@@ -5,7 +5,7 @@ import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
55
66import "../interfaces/IWormhole.sol " ;
77import "../interfaces/IWormholeReceiver.sol " ;
8- import "../interfaces/ICoreRelayer .sol " ;
8+ import "../interfaces/IWormholeRelayer .sol " ;
99
1010/**
1111 * This contract is a malicious "integration" that attempts to attack the forward mechanism.
@@ -14,15 +14,15 @@ contract AttackForwardIntegration is IWormholeReceiver {
1414 mapping (bytes32 => bool ) consumedMessages;
1515 address attackerReward;
1616 IWormhole wormhole;
17- ICoreRelayer core_relayer;
17+ IWormholeRelayer core_relayer;
1818 uint32 nonce = 1 ;
1919 uint16 targetChainId;
2020
2121 // Capture 30k gas for fees
2222 // This just needs to be enough to pay for the call to the destination address.
2323 uint32 SAFE_DELIVERY_GAS_CAPTURE = 30000 ;
2424
25- constructor (IWormhole initWormhole , ICoreRelayer initCoreRelayer , uint16 chainId , address initAttackerReward ) {
25+ constructor (IWormhole initWormhole , IWormholeRelayer initCoreRelayer , uint16 chainId , address initAttackerReward ) {
2626 attackerReward = initAttackerReward;
2727 wormhole = initWormhole;
2828 core_relayer = initCoreRelayer;
@@ -39,25 +39,25 @@ contract AttackForwardIntegration is IWormholeReceiver {
3939 // The core relayer could in principle accept the request due to this being the target of the message at the same time as being the refund address.
4040 // Note that, if succesful, this forward request would be processed after the time for processing forwards is past.
4141 // Thus, the request would "linger" in the forward request cache and be attended to in the next delivery.
42- requestForward (targetChainId, toWormholeFormat (attackerReward));
42+ forward (targetChainId, toWormholeFormat (attackerReward));
4343 }
4444
45- function requestForward (uint16 targetChain , bytes32 attackerRewardAddress ) internal {
46- uint256 computeBudget = core_relayer.quoteGasDeliveryFee (
45+ function forward (uint16 targetChain , bytes32 attackerRewardAddress ) internal {
46+ uint256 maxTransactionFee = core_relayer.quoteGas (
4747 targetChain, SAFE_DELIVERY_GAS_CAPTURE, core_relayer.getDefaultRelayProvider ()
4848 );
4949
50- ICoreRelayer.DeliveryRequest memory request = ICoreRelayer. DeliveryRequest ({
50+ IWormholeRelayer.Send memory request = IWormholeRelayer. Send ({
5151 targetChain: targetChain,
5252 targetAddress: attackerRewardAddress,
5353 // All remaining funds will be returned to the attacker
5454 refundAddress: attackerRewardAddress,
55- computeBudget: computeBudget ,
56- applicationBudget : 0 ,
55+ maxTransactionFee: maxTransactionFee ,
56+ receiverValue : 0 ,
5757 relayParameters: core_relayer.getDefaultRelayParams ()
5858 });
5959
60- core_relayer.requestForward {value: computeBudget }(request, nonce, core_relayer.getDefaultRelayProvider ());
60+ core_relayer.forward {value: maxTransactionFee }(request, nonce, core_relayer.getDefaultRelayProvider ());
6161 }
6262
6363 function toWormholeFormat (address addr ) public pure returns (bytes32 whFormat ) {
0 commit comments