Prettier/format command or adjust
spacing/line breaks around the && and || operators so the expression is split or
spaced per style guidelines and the CI formatting error is resolved.
Addressed Issues:
Fixes #67
Updated the
activecheck insrc/IdentityToken.sol(isVerified) to also require:!identityStates[e.endorserTokenId].isCompromisedNew logic:
bool active = e.revokedAt == 0 && (e.validUntil == 0 || e.validUntil >= block.timestamp) && !identityStates[e.endorserTokenId].isCompromised;Tests
Added one new test in
test/IdentityToken.t.sol:test_IsVerified_FalseIfEndorserCompromised()Test flow:
stdstoreisVerified(target)returnsfalseScreenshots/Recordings:
Additional Notes:
Security Impact
Prevents compromised identities from continuing to confer trust via existing endorsements, closing a trust-graph bypass risk.
Gas / Performance
isVerifiednow performs one additional storage read per endorsement candidate (identityStates[endorserTokenId].isCompromised).This is an intentional security tradeoff; short-circuiting still avoids that read for already revoked/expired endorsements.
AI Usage Disclosure:
We encourage contributors to use AI tools responsibly when creating Pull Requests. While AI can be a valuable aid, it is essential to ensure that your contributions meet the task requirements, build successfully, include relevant tests, and pass all linters. Submissions that do not meet these standards may be closed without warning to maintain the quality and integrity of the project. Please take the time to understand the changes you are proposing and their impact. AI slop is strongly discouraged and may lead to banning and blocking. Do not spam our repos with AI slop.
Check one of the checkboxes below:
I have used the following AI models and tools: TODO
Checklist
Summary by CodeRabbit
Bug Fixes
Tests