H-L07: fix(contracts/ChannelHub): restrict createChannel to non-existing channels

[nksazonov]

Description

The createChannel(..) function unconditionally emits ChannelCreated(..) event at line 491 even when operating on existing channels. The function allows DEPOSIT, WITHDRAW, and OPERATE intents on channels with status OPERATING, DISPUTED, or MIGRATING_IN (not just VOID), as confirmed in the intent-specific validation functions. When called on an existing channel to deposit additional funds or perform operations, it still emits ChannelCreated(channelId, def.user, def.node, def, initState), misleading off-chain indexers and UIs. The channel definition is only stored if status == VOID (line 1064-1066), confirming that subsequent calls are updates, not creations. This behavior is inconsistent with the protocol's established pattern seen in EscrowDepositEngine.sol:165 and EscrowWithdrawalEngine.sol:161, which explicitly check require(ctx.status == EscrowStatus.VOID, EscrowAlreadyExists()) to prevent operations on existing escrows.

Impact

Off-chain indexers listening for ChannelCreated events will incorrectly count the same channel multiple times, leading to inflated channel creation metrics. UIs that display channels based on ChannelCreated events may show duplicate channel listings, confusing users. Analytics dashboards and monitoring systems will report incorrect data about channel creation activity. While on-chain state remains correct (the definition is only stored once when status == VOID), the misleading events create data integrity issues for off-chain systems.

Summary by CodeRabbit

• Bug Fixes

  • Enhanced channel creation validation with early status verification to prevent invalid state transitions.

• Tests

  • Expanded test coverage for channel creation scenarios, including success cases for multiple operation intents and revert conditions for invalid channel states.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c316bfc7-55df-40bc-b2c7-fcac63b7576d

📥 Commits

Reviewing files that changed from the base of the PR and between c2310fe and 950c516.

📒 Files selected for processing (2)

• contracts/src/ChannelHub.sol
• contracts/test/ChannelHub_units/ChannelHub_createChannel.t.sol

---

📝 Walkthrough

Walkthrough

The createChannel() function now performs an early check to ensure the channel's stored status is ChannelStatus.VOID before proceeding, reverting with IncorrectChannelStatus() if the channel already exists. Test coverage is expanded with fixtures, helper functions, and new test cases validating this behavior across different intent types.

Changes

Cohort / File(s)	Summary
Channel Creation Validation contracts/src/ChannelHub.sol	Added early stored status validation in createChannel() to enforce that the channel must not already exist (status must be VOID) before proceeding with creation.
Test Coverage Expansion contracts/test/ChannelHub_units/ChannelHub_createChannel.t.sol	Added persistent test fixtures (channelId, initialDepositState) and helper function _createDefaultChannel(). Expanded test coverage with three success cases for DEPOSIT, WITHDRAW, and OPERATE intents, and three revert cases asserting IncorrectChannelStatus when attempting to recreate existing channels.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• YNU-714: feat(contracts-new): add non-initial channel creation #510: Modifies channel creation logic to support non-CREATE intents (DEPOSIT/WITHDRAW/OPERATE) with early stored-status checks, directly aligned with this change.
• H-L06: fix(contracts/ChannelHub): remove payable from methods, clarify in create #666: Also modifies ChannelHub.createChannel with validation adjustments, complementary to the status check added here.

Suggested reviewers

• dimast-x
• philanton
• ihsraham

Poem

🐰 A channel must be void before it's born,
No duplicates allowed, no status torn,
With DEPOSIT, WITHDRAW, or OPERATE's call,
The validation stands tall—first check of all! 🎯

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: restricting the createChannel function to only work with non-existing channels, which is the core issue being fixed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/audit-h-l07

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nksazonov]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.