SwapBugFixes

[lydiagarms]

Summary

This PR addresses several issues: an event listener bug fix for Swap.zol, insufficient checks being included in the test contracts when re-initialisable contracts are used, an update to the documentation for testing Swap.zol and also a fix to the Escrow-refs.zol contract.

Changes

• Previous changes mean that the commitment DB for double testing is no longer shared. This has exposed an issue that the event listener does not pick up commitment preimages encrypted under the shared secrets. This is because the keys used to decrypt are taken at the beginning after the contract is deployed, but for Swap.zol the shared keys are generated later during the getSharedKeys API. This meant that the event listener tries to decrypt within the shared key to decrypt with.
• In NFTEscrow.zol tokenOwners is a re-initialisable variable. It therefore can be reinitialised even by an entity that doesn't own the variable. We need to make sure that checks are in place so that this only happens in deposit where it is marked as re-initialisable. Previously, in transferFrom tokenOwner[tokenId] is modified, but there is no check that the sender owns it. Normally in Starlight, this would be ok because only the owner could modify it. However, as it is re-initialisable a malicious entity that doesn't own it could still transfer it by re-initialising it. The documentation is also updated to make this clearer.
• In Swap.zol the tokenOwners mapping is no longer a reinitialisable variable. This is not necessary because it is never set to the zero address.
• In Escrow-refs.zol logic written just for testing that should not have been included in the final contract has been removed.
• The fact that the commitment DB for double testing is no longer shared means that the documentation is out of date. We need to call getSharedKeys by both the sender and receiver of the swap and include the public keys of both inside the Swap APIs. Otherwise, both the sender and receiver will not receive their commitment preimages via the event listeneer. Additionally, there was a mistake in the documentation where user A and user B are confused that has been fixed.

Checklist

• Tests added/updated
• CI passes
• No secrets/keys committed
• Docs updated (if needed)
• Backwards compatible (or noted breaking change)

How to test

1. Test NFT_Escrow.zol.
2. Test Swap.zol.

Screenshots / Evidence (if applicable)

• Evidence that commitment preimages are now picked up in the event listener:

[Wei-257]

only one comment on README

[github-actions]

🎉 This PR is included in version 1.10.8 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀