-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MultiAggregateRateLimiter - validation based contract with OffRamp implementation #916
Conversation
LCOV of commit
|
contracts/src/v0.8/ccip/validators/MultiAggregateRateLimiter.sol
Outdated
Show resolved
Hide resolved
@@ -1,75 +1,284 @@ | |||
// SPDX-License-Identifier: BUSL-1.1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
note: would like to move this under a separate folder group (under validators/
) - keeping in root for diff
I don't follow, would you be combining the outgoing and incoming rate limits? We cannot do that |
You mean it should reset? I'd argue it doesn't |
Go solidity wrappers are out-of-date, regenerate them via the |
contracts/src/v0.8/ccip/test/helpers/MessageInterceptorHelper.sol
Outdated
Show resolved
Hide resolved
3ed2606
to
0faa19f
Compare
…rt (#939) ## Motivation Follow up of #916 to integrate non-EVM token support, and convert `rateLimitedTokens` configuration to be per-chain. This converts the multi-ARL to be truly multi-lane and untied from EVM2EVM to EVM2Any, Any2EVM ## Solution * Add `chainSelector` to rate limit tokens state * Convert addresses from `bytes` to `bytes32` (for now assuming that we can fit token addresses in `bytes32` for all non-EVM chains)
Motivation
Re-designs the usage of the aggregate rate limiter, with a focus on the OffRamp. The main motivations are:
Solution
The solution consists of multiple parts:
IMessageValidator
: an interface for hook contracts that can be plugged into OffRamps/OnRamps to validate messages. The validation functions revert if the validation criteria are not metMultiAggregateRateLimiter
: theAggregateRateLimiter
contract, but converted to support multiple chains, with rate-limit specific logic pulled in from the OffRamp. The contract now implements theIMessageValidator
interfaceMultiOffRamp
: allows configuring an optionalIMessageValidator
, which can perform any validation (in this case, we could set it to aMultiAggregateRateLimiter
contract)RateLimiterNoEvents
: theRateLimiter
library converted to exclude events (since they should now be per-chain). It was not converted to aRateLimiterMultiChain
to maintain the simplicity of the library (since it should only act as a token bucket)Design choices
validateIncomingMessage
does not batch messages. The reason for this is:Any2EVM
. Passing a batch ofAny2EVM
messages requires more complex refactoring since we only haveEVM2EVM
messages, which only get converted inexecuteSingleMessage
releaseOrMint
logic, which treats each message as a single isolated unitMultiAggregateRateLimiter
/IMessageValidator
contract should be used by both the OnRamp and the OffRamp,which means that the rate limiting state is sharedWe do not make a distinction of lanesrc -> dest
anddest -> src
IMessageValidator
get caught by the validations in the ramps. The reason is simplicity - unexpected failures should not trigger unexpected bubbling reverts, and with this approach we do not need to handle each specific validation errorOut of scope for this PR
MultiAggregateRateLimiter
MultiARL
/IMessageValidator
(passing an array instead of a single message)MultiARL
should be per-lane or globalMulti-ARL state resets on re-deployment for a lane