🔧 more updates #1
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0xDEnYO
added a commit
that referenced
this pull request
Oct 10, 2024
0xDEnYO
added a commit
that referenced
this pull request
Nov 5, 2024
0xDEnYO
added a commit
that referenced
this pull request
Nov 5, 2024
* remove unused import (re-audit issue #1) * audit report for v1.0.1 added * fix bug in audit report
7 tasks
0xDEnYO
added a commit
that referenced
this pull request
Dec 4, 2024
…phery v1.0.0] (#807) * wip zip * feat: zip erc20 with libswap * chore: update bsc gaszip address * clean * chore: updated gaszip routers + add docs * chore: deployRequirements * chore: remove allowedToken * chore: withdraw wallet from global config * chore: comments * chore: import * chore: remove owner * chore: unused import * chore: remove unused errors * forge install: solady v0.0.208 * forge install: solady v0.0.208 * added test and fixed some issues in the contract * adds refundAddress parameter for ERC20 * forge install: solady v0.0.208 * forge install: solady v0.0.208 * tests updated * gasZip redeployed to BSC staging * update .gitmodules file * removes ERC20 refund handling and adds complex test case * removes coverage files * cleanup * update docs * adds complex native test case * deploys GasZipFacet to BSC staging * fixes issue in deploy log file * adds a function with deposit for standalone gas-zip only calls * adds the usual startBridge... functions to the facet + tests * adds a amountOutMin parameter for ERC20 deposit function * redeployed gasZipFacet to bsc staging * feat: removes destinationChains parameter from GasZipData * docs: updates GasZipFacet docs * updates facet (startBridge => nativeOnly) * replaces amountOutMin parameter with balance checks & updates tests * updates docs * fixes typo in URL and adds link to config file * restricts swapAndBridge.. function to native only + updates tests * restricts swapAndBridge.. function to native only + updates tests * redeployed gasZipFacet to bsc staging * Gas.Zip split into facet & periphery, tests and docs added * remove receiver address from GasZipData struct * minor fixes * some changes based on coderabbit review comments * opens swapAndBridge on GasZipFacet for both ERC20 and native * deployed to bsc staging * updated gasZip to use V2 router * updates git actions and docs * adds an amount parameter to native deposit function in periphery * redeployed GasZipPeriphery to bsc staging * returns leftover native funds to msg.sender after deposit plus bsc staging redeployment * bugfix + bsc staging redeploy * bugfix#2 + bsc staging redeploy * adds a test case to increase coverage to 100% * minor fixes * gas optimization of helper function (audit issue #1) * remove unused error (audit issue #2) * adds check for msg.value==amount and removes refundExcessNative mod (audit issue#4) * replaces require with custom error (audit issue#6) * adds WithdrawablePeriphery for stuck token withdrawals (audit issue#8) * adds WithdrawablePeriphery base contract for token withdrawals * adds receiverAddress check (audit issue#9) * fix test * adds version tag to contract * ensures last swap output is native before bridging (audit issue#5) * removes validateBridgeData modifier and adds dedicated bridgeData checks (audit issue#3) * redeployed gasZipPeriphery with PROD LiFiDEXAggregator address * audit report added * change facet variable to constant * change parameter name and order in GasZipData * redeployed to BSC staging * test coverage back to 100% * redeployed to BSC staging * add complex testcase for destinationChains value * adjust test case * fix staging diamond log * replaces low-level native transfer with function from solady lib * removes unused import (re-audit issue#11) * update (re-)audit report * remove old gaszip audit entry * fix incorrect path in audit log * Redeploy to production (except zksync) * Update pragma * update audit * deploy to zksync * adds GasZipPeriphery addresses to dexs.json * make error message more visible in console output * update some diamond logs * remove old openzeppelin lib * forge install: openzeppelin-contracts v4.9.2 * reinstall openzeppelin contracts 4.9.2 * add gasZipPeriphery sigs * fix json * fix json * fix logs * diamond logs updated * undo (wording) changes in git action --------- Co-authored-by: Leonardo Cascianelli <leo@li.finance> Co-authored-by: Daniela Chybisova <iron.melmel@gmail.com> Co-authored-by: Max Klenk <max@klenk.biz> Co-authored-by: Ed Zynda <ezynda3@gmail.com> Co-authored-by: Ed Zynda <ezynda3@users.noreply.github.com>
mirooon
added a commit
that referenced
this pull request
Feb 12, 2025
0xDEnYO
added a commit
that referenced
this pull request
Feb 20, 2025
0xDEnYO
added a commit
that referenced
this pull request
Feb 26, 2025
0xDEnYO
added a commit
that referenced
this pull request
Apr 11, 2025
mirooon
added a commit
that referenced
this pull request
Apr 22, 2025
mirooon
added a commit
that referenced
this pull request
May 12, 2025
0xDEnYO
pushed a commit
that referenced
this pull request
May 14, 2025
…ctory v1.0.0,IAlgebraPool v1.0.0,IAlgebraQuoter v1.0.0,IAlgebraRouter v1.0.0,LiFiDEXAggregator v1.9.0] (#1117) * rebase fix * test * Implement ERC4626 support in LiFiDEXAggregator - Added a new function `_isERC4626` to check if a token is an ERC4626 vault. - Updated the swap logic to use `IAlgebraPool` for ERC4626 tokens, ensuring compatibility with fee-supporting entrypoints. - Introduced a constant for the `sharesToAssets` selector to facilitate the ERC4626 check. * Removed _isERC4626 * Refactor IAlgebraPool interface and enhance LiFiDEXAggregator for Algebra swaps - Updated IAlgebraPool interface to improve documentation and rename swap functions for clarity. - Enhanced LiFiDEXAggregator to support Algebra pool swaps, including handling fee-on-transfer tokens. - Introduced new error handling for unexpected Algebra swap scenarios. - Added tests for multi-hop swaps and ensured compatibility with ERC4626 tokens. * Enhance LiFiDEXAggregator with Algebra pool support and fee-on-transfer handling - Added support for Algebra pool swaps, including a new swap function tailored for fee-on-transfer tokens. - Introduced constants for pool type identifiers to improve code readability. - Updated error handling for unexpected Algebra swap scenarios. - Enhanced tests to validate the new functionality and ensure compatibility with ERC4626 tokens. * force commit * Remove LiFiDEXAggregator test file * Enhance IAlgebraPool and LiFiDEXAggregator for improved swap functionality - Added detailed documentation for the `token0` function in the IAlgebraPool interface. - Introduced a new IAlgebraRouter interface to facilitate pool address retrieval for token pairs. - Refactored LiFiDEXAggregator to streamline swap logic and improve error handling. - Updated tests to validate the integration of the new router and ensure compatibility with existing functionality. * Enhance IAlgebraPool and LiFiDEXAggregator with new functionalities - Added `initialize` function to IAlgebraPool for setting the initial price of the pool. - Updated the `mint` function in IAlgebraPool to include detailed parameters for adding liquidity. - Introduced a new `IQuoterV2` interface for improved quoting functionality in swaps. - Enhanced LiFiDEXAggregator tests to support multi-hop swaps with fee-on-transfer tokens and added mock token contracts for testing. - Improved error handling and assertions in existing tests to ensure robustness. * Enhance LiFiDEXAggregator with logging and code formatting improvements - Added console logging in `processOnePool` for better debugging visibility. - Reformatted function signatures and code for improved readability and consistency. - Updated tests to ensure compatibility with new token implementations and multi-hop swap scenarios. * refactor: rename LiFiDexAggregator.t.sol to LiFiDEXAggregator.t.sol * Update deployment logs and add new staging configuration for LiFiDEXAggregator - Added staging configuration for version 1.8.0 in the deployments log file, including address, optimizer runs, timestamp, constructor arguments, and verification status. - Introduced a new file for apechain staging with the LiFiDEXAggregator address. * Refactor LiFiDEXAggregator and tests for improved clarity and functionality - Removed unused imports and interfaces from LiFiDEXAggregator and its test file. - Updated test cases to use consistent variable names and improved readability. - Introduced new imports for better test coverage and mock implementations. - Enhanced error handling and logging for Algebra pool interactions. * Added supportsFeeOnTransfer * Refactor LiFiDEXAggregator tests to improve route building logic * - Replaced manual route building with the _buildAlgebraRoute function for improved clarity and consistency * Refactor LiFiDEXAggregator tests to remove unused amountIn parameters from route building calls for improved clarity and consistency * Refactor LiFiDEXAggregator tests to simplify function signatures by removing unused parameters and improving variable naming for better readability * Refactor LiFiDEXAggregator tests to utilize AlgebraRouteParams struct for improved readability and maintainability of route building logic * Add command and pool type enums to LiFiDEXAggregator tests for improved route processing clarity - Introduced CommandType, PoolType, SwapDirection, and CallbackStatus enums to enhance readability and maintainability of route processing logic. - Updated route building in test cases to utilize these enums for better clarity and consistency * - Removed unused import from LiFiDEXAggregator test file to streamline code. * Refactor LiFiDEXAggregator tests to enhance multi-hop swap functionality and improve code organization - Introduced MultiHopTestState struct to encapsulate state for multi-hop tests, improving readability and maintainability. - Simplified token and pool setup with dedicated helper functions for better clarity. - Updated test cases to utilize the new structure, ensuring consistent handling of fee-on-transfer tokens and regular tokens. - Enhanced error handling for unexpected swap scenarios, ensuring robust testing of edge cases. * updates * Implement fallback mechanism for swapSupportingFeeOnInputTokens in LiFiDEXAggregator to enhance robustness against unsupported token swaps * Add test for fallback mechanism in LiFiDEXAggregator to ensure successful swaps when swapSupportingFeeOnInputTokens is unsupported - Implemented test_CanSwapViaAlgebra_FallbackToRegularSwap to validate fallback behavior during token swaps. - Verified correct handling of token balances before and after the swap, ensuring robustness in edge cases. * Update deployment addresses and timestamps for LiFiDEXAggregator in staging environment * Update test to include minimum output parameter for slippage handling * cleaning, added natspec * Update LiFiDEXAggregator version to 1.9.0 * added ETH_NODE_URI_APECHAIN to forge.yml * added ETH_NODE_URI_APECHAIN to enforceTestCoverage.yml * added direction comment * Added IAlgebraPool natspec * sanity check recipient and pool address in swapAlgebra() (audit fix #1) * Fixed inconsistent direction handling (audit fix #2) * Fixed inaccurate supportsFeeOnTransfer flag validation. Add documentation. (audit fix #3) * fixed - removed try catch pattern (audit fix #4) * Added audit report
mirooon
added a commit
that referenced
this pull request
May 30, 2025
mirooon
added a commit
that referenced
this pull request
Jun 2, 2025
…bridgeData.sendingAssetId (audit fix #1)
0xDEnYO
added a commit
that referenced
this pull request
Jun 26, 2025
0xDEnYO
added a commit
that referenced
this pull request
Jul 4, 2025
* feat: pioneer draft
* Update pioneer docs and json
* Rabbit review comments
* Pioneer testing
* update sol pragma in test file
* deployed to arb staging
* Cleanup Poylmer scripts
* Fix type definition in pioneer script
* Fix json merge issue
* Fix mistake again
* Remove unused error
* Fix json deployment file, excess {
* Reviews fixes
* Set deployment requirements and remove 0 check
* update config and add zksync deploy script
* adjust demo script to match latest refactoring
* rename constructor parameter
* add constructor parameter validation
* Add a refund address to pioneer facet [PioneerFacet v1.1.0] (#1227)
* Add a refund address to pioneer facet
* update demo script and add test for event
* Update minor pioneer version
* rename event and add comments/docs for more clarity about refunds
* revert contract version back to 1.0.0
* add transactionID validation (audit issue #1)
* add indexed to event parameter (audit issue #2)
* add refundAddress validation (audit issue #3)
* add parameter description (audit issue #5)
* event renamed (audit issue #6)
* Deploy new contracts to staging
* pioneer audit report added
* reorder audit log alphabetically
* fix path in audit log
---------
Co-authored-by: Daniel Bläcker <d.blaecker@gmail.com>
0xDEnYO
added a commit
that referenced
this pull request
Jul 18, 2025
0xDEnYO
added a commit
that referenced
this pull request
Jul 22, 2025
…Facet v2.1.0,ChainflipFacet v1.0.1,DeBridgeDlnFacet v1.0.1,GasZipFacet v2.0.5,MayanFacet v1.2.1,RelayFacet v1.0.1,LiFiData v1.0.0,SwapperV2 v1.0.1,ILiFi v1.0.1,LibAsset v2.1.1,ReceiverChainflip v1.0.1] (#1282) * added parameter validation to AllBridgeFacet * finalized test file * added Tron and Aptos custom chainIds * minor fixes * restore deleted file * formatting * move NON_EVM_ADDRESS to LiFiData * add parameter validation for RelayFacet * add author to LibAsset * smaller fixes * smaller fixes * harmonize BridgeToNonEvmChain event * add & harmonize BridgeToNonEvmChain event (audit issue #1) * add comment (audit issue #3) * change uint type of constants (audit issue #2) * increase test coverage * audit report added * add constructor parameter validation and harmonize events * audit report updated * add GenericErrors to audit log * fix audit report name * bugfix * add missing contracts * deployed to arb staging * remove destinationChain parameter from allBridgeData, deploy to ARB staging and some minor fixes * update docs
mirooon
added a commit
that referenced
this pull request
Jul 28, 2025
ezynda3
added a commit
that referenced
this pull request
Jul 29, 2025
- Document that deposit functions transfer ENTIRE token balance - Add clear warnings that excess tokens/ETH are NOT refunded - Explain that excess funds can be stolen by anyone - Add Important Limitations section to Patcher.md - Update best practices with safety recommendations Addresses issues #4 and #1
ezynda3
added a commit
that referenced
this pull request
Aug 1, 2025
* prevent stack to deep * add demo script * refactor * TX is successful now * Cleanup * Fix cowswap call * Fix patch calls * Simplify * fix cow swap submission * use relay * use correct calc * fixes * use correct cowshed calls * use real sig * updates * calc offset * use viem * add tests * update tests * update tests * add approval * fix * refactor * more refactor * cleanup resources * begin adding dest call * use separate scripts * add patch calls to dest call * use offset finding utils * refactor * add deposit functions to patcher * allow depositing to patcher * fix route * tweaks * fix scripts * remove * clarifying comments * add documentation * fix payable issue * fixes * more fixes * more fixes * more fixes * remove commented code * fix * Improve Patcher documentation and code organization - Enhanced description with clearer wording about dynamic value retrieval - Added CoWSwap use case example for intent-based orders - Updated mermaid diagram with better flow visualization and internal logic subgraph - Organized imports in demoPatcher.ts for better code structure 🤖 Generated with [opencode](https://opencode.ai) Co-Authored-By: opencode <noreply@opencode.ai> * Implement comprehensive Patcher contract improvements - Update SPDX license to LGPL-3.0-only - Clarify comment wording about execution timing - Add LibUtil import for better error handling and validation - Replace assembly revert with LibUtil.revertWith() for cleaner code - Add zero address validation for valueSource and finalTarget parameters - Add validation to prevent empty offsets arrays (contract should only be used when patching is needed) - Optimize loop variable type from uint256 to uint8 for gas efficiency - Remove test that expected empty offsets to work (anti-pattern) - Add new test to verify empty offsets are properly rejected All changes maintain backward compatibility while improving security and gas efficiency. 🤖 Generated with [opencode](https://opencode.ai) Co-Authored-By: opencode <noreply@opencode.ai> * Finalize Patcher contract optimizations and test coverage - Optimize calldatacopy usage for gas efficiency - Change loop variable from uint256 to uint8 for optimization - Add comprehensive test coverage for CallExecutionFailed error path - Achieve 100% function and error path coverage 🤖 Generated with [opencode](https://opencode.ai) Co-Authored-By: opencode <noreply@opencode.ai> * Update test/solidity/Periphery/Patcher.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * follow convention * Update deployments/arbitrum.diamond.staging.json Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fixes * fix: add frontrunning warnings and validate return data length - Add clear documentation about frontrunning risks in depositAndExecute functions - Add validation that _getDynamicValue only accepts 32-byte return values - Add InvalidReturnDataLength error for non-uint256 return types - Update Patcher.md with security warnings and return type requirements - Add comprehensive tests for invalid return data scenarios Addresses issues #9 (frontrunning) and #6 (return type validation) * gas: remove unchecked loop increments - Remove unchecked blocks from loop increments in _processPatches and _applyPatches - Modern Solidity compilers (0.8.22+) automatically optimize loop increments - Improves code readability with no gas penalty Addresses issue #8 * gas: remove redundant return parameter from _depositAndApprove - Remove unused return value from _depositAndApprove function - Change amount from return variable to local variable - Saves gas by eliminating unnecessary memory allocation Addresses issue #5 * gas: replace Yul calldatacopy with direct assignment - Replace assembly calldatacopy with direct bytes assignment - Simpler code with better gas efficiency - Tests show gas improvements across multiple functions Addresses issue #2 * security: reset token approvals after execution - Reset ERC20 approvals to 0 after executing external calls - Prevents lingering approvals to untrusted targets - Added tests to verify approval reset behavior - Updated documentation to reflect security improvement Addresses issue #10 * feat: add events for off-chain tracking - Add PatchExecuted event emitted by all four execution functions - Add TokensDeposited event emitted when tokens are deposited - Events include caller, target, success status, and return data length - Added comprehensive tests to verify event emissions Addresses issue #7 * test: add test for events with return data - Add processValueWithReturn function to MockTarget that returns data - Add test to verify PatchExecuted event correctly captures return data length - Verify that return data is properly forwarded and can be decoded - Confirms event system works for functions with various return data sizes * docs: add warnings about entire balance usage and non-refunds - Document that deposit functions transfer ENTIRE token balance - Add clear warnings that excess tokens/ETH are NOT refunded - Explain that excess funds can be stolen by anyone - Add Important Limitations section to Patcher.md - Update best practices with safety recommendations Addresses issues #4 and #1 * update audit log --------- Co-authored-by: opencode <noreply@opencode.ai> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
0xDEnYO
added a commit
that referenced
this pull request
Aug 27, 2025
0xDEnYO
added a commit
that referenced
this pull request
Aug 27, 2025
…V3Governance v1.0.0,IKatanaV3Pool v1.0.0,LibAsset v2.1.2,LiFiDEXAggregator v1.12.0] (#1283) * target state updated * deployment prepared * core setup deployed (not verified) * add helperFunctions backup * kyberswap dex added to whitelist * added katanaV3SwapCallback * deployed GlacisFacet * fix issue with dirname in deploy safe script * deployed safe * updated safe owners * deployed timelock controller * Added KatanaV3 * bumped LDA version * changes * changed title * changed test_CanSwap_MultiHop description a bit * redeployed glacis to ronin * change names * diamond log updated * update verification type in networks.json * remove unwanted file * replace transfers from LibAsset for Katana swap * simplify relay config * remove unused code * deployed GasZipFacet * remove check for timelock periphery registration from healthcheck script * fix typo * fix - Avoid calling token0 and token1 in (audit fix #1) * added audit * Fixed auditlog * test * checks * action change * gh action change * test * test * test * test * test * test * test * bump LibAsset version * added audit log * test * test * deployed LDA 1.12. to ronin (and redeploy GZP), plus whitelist update --------- Co-authored-by: Daniel Bläcker <D.Blaecker@gmail.com>
0xDEnYO
added a commit
that referenced
this pull request
Aug 28, 2025
0xDEnYO
added a commit
that referenced
this pull request
Sep 12, 2025
…sSpokePoolV4 v1.0.0,ReceiverAcrossV4 v1.0.0] (#1299) * first draft AcrossFacetV4 * update interface * docs added * fix event and input validation * add deploy and update scripts for facet * added Across chainId for Solana * add ReceiverAcrossV4 * add initial test file for AcrossFacetV4 * add initial AcrossFacetPackedV4 and related files * remove max-line-length rule from linter * add constructor parameter validation * fix tests for AcrossFacetV4 * all existing tests fixed * add initial tests for outputMultiplier * reorg test files * all tests fixed * update licenses of deploy scripts * update deploy requirements * deployed to ARB/OPT staging * remove safeTransferLib from packed facet * add sendingAssetId in bytes32 as parameter * fix some tests * tests fixed * updated staging deployments * update AcrossV4 demoscript * update interface * update deploy log * rename test case * fix comments in demo script * smaller fixes * add constructor parameter validation to packed facet * add missing validation for parameter * use existing helper function to access deployments * fix Receiver docs file * added type helpers for bridgeData in demoScripts * add receiver address validation * remove failing (outdated) LibAsset test * add non-0 receiver address validation * add tests to increase coverage * add test API URL * redeployed AcrossV4 to staging * fixed demo script * Update test/solidity/Facets/Across/V4/AcrossFacetPackedV4.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix tests * fix demo script * update license identifier * use consola instead of console * Update test/solidity/Facets/Across/V4/AcrossFacetV4.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * comment updated (audit issue #1) * added refundAddress validation (and disclaimer in packed facet) * added disclaimer (audit issue #3) * replace hardcoded value with constant (audit issue #4) * replace exclusivityDeadline with exclusivityParameter (audit issue #5) * update data length validation (audit issue #6) * removed sendingAssetId from PackedParameters struct (audit issue #7) * redeployed to ARB staging * fix docs * Update script/demoScripts/demoAcrossV4.ts Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update test/solidity/Facets/Across/V4/AcrossFacetPackedV4.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * another docs fix * Update test/solidity/Facets/Across/V4/AcrossFacetPackedV4.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * rename tests * Update test/solidity/Facets/Across/V4/AcrossFacetV4OutputAmountIntegration.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fixed tests * update logic in AcrossFacetPacked to allow long destinationChainIds such as Solana * fix unit tests * update docs * added tests to Solana for AcrossFacetPacked * Update docs/AcrossFacetPackedV4.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * set outputAmount explicitly * fix integration tests * fix docs * fix issue in test * OPT staging update * PR cleanup * remove temporary test file * redeployed packed facet to OPT/ARB staging * remove unnecessary comments and type conversions * fix comment (audit issue #11) * add evm vs non-evm distinction to decoding functions (audit issue #12) * audit report added * fix json * remove unrelated filess --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
0xDEnYO
added a commit
that referenced
this pull request
Sep 16, 2025
* first draft AcrossFacetV4 * update interface * docs added * fix event and input validation * add deploy and update scripts for facet * added Across chainId for Solana * add ReceiverAcrossV4 * add initial test file for AcrossFacetV4 * add initial AcrossFacetPackedV4 and related files * remove max-line-length rule from linter * add constructor parameter validation * fix tests for AcrossFacetV4 * all existing tests fixed * add initial tests for outputMultiplier * reorg test files * all tests fixed * update licenses of deploy scripts * update deploy requirements * deployed to ARB/OPT staging * remove safeTransferLib from packed facet * add sendingAssetId in bytes32 as parameter * fix some tests * tests fixed * updated staging deployments * update AcrossV4 demoscript * update interface * update deploy log * rename test case * fix comments in demo script * smaller fixes * add constructor parameter validation to packed facet * add missing validation for parameter * use existing helper function to access deployments * fix Receiver docs file * added type helpers for bridgeData in demoScripts * add receiver address validation * remove failing (outdated) LibAsset test * add non-0 receiver address validation * add tests to increase coverage * add test API URL * redeployed AcrossV4 to staging * fixed demo script * Update test/solidity/Facets/Across/V4/AcrossFacetPackedV4.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix tests * fix demo script * update license identifier * use consola instead of console * Update test/solidity/Facets/Across/V4/AcrossFacetV4.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * comment updated (audit issue #1) * added refundAddress validation (and disclaimer in packed facet) * added disclaimer (audit issue #3) * replace hardcoded value with constant (audit issue #4) * replace exclusivityDeadline with exclusivityParameter (audit issue #5) * update data length validation (audit issue #6) * removed sendingAssetId from PackedParameters struct (audit issue #7) * redeployed to ARB staging * fix docs * Update script/demoScripts/demoAcrossV4.ts Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Update test/solidity/Facets/Across/V4/AcrossFacetPackedV4.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * another docs fix * Update test/solidity/Facets/Across/V4/AcrossFacetPackedV4.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * rename tests * Update test/solidity/Facets/Across/V4/AcrossFacetV4OutputAmountIntegration.t.sol Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fixed tests * update logic in AcrossFacetPacked to allow long destinationChainIds such as Solana * fix unit tests * update docs * added tests to Solana for AcrossFacetPacked * Update docs/AcrossFacetPackedV4.md Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * set outputAmount explicitly * fix integration tests * fix docs * fix issue in test * OPT staging update * PR cleanup * remove temporary test file * redeployed packed facet to OPT/ARB staging * remove unnecessary comments and type conversions * fix comment (audit issue #11) * add evm vs non-evm distinction to decoding functions (audit issue #12) * audit report added * fix json * remove unrelated filess * add helper functions for multichain (and -evm) execution * deployed to lens * deployed to zksync * deployed to 3 cancun networks * deployed 12 london networks * verified zksync * diamond logs updated * remove unrelated files --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
ezynda3
added a commit
that referenced
this pull request
Oct 6, 2025
Define and use constants for: - NATIVE_REWARD_AMOUNT (0) - ALLOW_PARTIAL_FILL (false) - SOLANA_ENCODED_ROUTE_LENGTH (319) - SOLANA_RECEIVER_OFFSET (251) - SOLANA_RECEIVER_END (283) - SOLANA_ADDRESS_MIN_LENGTH (32) - SOLANA_ADDRESS_MAX_LENGTH (44) Improves code maintainability and makes the intent behind each value explicit. Resolves audit issue #1
ezynda3
added a commit
that referenced
this pull request
Oct 10, 2025
* config: whitelist new OKX contract * bootstrap * real fork test * refactor * deploy to staging * simple demo * fix * docs * revert * update * fix tests * redeploy to staging + update demo script * update demo script * update contract, test, demo to work with updated Eco interface * redeploy to staging and update demo * Upgrade EcoFacet to use Portal V2 contract (#1379) * feat: upgrade EcoFacet to use Portal V2 contract - Update IEcoPortal interface to match Portal V2 structure - Rename intentSource to portal throughout the codebase - Add routeDeadline field to EcoData struct - Update Intent struct to include destination field - Modify Route and Reward structs to match V2 specification - Update config with new Portal contract addresses - Adjust tests and deployment scripts for Portal V2 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * fix: field order in reward struct * feat: add Tron and Solana support to EcoFacet - Add second publishAndFund overload to IEcoPortal for Solana's encoded route - Add encodedRoute field to EcoData struct for Borsh-encoded Solana data - Implement chain ID mapping (_getEcoChainId) for Tron (728126428) and Solana (1399811149) - Extract _buildReward helper to avoid code duplication - Update _publishIntent with conditional logic for Solana vs EVM/Tron paths - Add comprehensive tests for both Tron and Solana bridging - Add Tron configuration to eco.json * refactor: simplify EcoFacet to use encodedRoute universally - Use encodedRoute parameter for all chains (EVM, Tron, Solana) - Remove destinationCalls and route building logic - Remove unused fields from EcoData struct (receivingAssetId, salt, destinationPortal, routeDeadline) - Update tests to use real Eco Portal on Base mainnet (0x2b7F87a98707e6D19504293F6680498731272D4f) - Fix all failing unit tests to work with simplified contract 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> * refactor: remove Intent struct and simplify EcoFacet implementation - Remove unused Intent, Route, and Call structs from IEcoPortal interface - Eliminate intermediate Intent struct construction in _startBridge - Inline _publishIntent logic directly into _startBridge for clarity - Directly pass parameters to publishAndFund without creating unnecessary structs - Keep only the publishAndFund overload that accepts individual parameters This simplification reduces code complexity and improves efficiency by avoiding unnecessary intermediate data structures while maintaining the same functionality. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> --------- Co-authored-by: Claude <noreply@anthropic.com> * update demo script * handle solana * add swap demo * update docs * update constants * boost coverage * update * update * fix: address PR review comments for EcoFacet - Rename portal to PORTAL for consistency with recent facets - Add NatSpec documentation for constructor - Store Eco chain IDs as immutable variables - Add chain ID bounds check to prevent uint64 overflow - Update solver reward documentation to clarify native/ERC20 usage - Clarify encoded route description - Optimize gas by reducing redundant isNative checks - Fix test function names to follow naming convention - Add destination calls validation modifier - Remove problematic destination calls test - Document receiverAddress vs nonEVMReceiver usage * validate * validate * cleanup * verify solana * update portal * fix: improve Solana recipient extraction from Borsh-encoded routes (#1392) - Validate route is exactly 319 bytes for Solana transfers - Extract recipient from correct position (bytes 251-282) in TransferChecked instruction - Add detailed comments explaining Borsh encoding structure 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Claude <noreply@anthropic.com> * update to properly validate * fix * update docs * update tests * fix * fix coverage * validate ATA vs solana address * Update script/demoScripts/demoEco.ts Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * eliminate redundant checks * remove useless internal func * update docs * remove changelog * fixes * update helper func names * validate solana dst against NON_EVM_RECEIVER * document known issue with positive slippage * update tests * optimizations * redeploy to staging * add clarification * remove * combine helpers * remove extra checks * refactor * remove native token support * fix: reject NON_EVM_ADDRESS for non-Solana destinations Prevents invalid configurations where NON_EVM_ADDRESS is used for EVM-compatible chains like TRON. Only Solana destinations should use NON_EVM_ADDRESS as the receiver. Resolves audit issue #9 * fix: prevent native token loss and refund excess - Remove payable modifier from startBridgeTokensViaEco to prevent accidental native token deposits that would be permanently locked - Add refundExcessNative modifier to swapAndStartBridgeTokensViaEco to refund any excess native tokens sent beyond swap requirements - Update test to reflect non-payable function signature Resolves audit issue #7 * fix: add lower bound validation for Solana address length Add minimum length check (32 characters) for Solana addresses to match documented behavior. Solana addresses are base58-encoded and must be between 32-44 characters. Resolves audit issue #6 * fix: validate prover and rewardDeadline parameters Add validation for critical reward parameters in _validateEcoData: - Ensure prover address is not zero - Ensure rewardDeadline is non-zero and in the future These parameters are essential for the Eco Protocol reward mechanism. Resolves audit issue #10 * fix: emit BridgeToNonEVMChain only for Solana destinations Change event emission logic to use chain ID check instead of nonEVMReceiver length. This ensures the event only fires for actual non-EVM destinations (Solana) and prevents misleading events for EVM-compatible chains. Resolves audit issue #3 * refactor: inline depositAmount calculation for gas savings Remove intermediate depositAmount variable and pass expression directly to LibAsset.depositAsset. Saves ~100 gas by eliminating unnecessary stack operations. Resolves audit issue #4 * refactor: replace magic numbers with named constants Define and use constants for: - NATIVE_REWARD_AMOUNT (0) - ALLOW_PARTIAL_FILL (false) - SOLANA_ENCODED_ROUTE_LENGTH (319) - SOLANA_RECEIVER_OFFSET (251) - SOLANA_RECEIVER_END (283) - SOLANA_ADDRESS_MIN_LENGTH (32) - SOLANA_ADDRESS_MAX_LENGTH (44) Improves code maintainability and makes the intent behind each value explicit. Resolves audit issue #1 * refactor: remove redundant explicit zero value in portal call Remove '{ value: 0 }' from PORTAL.publishAndFund call as it's redundant (default is 0). Simplifies code and slightly reduces bytecode size. Resolves audit issue #8 * refactor: remove redundant receiverAddress from EcoData BREAKING CHANGE: Remove receiverAddress field from EcoData struct as it duplicates _bridgeData.receiver. The receiver is already validated from the encodedRoute for EVM chains and through nonEVMReceiver for Solana. This saves gas and simplifies the API by removing redundant data. Resolves audit issue #2 * fix: update demoEco.ts to use new EcoData structure Remove receiverAddress field from EcoData struct usage in demo script to match the updated contract interface. * redeploy to staging * add inline doc about native refunds * fix typo * redeploy to staging * update internal calculations to deduct fee from passed minAmount * remove unneeded var * chore: add EcoFacet and IEcoPortal v1.0.0 audit entry --------- Co-authored-by: Mathias Möller <matze.moeller@gmail.com> Co-authored-by: Carlos Febres <carlosfebres97@gmail.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
0xDEnYO
added a commit
that referenced
this pull request
Dec 1, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.