[PLEX-2731] - Cre forwarder#87
Open
ilija42 wants to merge 23 commits into
Open
Conversation
ilija42
changed the title
ilija42
changed the title
Soroban Contract Test Coverage93.21% line coverage — 18033 / 19347 lines hit
Per-Contract Breakdown
Full file-level coverage report |
Integration Test Coverage (excl. Token Pool) |
Integration Test Coverage (Token Pool) |
There was a problem hiding this comment.
Pull request overview
Adds a new Soroban smart contract crate (contracts/cre) implementing a “KeystoneForwarder” with ownership, forwarder registry, config management, signature verification, receiver dispatch, and transmission tracking for CRE report forwarding.
Changes:
- Introduces the KeystoneForwarder contract, storage schema, and event types.
- Adds an extensive Rust test suite covering initialization, config lifecycle, signature validation, replay rules, and receiver behavior.
- Registers the new crate in the workspace (and lockfile) and adds a local Makefile for build/test.
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| contracts/cre/src/lib.rs | Core contract implementation: ownership/initialization guards, config + forwarder registry, report validation + signature verification, receiver dispatch + transmission tracking |
| contracts/cre/src/types.rs | Contract storage/data model types (config, transmissions, storage keys, state enums) |
| contracts/cre/src/events.rs | Contract event definitions for forwarder/config/report processing |
| contracts/cre/src/test.rs | Comprehensive end-to-end and negative-path tests, plus crypto/test fixtures and mock receivers |
| contracts/cre/Cargo.toml | New crate manifest and dependencies/dev-dependencies |
| contracts/cre/Makefile | Local build/test/fmt targets for the new contract crate |
| Cargo.toml | Adds contracts/cre to the workspace members |
| Cargo.lock | Adds lock entries for the new crate and dev-deps |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+578
to
+583
| fn receiver_contract_id_bytes(env: &Env, receiver: &Address) -> Bytes { | ||
| match receiver.to_payload() { | ||
| Some(AddressPayload::ContractIdHash(hash)) => Bytes::from(hash), | ||
| _ => panic_with_error!(env, Error::InvalidReceiver), | ||
| } | ||
| } |
Comment on lines
+163
to
+172
| if f == 0 { | ||
| panic_with_error!(&env, Error::FaultToleranceMustBePositive); | ||
| } | ||
| if signers.len() > MAX_ORACLES { | ||
| panic_with_error!(&env, Error::ExcessSigners); | ||
| } | ||
| // BFT bound: need ≥ 3f + 1 signers configured to tolerate f faulty. | ||
| if signers.len() < f * 3 + 1 { | ||
| panic_with_error!(&env, Error::InsufficientSigners); | ||
| } |
| soroban-sdk = { workspace = true, features = ["testutils", "hazmat-address"] } | ||
| k256 = { version = "0.13", features = ["ecdsa"] } | ||
| sha3 = "0.10" | ||
| hex = "0.4" |
Collaborator
There was a problem hiding this comment.
nitpick: could be useful to move those to workspace deps so all contracts can use the same version, we'd need to do the same in CCIP contracts for things like sha3
| // Storage TTL constants (ledger counts; 1 ledger ≈ 5 s on Mainnet). | ||
| // TODO adjust | ||
| const BUMP_FOR_60_DAYS: u32 = 1_036_800; // ~60 days | ||
| const BUMP_AFTER_30_DAYS: u32 = 518_400; // ~30 days |
Collaborator
There was a problem hiding this comment.
I recommend making this configurable using instance storage
| _ => unreachable!("unexpected CCIPError variant from Ownable/Initializable"), | ||
| } | ||
| } | ||
| } |
Collaborator
There was a problem hiding this comment.
nitpick: moving this into its own file could be helpful
faisal-chainlink
requested changes
Jun 3, 2026
| <KeystoneForwarder as Ownable>::require_owner(env)?; | ||
| env.storage() | ||
| .instance() | ||
| .extend_ttl(BUMP_AFTER_30_DAYS, BUMP_FOR_60_DAYS); |
Collaborator
There was a problem hiding this comment.
instance storage does not require extending the TTL as it lives as long as the contract itself
Comment on lines
+369
to
+372
| fn ensure_initialized(env: &Env) { | ||
| <KeystoneForwarder as Initializable>::require_initialized(env) | ||
| .unwrap_or_else(|_| panic_with_error!(env, Error::Uninitialized)); | ||
| } |
Collaborator
There was a problem hiding this comment.
This helper can be made into a one liner with the following change:
Suggested change
| fn ensure_initialized(env: &Env) { | |
| <KeystoneForwarder as Initializable>::require_initialized(env) | |
| .unwrap_or_else(|_| panic_with_error!(env, Error::Uninitialized)); | |
| } | |
| fn ensure_initialized(env: &Env) -> Result<(), Error> { | |
| <KeystoneForwarder as Initializable>::require_initialized(env).map_err(|e| e.into()) | |
| } |
Subsequent uses of the method could be as follows:
fn assert_owner(env: &Env) -> Result<(), Error> {
ensure_initialized(env)?; // the `?` would take care of the panic
//....
}| metadata: raw_report.slice(FORWARDER_METADATA_LENGTH..METADATA_LENGTH), | ||
| payload: raw_report.slice(METADATA_LENGTH..raw_report.len()), | ||
| } | ||
| } |
Collaborator
There was a problem hiding this comment.
Could be cleaner to move this into an impl of the ParsedReport type which you'd call with something like:
ParsedReport::From(...)
Collaborator
There was a problem hiding this comment.
That impl would then be extended to include the config_id() method as well
|
|
||
| // ───────────────────────────────────────────────────────────────────────────── | ||
| // Signature verification | ||
| // ───────────────────────────────────────────────────────────────────────────── |
Collaborator
There was a problem hiding this comment.
There's a trait in common that might be helpful here called SignatureQuorum, I'm not sure if it's exactly what you need but could save you from writing the signature verification code here as well
|
Code coverage report:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.