Skip to content

OTP Module #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

OTP Module #195

wants to merge 2 commits into from
+289 −5

Conversation

zZoMROT
Copy link
Contributor

@zZoMROT zZoMROT commented Jul 4, 2025

Static Code Analysis (readability, compactness):

Implements an abstract OtpModule that allows protecting specific external functions using OTP-based authentication via the onlyOTP modifier. Logic is cleanly separated into helper methods for packing/unpacking and validating OTPs. Storage is optimized via tight packing of hash and counter into a single uint256.

Dynamic Code Analysis (external APIs, interaction flows):

The OTP flow requires the user to precompute and register a hash chain off-chain. The protected function must explicitly use the onlyOTP modifier, OTPs are not enforced globally. Each successful call consumes one code (k_i) validated as keccak256(k_i | user), and updates the internal state for the next expected hash. Since the sender's address (msg.sender) is included in the hash, OTP codes are user-specific and cannot be front-run or reused by other accounts.

Efficiency (gas costs, computational complexity, memory requirements):

  • Stores only the lower 28 bytes of the hash (224 bits) to save gas.
  • Packs both the hash and usage counter into one slot (256 bits total).
  • No iteration or dynamic memory use; validation is a single hash and comparison.
  • Minimal storage writes: one SSTORE per valid OTP use.

Opinion, trade-offs and other thoughts (optional):

The design is intentionally minimal and opt-in, only functions explicitly decorated with onlyOTP are protected. Security/gas trade-off of using 224-bit hashes is considered acceptable given the context (one-time, user-specific keys).

@codecov Codecov
Copy link

codecov bot commented Jul 4, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (447ff84) to head (c7eacf5).

Additional details and impacted files 
@@            Coverage Diff            @@
##            master      #195   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           17        18    +1     
  Lines          346       368   +22     
  Branches        65        69    +4     
=========================================
+ Hits           346       368   +22

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zZoMROT