From ee9b14fc2981b03d7a3c32c24306f8d3d5c3f785 Mon Sep 17 00:00:00 2001
From: Andrea Franz <andrea@gravityblast.com>
Date: Mon, 5 Oct 2020 14:25:17 +0200
Subject: [PATCH] add domain separator to redeem code

---
 contracts/Bucket.sol               |  4 ++--
 migrations/01_initial_migration.js |  2 +-
 test/erc20_spec.js                 |  4 +++-
 test/nft_contract_spec.js          |  4 +++-
 truffle-config.js                  | 10 +++++-----
 5 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/contracts/Bucket.sol b/contracts/Bucket.sol
index 55fbd53..4cff9df 100644
--- a/contracts/Bucket.sol
+++ b/contracts/Bucket.sol
@@ -13,7 +13,7 @@ abstract contract Bucket is OwnableUpgradeSafe {
 
   bytes32 constant REDEEM_TYPEHASH = keccak256("Redeem(uint256 blockNumber,bytes32 blockHash,address receiver,bytes32 code)");
   bytes32 constant EIP712DOMAIN_TYPEHASH = keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
-  bytes32 DOMAIN_SEPARATOR;
+  bytes32 public DOMAIN_SEPARATOR;
 
   string _relayerURI;
 
@@ -86,7 +86,7 @@ abstract contract Bucket is OwnableUpgradeSafe {
     require(redeemable.recipient == recipient, "not found");
 
     // validate code
-    bytes32 codeHash = keccak256(abi.encodePacked(_redeem.code));
+    bytes32 codeHash = keccak256(abi.encodePacked(DOMAIN_SEPARATOR, redeemable.recipient, _redeem.code));
     require(codeHash == redeemable.code, "invalid code");
 
     uint256 data = redeemable.data;
diff --git a/migrations/01_initial_migration.js b/migrations/01_initial_migration.js
index aad63de..debb067 100644
--- a/migrations/01_initial_migration.js
+++ b/migrations/01_initial_migration.js
@@ -9,7 +9,7 @@ module.exports = function(deployer, network) {
   deployer.deploy(NFTBucketFactory);
   deployer.deploy(ERC20BucketFactory);
 
-  if (network === "development") {
+  if (network === "development" || network === "test") {
     deployer.deploy(TestToken, "Dev Test Token", "DTT", 18);
     deployer.deploy(TestNFT);
   }
diff --git a/test/erc20_spec.js b/test/erc20_spec.js
index 5040d2c..d970786 100644
--- a/test/erc20_spec.js
+++ b/test/erc20_spec.js
@@ -86,6 +86,7 @@ function mineAt(timestamp) {
 
 contract("ERC20Bucket", function () {
   let bucketInstance,
+    domainSeparator,
     factoryInstance,
     tokenInstance,
     shop,
@@ -134,6 +135,7 @@ contract("ERC20Bucket", function () {
     });
 
     bucketInstance = new web3.eth.Contract(ERC20Bucket.abi, rec.options.address);
+    domainSeparator = await bucketInstance.methods.DOMAIN_SEPARATOR().call();
   });
 
   it("deploy bucket via factory", async () => {
@@ -196,7 +198,7 @@ contract("ERC20Bucket", function () {
     let initialSupply = await bucketInstance.methods.totalSupply().call();
     let initialAvailableSupply = await bucketInstance.methods.availableSupply().call();
 
-    const redeemCodeHash = web3.utils.sha3(REDEEM_CODE);
+    const redeemCodeHash = web3.utils.soliditySha3(domainSeparator, keycard, REDEEM_CODE);
     const createRedeemable = bucketInstance.methods.createRedeemable(keycard, amount, redeemCodeHash);
     const createRedeemableGas = await createRedeemable.estimateGas();
     await createRedeemable.send({
diff --git a/test/nft_contract_spec.js b/test/nft_contract_spec.js
index 315e8fd..81a5d2b 100644
--- a/test/nft_contract_spec.js
+++ b/test/nft_contract_spec.js
@@ -91,6 +91,7 @@ if (assert.match === undefined) {
 
 contract("NFTBucket", function () {
   let bucketInstance,
+    domainSeparator,
     factoryInstance,
     tokenInstance,
     shop,
@@ -141,6 +142,7 @@ contract("NFTBucket", function () {
     });
 
     bucketInstance = new web3.eth.Contract(NFTBucket.abi, rec.options.address);
+    domainSeparator = await bucketInstance.methods.DOMAIN_SEPARATOR().call();
   });
 
   it("deploy bucket via factory", async () => {
@@ -159,7 +161,7 @@ contract("NFTBucket", function () {
 
 
   function createRedeemableData(recipient) {
-      const redeemCodeHash = web3.utils.sha3(REDEEM_CODE);
+      const redeemCodeHash = web3.utils.soliditySha3(domainSeparator, recipient, REDEEM_CODE);
       return recipient + redeemCodeHash.replace("0x", "");
   }
 
diff --git a/truffle-config.js b/truffle-config.js
index ffca463..c11d003 100644
--- a/truffle-config.js
+++ b/truffle-config.js
@@ -45,11 +45,11 @@ module.exports = {
     // tab if you use this network and you must also set the `host`, `port` and `network_id`
     // options below to some value.
     //
-    development: {
-     host: "127.0.0.1",     // Localhost (default: none)
-     port: 7545,            // Standard Ethereum port (default: none)
-     network_id: "*",       // Any network (default: none)
-    },
+    // development: {
+    //  host: "127.0.0.1",     // Localhost (default: none)
+    //  port: 7545,            // Standard Ethereum port (default: none)
+    //  network_id: "*",       // Any network (default: none)
+    // },
 
     // Another network with more advanced options...
     // advanced: {