fix: maci 8 expiration check for eas attestation

Author: JohnGuilding

packages/contracts/contracts/extensions/eas/EASChecker.sol

@@ -22,6 +22,7 @@ contract EASChecker is BaseChecker {
     error AttesterNotTrusted();
     error NotYourAttestation();
     error InvalidSchema();
+    error AttestationExpired(uint256 expirationTime);
 
     /// @notice Initializes the contract.
     function _initialize() internal override {
@@ -68,6 +69,11 @@ contract EASChecker is BaseChecker {
             revert NotYourAttestation();
         }
 
+        // the attestation must not be expired
+        if (attestation.expirationTime > 0 && attestation.expirationTime <= block.timestamp) {
+            revert AttestationExpired(attestation.expirationTime);
+        }
+
         return true;
     }
 }

packages/contracts/contracts/test/extensions/mocks/MockEAS.sol

@@ -81,6 +81,21 @@ contract MockEAS is IEAS {
                     revocable: false,
                     data: ""
                 });
+            // expired attestation
+        } else if (attestationId == 0x0000000000000000000000000000000000000000000000000000000000000005) {
+            return
+                Attestation({
+                    uid: "0x000000000000000000000000000001",
+                    schema: schema,
+                    time: 0,
+                    expirationTime: 1,
+                    revocationTime: 0,
+                    refUID: "0x000000000000000000000000000001",
+                    recipient: recipient,
+                    attester: attester,
+                    revocable: false,
+                    data: ""
+                });
             // valid
         } else {
             return

packages/contracts/test/extensions/EAS.test.ts

@@ -25,9 +25,10 @@ describe("EAS", () => {
     const invalidSchemaAttestation = "0x0000000000000000000000000000000000000000000000000000000000000002"
     const invalidRecipientAttestation = "0x0000000000000000000000000000000000000000000000000000000000000003"
     const invalidAttesterAttestation = "0x0000000000000000000000000000000000000000000000000000000000000004"
+    const expiredAttestation = "0x0000000000000000000000000000000000000000000000000000000000000005"
     // valid attestation
     const attestation = "0x0000000000000000000000000000000000000000000000000000000000000000"
-    const anotherAttestation = "0x0000000000000000000000000000000000000000000000000000000000000005"
+    const anotherAttestation = "0x0000000000000000000000000000000000000000000000000000000000000006"
 
     before(async () => {
         ;[deployer, subject, target, notSubject] = await ethers.getSigners()
@@ -122,6 +123,13 @@ describe("EAS", () => {
             ).to.be.revertedWithCustomError(checker, "AttesterNotTrusted")
         })
 
+        it("should throw when the attestation is expired", async () => {
+            await expect(policy.connect(target).enforce(subject, expiredAttestation)).to.be.revertedWithCustomError(
+                checker,
+                "AttestationExpired"
+            )
+        })
+
         it("should enforce a user if the function is called with the valid data", async () => {
             const tx = await policy.connect(target).enforce(subject, attestation)