sec: implement security enhancements

contracts/BSCValidatorSet.sol

@@ -242,7 +242,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       emit validatorEmptyJailed(v.consensusAddress);
       return CODE_OK;
     }
-    numOfJailed ++;
+    ++numOfJailed;
     currentValidatorSet[index-1].jailed = true;
     emit validatorJailed(v.consensusAddress);
     return CODE_OK;
@@ -270,9 +270,9 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     uint validatorsNum = currentValidatorSet.length;
     for (uint i; i < validatorsNum; ++i) {
       if (currentValidatorSet[i].incoming >= DUSTY_INCOMING) {
-        crossSize ++;
+        ++crossSize;
       } else if (currentValidatorSet[i].incoming > 0) {
-        directSize ++;
+        ++directSize;
       }
     }
 
@@ -300,11 +300,11 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
         crossRefundAddrs[crossSize] = currentValidatorSet[i].BBCFeeAddress;
         crossIndexes[crossSize] = i;
         crossTotal = crossTotal.add(value);
-        crossSize ++;
+        ++crossSize;
       } else if (currentValidatorSet[i].incoming > 0) {
         directAddrs[directSize] = currentValidatorSet[i].feeAddress;
         directAmounts[directSize] = currentValidatorSet[i].incoming;
-        directSize ++;
+        ++directSize;
       }
     }
 
@@ -424,15 +424,15 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     uint valid = 0;
     for (uint i; i<n; ++i) {
       if (isWorkingValidator(i)) {
-        valid ++;
+        ++valid;
       }
     }
     address[] memory consensusAddrs = new address[](valid);
     valid = 0;
     for (uint i; i<n; ++i) {
       if (isWorkingValidator(i)) {
         consensusAddrs[valid] = currentValidatorSet[i].consensusAddress;
-        valid ++;
+        ++valid;
       }
     }
     return consensusAddrs;
@@ -498,7 +498,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
 
     bool isMaintaining = validatorExtraSet[index].isMaintaining;
     if (_felony(validator, index) && isMaintaining) {
-      numOfMaintaining--;
+      --numOfMaintaining;
     }
   }
 
@@ -589,7 +589,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     } else if (Memory.compareStrings(key, "maintainSlashScale")) {
       require(value.length == 32, "length of maintainSlashScale mismatch");
       uint256 newMaintainSlashScale = BytesToTypes.bytesToUint256(32, value);
-      require(newMaintainSlashScale > 0, "the maintainSlashScale must be greater than 0");
+      require(newMaintainSlashScale > 0 && newMaintainSlashScale < 10, "the maintainSlashScale must be greater than 0 and less than 10");
       maintainSlashScale = newMaintainSlashScale;
     } else if (Memory.compareStrings(key, "maxNumOfWorkingCandidates")) {
       require(value.length == 32, "length of maxNumOfWorkingCandidates mismatch");
@@ -622,7 +622,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       return (false, "the number of validators exceed the limit");
     }
     for (uint i; i < validatorSet.length; ++i) {
-      for (uint j = 0; j<i; j++) {
+      for (uint j = 0; j<i; ++j) {
         if (validatorSet[i].consensusAddress == validatorSet[j].consensusAddress) {
           return (false, "duplicate consensus address of validatorSet");
         }
@@ -638,7 +638,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     for (uint i; i<n; ++i) {
       bool stale = true;
       Validator memory oldValidator = currentValidatorSet[i];
-      for (uint j = 0;j<m;j++) {
+      for (uint j = 0;j<m;++j) {
         if (oldValidator.consensusAddress == validatorSet[j].consensusAddress) {
           stale = false;
           break;
@@ -781,7 +781,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       for (uint k; k < _validatorSet.length; ++k) {
         if (_validatorSet[k].consensusAddress == validator) {
           _validatorSet[k].jailed = true;
-          numOfFelony++;
+          ++numOfFelony;
           break;
         }
       }
@@ -793,15 +793,15 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     for (uint index; index < _validatorSet.length; ++index) {
       if (!_validatorSet[index].jailed) {
         unjailedValidatorSet[i] = _validatorSet[index];
-        i++;
+        ++i;
       }
     }
 
     return unjailedValidatorSet;
   }
 
   function _enterMaintenance(address validator, uint256 index) private {
-    numOfMaintaining++;
+    ++numOfMaintaining;
     validatorExtraSet[index].isMaintaining = true;
     validatorExtraSet[index].enterMaintenanceHeight = block.number;
     emit validatorEnterMaintenance(validator);
@@ -814,7 +814,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     }
 
     // step 0: modify numOfMaintaining
-    numOfMaintaining--;
+    --numOfMaintaining;
 
     // step 1: calculate slashCount
     uint256 slashCount =
@@ -864,7 +864,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       } else {
         break;
       }
-      idx++;
+      ++idx;
     }
     return (validatorSetPkg, success);
   }
@@ -887,7 +887,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       } else {
         break;
       }
-      idx++;
+      ++idx;
     }
     return (validator, success);
   }

contracts/BSCValidatorSet.template

@@ -242,7 +242,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       emit validatorEmptyJailed(v.consensusAddress);
       return CODE_OK;
     }
-    numOfJailed ++;
+    ++numOfJailed;
     currentValidatorSet[index-1].jailed = true;
     emit validatorJailed(v.consensusAddress);
     return CODE_OK;
@@ -270,9 +270,9 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     uint validatorsNum = currentValidatorSet.length;
     for (uint i; i < validatorsNum; ++i) {
       if (currentValidatorSet[i].incoming >= DUSTY_INCOMING) {
-        crossSize ++;
+        ++crossSize;
       } else if (currentValidatorSet[i].incoming > 0) {
-        directSize ++;
+        ++directSize;
       }
     }
 
@@ -300,11 +300,11 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
         crossRefundAddrs[crossSize] = currentValidatorSet[i].BBCFeeAddress;
         crossIndexes[crossSize] = i;
         crossTotal = crossTotal.add(value);
-        crossSize ++;
+        ++crossSize;
       } else if (currentValidatorSet[i].incoming > 0) {
         directAddrs[directSize] = currentValidatorSet[i].feeAddress;
         directAmounts[directSize] = currentValidatorSet[i].incoming;
-        directSize ++;
+        ++directSize;
       }
     }
 
@@ -424,15 +424,15 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     uint valid = 0;
     for (uint i; i<n; ++i) {
       if (isWorkingValidator(i)) {
-        valid ++;
+        ++valid;
       }
     }
     address[] memory consensusAddrs = new address[](valid);
     valid = 0;
     for (uint i; i<n; ++i) {
       if (isWorkingValidator(i)) {
         consensusAddrs[valid] = currentValidatorSet[i].consensusAddress;
-        valid ++;
+        ++valid;
       }
     }
     return consensusAddrs;
@@ -498,7 +498,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
 
     bool isMaintaining = validatorExtraSet[index].isMaintaining;
     if (_felony(validator, index) && isMaintaining) {
-      numOfMaintaining--;
+      --numOfMaintaining;
     }
   }
 
@@ -589,7 +589,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     } else if (Memory.compareStrings(key, "maintainSlashScale")) {
       require(value.length == 32, "length of maintainSlashScale mismatch");
       uint256 newMaintainSlashScale = BytesToTypes.bytesToUint256(32, value);
-      require(newMaintainSlashScale > 0, "the maintainSlashScale must be greater than 0");
+      require(newMaintainSlashScale > 0 && newMaintainSlashScale < 10, "the maintainSlashScale must be greater than 0 and less than 10");
       maintainSlashScale = newMaintainSlashScale;
     } else if (Memory.compareStrings(key, "maxNumOfWorkingCandidates")) {
       require(value.length == 32, "length of maxNumOfWorkingCandidates mismatch");
@@ -622,7 +622,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       return (false, "the number of validators exceed the limit");
     }
     for (uint i; i < validatorSet.length; ++i) {
-      for (uint j = 0; j<i; j++) {
+      for (uint j = 0; j<i; ++j) {
         if (validatorSet[i].consensusAddress == validatorSet[j].consensusAddress) {
           return (false, "duplicate consensus address of validatorSet");
         }
@@ -638,7 +638,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     for (uint i; i<n; ++i) {
       bool stale = true;
       Validator memory oldValidator = currentValidatorSet[i];
-      for (uint j = 0;j<m;j++) {
+      for (uint j = 0;j<m;++j) {
         if (oldValidator.consensusAddress == validatorSet[j].consensusAddress) {
           stale = false;
           break;
@@ -781,7 +781,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       for (uint k; k < _validatorSet.length; ++k) {
         if (_validatorSet[k].consensusAddress == validator) {
           _validatorSet[k].jailed = true;
-          numOfFelony++;
+          ++numOfFelony;
           break;
         }
       }
@@ -793,15 +793,15 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     for (uint index; index < _validatorSet.length; ++index) {
       if (!_validatorSet[index].jailed) {
         unjailedValidatorSet[i] = _validatorSet[index];
-        i++;
+        ++i;
       }
     }
 
     return unjailedValidatorSet;
   }
 
   function _enterMaintenance(address validator, uint256 index) private {
-    numOfMaintaining++;
+    ++numOfMaintaining;
     validatorExtraSet[index].isMaintaining = true;
     validatorExtraSet[index].enterMaintenanceHeight = block.number;
     emit validatorEnterMaintenance(validator);
@@ -814,7 +814,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
     }
 
     // step 0: modify numOfMaintaining
-    numOfMaintaining--;
+    --numOfMaintaining;
 
     // step 1: calculate slashCount
     uint256 slashCount =
@@ -864,7 +864,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       } else {
         break;
       }
-      idx++;
+      ++idx;
     }
     return (validatorSetPkg, success);
   }
@@ -887,7 +887,7 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
       } else {
         break;
       }
-      idx++;
+      ++idx;
     }
     return (validator, success);
   }
@@ -905,10 +905,10 @@ contract BSCValidatorSet is IBSCValidatorSet, System, IParamSubscriber, IApplica
   function getMaintainingValidators() public view returns (address[] memory maintainingValidators) {
     maintainingValidators = new address[](numOfMaintaining);
     uint256 count = 0;
-    for (uint i = 0; i < currentValidatorSet.length; i++) {
+    for (uint i = 0; i < currentValidatorSet.length; ++i) {
       if (validatorExtraSet[i].isMaintaining) {
         maintainingValidators[count] = currentValidatorSet[i].consensusAddress;
-        count ++;
+        ++count;
       }
     }
   }

contracts/CrossChain.sol

@@ -13,7 +13,6 @@ import "./interface/IParamSubscriber.sol";
 import "./System.sol";
 import "./MerkleProof.sol";
 
-
 contract CrossChain is System, ICrossChain, IParamSubscriber{
 
   // constant variables
@@ -335,13 +334,13 @@ contract CrossChain is System, ICrossChain, IParamSubscriber{
 
   function sendPackage(uint64 packageSequence, uint8 channelId, bytes memory payload) internal whenNotSuspended {
     if (block.number > previousTxHeight) {
-      oracleSequence++;
+      ++oracleSequence;
       txCounter = 1;
       previousTxHeight=block.number;
     } else {
-      txCounter++;
+      ++txCounter;
       if (txCounter>batchSizeForOracle) {
-        oracleSequence++;
+        ++oracleSequence;
         txCounter = 1;
       }
     }
@@ -354,7 +353,7 @@ contract CrossChain is System, ICrossChain, IParamSubscriber{
   external override {
     uint64 sendSequence = channelSendSequenceMap[channelId];
     sendPackage(sendSequence, channelId, encodePayload(SYN_PACKAGE, relayFee, msgBytes));
-    sendSequence++;
+    ++sendSequence;
     channelSendSequenceMap[channelId] = sendSequence;
   }
 

contracts/CrossChain.template

@@ -334,13 +334,13 @@ contract CrossChain is System, ICrossChain, IParamSubscriber{
 
   function sendPackage(uint64 packageSequence, uint8 channelId, bytes memory payload) internal whenNotSuspended {
     if (block.number > previousTxHeight) {
-      oracleSequence++;
+      ++oracleSequence;
       txCounter = 1;
       previousTxHeight=block.number;
     } else {
-      txCounter++;
+      ++txCounter;
       if (txCounter>batchSizeForOracle) {
-        oracleSequence++;
+        ++oracleSequence;
         txCounter = 1;
       }
     }
@@ -353,7 +353,7 @@ contract CrossChain is System, ICrossChain, IParamSubscriber{
   external override {
     uint64 sendSequence = channelSendSequenceMap[channelId];
     sendPackage(sendSequence, channelId, encodePayload(SYN_PACKAGE, relayFee, msgBytes));
-    sendSequence++;
+    ++sendSequence;
     channelSendSequenceMap[channelId] = sendSequence;
   }
 

contracts/GovHub.sol

@@ -85,7 +85,7 @@ contract GovHub is System, IApplication{
       } else {
         break;
       }
-      idx++;
+      ++idx;
     }
     return (pkg, success);
   }

contracts/RelayerHub.sol

@@ -55,11 +55,10 @@ contract RelayerHub is IRelayerHub, System, IParamSubscriber{
     dues = INIT_DUES;
     alreadyInit = true;
   }
-  
+
   function register() external payable noExist onlyInit notContract noProxy{
     revert("register suspended");
   }
-
 
   function  unregister() external exist onlyInit{
     relayer memory r = relayers[msg.sender];