Conversation
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 9. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the frontend-minor-patch group with 13 updates: | Package | From | To | | --- | --- | --- | | [@eth-optimism/viem](https://github.com/ethereum-optimism/ecosystem/tree/HEAD/packages/viem) | `0.3.2` | `0.4.15` | | [@radix-ui/react-separator](https://github.com/radix-ui/primitives) | `1.1.2` | `1.1.8` | | [@radix-ui/react-slot](https://github.com/radix-ui/primitives) | `1.1.2` | `1.2.4` | | [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.0.6` | `4.2.4` | | [@tanstack/react-query](https://github.com/TanStack/query/tree/HEAD/packages/react-query) | `5.66.0` | `5.100.8` | | [abitype](https://github.com/wevm/abitype) | `1.0.8` | `1.2.4` | | [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.0.1` | `3.5.0` | | [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.0.6` | `4.2.4` | | [viem](https://github.com/wevm/viem) | `2.23.1` | `2.48.8` | | [eslint-plugin-react-refresh](https://github.com/ArnaudBarre/eslint-plugin-react-refresh) | `0.4.19` | `0.5.2` | | [mprocs](https://github.com/pvolok/mprocs) | `0.7.2` | `0.9.2` | | [prettier](https://github.com/prettier/prettier) | `3.5.0` | `3.8.3` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.24.0` | `8.59.1` | Updates `@eth-optimism/viem` from 0.3.2 to 0.4.15 - [Changelog](https://github.com/ethereum-optimism/ecosystem/blob/main/packages/viem/CHANGELOG.md) - [Commits](https://github.com/ethereum-optimism/ecosystem/commits/HEAD/packages/viem) Updates `@radix-ui/react-separator` from 1.1.2 to 1.1.8 - [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md) - [Commits](https://github.com/radix-ui/primitives/commits) Updates `@radix-ui/react-slot` from 1.1.2 to 1.2.4 - [Changelog](https://github.com/radix-ui/primitives/blob/main/release-process.md) - [Commits](https://github.com/radix-ui/primitives/commits) Updates `@tailwindcss/vite` from 4.0.6 to 4.2.4 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/@tailwindcss-vite) Updates `@tanstack/react-query` from 5.66.0 to 5.100.8 - [Release notes](https://github.com/TanStack/query/releases) - [Changelog](https://github.com/TanStack/query/blob/main/packages/react-query/CHANGELOG.md) - [Commits](https://github.com/TanStack/query/commits/@tanstack/react-query@5.100.8/packages/react-query) Updates `abitype` from 1.0.8 to 1.2.4 - [Release notes](https://github.com/wevm/abitype/releases) - [Commits](https://github.com/wevm/abitype/compare/abitype@1.0.8...abitype@1.2.4) Updates `tailwind-merge` from 3.0.1 to 3.5.0 - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](dcastil/tailwind-merge@v3.0.1...v3.5.0) Updates `tailwindcss` from 4.0.6 to 4.2.4 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.4/packages/tailwindcss) Updates `viem` from 2.23.1 to 2.48.8 - [Release notes](https://github.com/wevm/viem/releases) - [Commits](https://github.com/wevm/viem/compare/viem@2.23.1...viem@2.48.8) Updates `eslint-plugin-react-refresh` from 0.4.19 to 0.5.2 - [Release notes](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/releases) - [Changelog](https://github.com/ArnaudBarre/eslint-plugin-react-refresh/blob/main/CHANGELOG.md) - [Commits](ArnaudBarre/eslint-plugin-react-refresh@v0.4.19...v0.5.2) Updates `mprocs` from 0.7.2 to 0.9.2 - [Release notes](https://github.com/pvolok/mprocs/releases) - [Changelog](https://github.com/pvolok/mprocs/blob/master/CHANGELOG.md) - [Commits](pvolok/mprocs@v0.7.2...v0.9.2) Updates `prettier` from 3.5.0 to 3.8.3 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.5.0...3.8.3) Updates `typescript-eslint` from 8.24.0 to 8.59.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.59.1/packages/typescript-eslint) --- updated-dependencies: - dependency-name: "@eth-optimism/viem" dependency-version: 0.4.15 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@radix-ui/react-separator" dependency-version: 1.1.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: "@radix-ui/react-slot" dependency-version: 1.2.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/vite" dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tanstack/react-query" dependency-version: 5.100.8 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: abitype dependency-version: 1.2.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: tailwind-merge dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: tailwindcss dependency-version: 4.2.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: viem dependency-version: 2.48.8 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: eslint-plugin-react-refresh dependency-version: 0.5.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: mprocs dependency-version: 0.9.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: prettier dependency-version: 3.8.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: typescript-eslint dependency-version: 8.59.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: frontend-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…-patch-9300c1926b chore(deps): bump the frontend-minor-patch group with 13 updates
…kout-6 chore(deps): bump actions/checkout from 5 to 6
…p-node-6 chore(deps): bump actions/setup-node from 5 to 6
…ad-artifact-7 chore(deps): bump actions/upload-artifact from 4 to 7
…ub-script-9 chore(deps): bump actions/github-script from 7 to 9
Add Phase 1 foundation documentation for team scaling and professional maintenance: CONTRIBUTING.md: - Local development setup instructions (Node, Foundry, super-cli) - Feature branch workflow with conventional commits - Code standards (TypeScript, Solidity, Testing) - PR submission checklist and review process - Testing guidelines and test structure - Troubleshooting for common dev issues DEPLOYMENT.md: - Step-by-step staging deployment runbook (OP Sepolia) - Mainnet deployment procedures with gates - Pre/post-deployment checklists - Evidence generation and verification - Monitoring and health checks - Rollback procedures for emergency scenarios - Comprehensive troubleshooting guide - Command cheat sheet and timeline estimates TROUBLESHOOTING.md: - Development setup issues (pnpm, Node, Foundry, super-cli, git hooks) - Smart contract issues (architecture guard, layering guard, Slither findings) - Frontend development issues (port conflicts, TypeScript errors, module resolution) - Testing issues (hanging tests, gas, balance) - Deployment issues (insufficient funds, timeouts, RPC problems) - CI/CD workflow issues (stuck workflows, secrets, version mismatches) - Network & RPC issues (timeouts, contract not found, chain ID) .github/CODEOWNERS: - Enhanced documentation with clear sections - Added review requirements annotations - Better organization for team scaling - Maintains strict single-owner model (ready for multi-owner when scaling) Impact: - Enables solo maintainer to self-document workflows - Provides clear onboarding path for new contributors - Establishes professional deployment procedures - Reduces support burden with comprehensive troubleshooting - Foundation for team collaboration (docs ready for team addition) - Production-ready documentation for auditors and stakeholders This commit fulfills Phase 1 foundation requirements: ✅ CONTRIBUTING.md created ✅ DEPLOYMENT.md runbook created ✅ TROUBLESHOOTING.md created ✅ CODEOWNERS enhanced and documented Ready for: Phase 2 (interactive UI) and Phase 3 (security audit planning) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bump github/codeql-action from v3 to v4 to resolve Node.js 20 deprecation warnings on CI.
…ner, and verification scripts (#19) * docs: replace roadmap with lean security next-steps guide * fix(docs): remove duplicate required-check entries in BRANCHING.md
#23) * ci: extract reusable frontend/slither/secrets workflows * ci(security): apply codereview pinning and permissions fixes
- Wrap sendERC20 in try/catch; clear approval and revert with BridgeFailed() on failure - Extract IRYLA interface (inherits IERC20); MARKSettlementModule decoupled from concrete RYLA type - Add unit test for BridgeFailed catch branch
- Add missing required checks (Secrets Drift Guard, Release Gate Container) to all branch matrices - Fix Analyze (JavaScript/TypeScript) casing to match canonical check names - Fixes Validate Governance Policy Consistency CI check
Add --slow to forge script broadcast so Foundry waits for each transaction receipt before the verify step runs.
Solo maintainer cannot approve own PRs. CI gates are the enforcement mechanism. Removes MAIN_REVIEW_COUNT/DEV_REVIEW_COUNT vars, adds approval count verification to verify-governance.sh.
Restricts direct pushes on all branches to trade/maintainers team. Removes unused helper functions. verify-governance.sh now checks push restriction team slug.
drizzle-orm@0.38.4 is transitive from @eth-optimism/super-cli. Updated ignore rule to match installed version. All four Dependabot alerts dismissed as tolerable risk.
Adds Groth16SettlementVerifier implementing IUTXOSettlementVerifier via swappable IGroth16Verifier. 12 unit tests passing. AttestedSettlementVerifier remains active production verifier.
Adds UTXOSettlement circom circuit. Poseidon-based UTXO ownership proof. 602 constraints, 6 witness tests passing.
Adds MARKPool shielded RYLA transfer pool. 88 unit tests passing.
Rewrites MARKPool from scratch for MARK's own UTXOSettlement circuit. UTXOVerifier.sol regenerated from MARK's own trusted setup. 84 unit tests passing.
Range constraints on recipient/chainId/settlementModule/amount. isMint burn path in MARKPool. Trusted setup rerun. 84 tests passing.
* feat(pool): add MARKPool ZK UTXO pool domain
Introduces the full pool domain for private RYLA transfers:
Contracts:
- MARKPool: ZK UTXO pool with Merkle tree, fee policy, bridge-out/in,
withdraw binding, AccessManaged access control
- MARKWithdrawAdapter: EIP-712 signature-based withdrawal adapter
- RYLACreditLedger: ICreditLedger adapter bridging MARKPool to RYLA
mint/burn; restricted to pool caller only (onlyPool)
- PoolFeePolicy, PoolPublicInputs, PoolValidation: pool support libraries
- MARKPoolVerifier: Groth16 verifier generated from MARKPool circuit
(13 public signals, pot15 trusted setup)
Interfaces: ICreditLedger, IVerifier, IPoolBridge, IPoolNullifier
Crypto: MerkleTree (Poseidon, depth-20), ProofUtils, PoseidonT3
Circuit:
- circuits/mark/MARKPool.circom: MARK-native UTXO circuit (depth=20,
2-in/2-out, 13 public signals); renamed from prototype utxo.circom,
domain constants documented as permanent, hardcoded fee policy removed
- circuits/setup.mjs: trusted setup script (pot15)
- circuits/test/MARKPool.test.mjs: 13 witness tests
CI: circuits-ci.yml runs witness tests on every PR
Tests: MARKPool.t.sol (22), MARKWithdrawAdapter.t.sol (9),
RYLACreditLedger.t.sol (8)
* fix(pool): fix PoolErrors, domain separators, remove dead code
- PoolErrors.sol: rewrite to match Pool.sol, PoolValidation.sol, and
MerkleTree.sol — adds 25 missing errors (build was broken), removes
18 errors only used by the old MARKPool prototype
- MARKPool.sol: rename domain separator Pool.WithdrawBinding.v1 to
MARKPool.WithdrawBinding.v1 (permanent, must be set before deploy)
- MARKWithdrawAdapter.sol: rename domain separator
WithdrawAdapter.Intent.v1 to MARKWithdrawAdapter.Intent.v1
- UTXOVerifier.sol: delete (built for old 4-signal circuit, wrong
interface, superseded by MARKPoolVerifier.sol)
- IUTXOVerifier.sol: delete (superseded by IVerifier.sol)
- UTXOSettlement.circom: delete (superseded by MARKPool.circom)
- Groth16SettlementVerifier.sol: update stale comment
- KNOWN_ISSUES.md: add KI-7 (two-circuit architecture), KI-8 (pool
domain access control model)
- foundry.toml: via_ir = true for pool domain compilation
* fix(pool): immutable naming, deploy script, docs, invariants, arch guard
- MARKPool, MARKWithdrawAdapter: rename immutables to SCREAMING_SNAKE_CASE
(assetLedger->ASSET_LEDGER, proofPool->PROOF_POOL)
- MARKPool: remove _assetLedger from constructor; add setAssetLedger()
one-time restricted setter to break circular deploy dependency with
RYLACreditLedger
- DeployMARKPool.s.sol: full deployment script for pool domain
(AccessManager, MARKPool, RYLACreditLedger, MARKWithdrawAdapter)
- MARKPool.sol: add withdrawal flow NatSpec (burn-to-claim model)
- ARCHITECTURE.md: add pool/withdraw domains, dependency rules, and
withdrawal flow section
- MARKPoolInvariants.t.sol: 3 invariants (nullifiers never unspent,
withdraw bindings immutable, root queue only grows)
- architecture-guard.sh: add pool->settlement/bridge and
withdraw->settlement/bridge isolation rules
* fix(pool): fix deploy script role grant and ASSET_LEDGER null guard
- DeployMARKPool.s.sol: grant POOL_ADMIN_ROLE to deployer during setup
so setAssetLedger/setIntentSigner calls succeed when deployer != owner;
revoke deployer role after setup completes
- MARKPool._applyFee: revert InvalidAssetLedger if ASSET_LEDGER is not
set and a non-zero fee is applied (prevents silent call to address(0))
* fix(ci): compile circuit before running witness tests
circuits/build/ is gitignored so the WASM and witness_calculator.js
are not in the repo. Add circom install and npm run build steps before
npm test so CI compiles the circuit fresh on each run.
* fix(ci): create build dir before circom compile
* refactor(pool): pre-merge improvements
- Rename immutables to SCREAMING_SNAKE_CASE: assetLedger->ASSET_LEDGER,
proofPool->PROOF_POOL (MARKPool.sol, MARKWithdrawAdapter.sol)
- MARKPool: remove _assetLedger from constructor, add setAssetLedger()
one-time restricted setter to break circular deploy dependency with
RYLACreditLedger
- MARKPool: add withdrawal flow documentation to contract NatSpec
- ARCHITECTURE.md: add pool/withdraw domains, dependency rules, and
withdrawal flow explanation
- DeployMARKPool.s.sol: deployment script for MARKPool, RYLACreditLedger,
MARKWithdrawAdapter with AccessManager configuration
- MARKPoolInvariants.t.sol: 3 invariants (nullifiers never unspent,
withdraw bindings immutable, root queue only grows)
- architecture-guard.sh: add pool and withdraw domain isolation rules
* chore(pool): update circuits CI, setup, and pool errors
- circuits-ci.yml: updated to run MARKPool witness tests
- circuits/package.json: build/test scripts point to MARKPool.circom
- circuits/setup.mjs: updated for MARKPool.circom trusted setup
- circuits/test/MARKPool.test.mjs: cleaned up test file
- contracts/KNOWN_ISSUES.md: updated KI-7 for current two-circuit state
- contracts/src/pool/errors/PoolErrors.sol: add missing blank line
* fix(pool): address CodeRabbit review findings
- circuits-ci.yml: fix circom install permissions (use sudo mv to
/usr/local/bin instead of direct write which fails on GH Actions)
- PoolErrors.sol: add clarifying comment to FixedFeePolicy explaining
it fires when minFee > 1 (not a fee-rate policy, a range guard)
- MARKWithdrawAdapter.sol: document personal_sign intent on
computeWithdrawIntentDigest (EIP-191 is intentional, not EIP-712)
bridgeIn replay protection finding: already fixed in current code
(processedBridgeMessages mapping + check at line 390) — stale finding.
* fix(pool): address second round CodeRabbit findings
- setup.mjs: use crypto.randomBytes for ceremony entropy (Date.now is
predictable), add mkdirSync for build/, fix EJS template loading to
use readFileSync instead of dynamic import with assert (unsupported
in Node 20/22/24 ESM)
- circuits-ci.yml: pin circom to v2.2.3 instead of latest, add version
verification step
- KNOWN_ISSUES.md: fix misleading 'settlement-specific verifier' wording
— MARKPoolVerifier is a shared pool verifier, not settlement-specific
- MARKPool.sol: fix NatSpec EIP-712 reference to EIP-191 (personal_sign)
* feat(pool): add pool E2E test, fix RYLACreditLedger caller model
RYLACreditLedger:
- Separate credit (pool-only) and debit (adapter-only) callers
- Add setAdapter() one-time setter to break circular deploy dependency
(adapter constructor needs ledger, ledger needs adapter address)
- Add AdapterAlreadySet error
DeployMARKPool.s.sol:
- Call ledger.setAdapter(adapter) after adapter deployment
Tests:
- RYLACreditLedger.t.sol: updated for new caller model, 11 tests
- MARKWithdrawAdapter.t.sol: add setAdapter call in setUp
- MARKPoolE2E.t.sol: full withdrawal flow E2E test (3 tests)
- testFullWithdrawalFlow: mint RYLA -> transactWithWithdrawBinding
-> withdrawWithSig -> verify RYLA burned, ETH received
- testNullifierReplayRejected
- testBindingMismatchRejected
134/134 tests pass
* feat(pool): add ReleasePool.s.sol orchestrator and pool env vars
- ReleasePool.s.sol: release orchestrator for pool stack following the
same pattern as ReleaseMARK.s.sol — preflight checks, deploy via
DeployMARKPool, post-deploy verification (wiring checks + RYLA roles),
JSON artifact write
- .env.example: add pool stack env vars (MARK_POOL_VERIFIER,
MARK_POOL_OWNER, MARK_POOL_INTENT_SIGNER, release flags, artifact
path, post-deploy verify addresses)
* fix(pool): security fixes and dead code removal
RYLACreditLedger:
- Add OWNER immutable (set to msg.sender in constructor)
- Restrict setAdapter to OWNER to prevent front-running between
deployment and the setAdapter call in the release script
- Add testSetAdapterRevertsForNonOwner test
- Add clarifying NatSpec to totalCreditsOutstanding explaining it
tracks only flows through this ledger, not total RYLA supply
MARKWithdrawAdapter:
- Move ETH transfer before ASSET_LEDGER.debit — if ETH transfer
fails, RYLA is no longer burned (was a loss-of-funds bug)
MARKPool:
- Remove dead _seedRoot function (defined but never called)
- Add NatSpec to computePublicInputsWithWithdraw clarifying
chainId vs dstChainId semantics
* fix(test): fix nullifier replay test to use fresh signatures
testNullifierReplayRejected was reusing signatures computed for nonce N
in the second withdrawWithSig call with nonce N+1, causing a NonceMismatch
revert instead of exercising nullifier replay protection. Now recomputes
the intent hash and signs with the updated nonce so the revert is caused
by NullifierAlreadyClaimed as intended.
* fix(pool): guard totalCreditsOutstanding against underflow
* feat(pool): add pool release CI check and deploy script tests
contracts-ci.yml:
- Add pool release dry-run and execute smoke steps to the
contracts-release-check job, reusing the Anvil instance and
RYLA token deployed by the settlement release step
- Assert pool release artifact schema (pool, ledger, adapter addresses)
MARKPoolDeployScripts.t.sol:
- testDeployMARKPoolWiresAllContracts: verifies all contract wiring
(pool<->ledger, ledger<->adapter, RYLA roles)
- testDeployMARKPoolSetsIntentSignerWhenProvided: verifies intent signer
is configured when MARK_POOL_INTENT_SIGNER is set
- testDeployMARKPoolRevertsWhenMissingTokenAdmin: verifies preflight
check rejects deployer without RYLA admin role
138/138 tests pass
* fix(pool): address final CodeRabbit findings
- contracts-ci.yml: remove '|| true' from pool release dry-run step;
use the deployed settlement module address as verifier (a real contract)
so the preflight code.length check passes without masking failures
- RYLACreditLedger.sol: fix NatSpec on totalCreditsOutstanding to
accurately describe accounting scope — _totalBurned can exceed
_totalMinted if RYLA is burned via other paths (e.g. settlement module)
* fix(ci): fix pool release CI failure and address CodeRabbit finding
contracts-ci.yml:
- Add --skip-simulation to pool release broadcast — PoseidonT3 (55,856
bytes) exceeds EIP-170 limit and cannot be deployed without refactoring
to a linked library; --skip-simulation tests script orchestration only
- Fix jq assertion to use regex validation instead of zero-address check,
rejecting null values and validating hex address format
KNOWN_ISSUES.md:
- Add KI-8 documenting PoseidonT3 contract size issue and required fix
before mainnet (deploy as standalone contract, call via interface)
* fix(ci): remove pool execute smoke, fix jq assertion, fix KI-7 wording
contracts-ci.yml:
- Remove pool release execute smoke step — MARKPool (24,841 bytes) and
PoseidonT3 (55,856 bytes) exceed EIP-170 limit and cannot be broadcast
to Anvil; pool deploy requires PoseidonT3 refactor (KI-8) first
- Keep pool release dry-run only (validates script logic and preflight)
- Remove the now-unused artifact assertion step
KNOWN_ISSUES.md:
- Fix KI-7: both pool and settlement systems use the same MARKPool
circuit — remove implication of distinct circuit designs
* fix(pool): add code.length checks to RYLACreditLedger constructor and setAdapter
Prevents EOAs from being set as TOKEN, POOL, or ADAPTER.
Adds InvalidContract error. 3 new tests cover the EOA rejection cases.
setUp uses vm.etch to give mock addresses contract bytecode.
* fix(contracts): harden settlement verifier flow and CI reliability
* fix(review): address open CI and pool verifier feedback
* refactor(pool): rename min fee guard error for clarity
* fix(pool,settlement): replace require strings and wrong errors with custom errors
PoolFeePolicy:
- Replace require(maxFeeBurnBps != 0, string) and require(feeBurnBps <= maxFeeBurnBps, string)
with custom error FeePolicyInvalidBps() — consistent with codebase style, lower gas
Groth16SettlementVerifier:
- Replace ZeroAddress() with VerifierNotAContract() for verifierContract code.length check
- Replace ZeroAddress() with SettlementModuleNotAContract() for settlementModule code.length check
- ZeroAddress was semantically wrong for non-zero addresses that have no code
* ci: trigger fresh CI run
* docs(pool): correct KI-8 — MARKPool itself is over EIP-170 size limit
Investigation: MARKPool is 24,960 bytes (over 24,576 limit) even without
PoseidonT3 inlining. via_ir=true already prevents PoseidonT3 from being
inlined. The fix requires splitting MARKPool into smaller contracts, not
just extracting PoseidonT3 as a standalone contract. Both are required.
* fix(pool): reduce MARKPool below EIP-170 size limit (24200 < 24576 bytes)
Size reductions (24961 -> 24200 bytes, -761 bytes):
- Remove redundant verifierAddr.code.length check in _verifyAndConsume
(already validated in setVerifier, cannot change after deployment)
- Remove redundant tail != rootQueueTail guard in _insertCommitmentsValidated
(always true after inserting 2 commitments)
- Inline _requireCommitmentsValid wrapper (single-line delegation)
- Inline _insertCommitments wrapper (only called from bridgeIn)
- Remove computePublicInputs and computePublicInputsWithWithdraw public
view functions from MARKPool — _buildPublicInputs now calls
PoolPublicInputs.build directly; off-chain callers use PoolPublicInputs
Bug fixes:
- PoolValidation: move NullifierDuplicate check before the loop so
duplicate nullifiers get the precise error, not NullifierUsed
- MARKPool.pause(): document that unpause() does NOT auto-restore
withdrawals (intentional asymmetry, requires explicit unpauseWithdrawals)
* fix: address CodeRabbit findings (circuits, Makefile, architecture-guard)
circuits/test/MARKPool.test.mjs:
- Remove unused buildMerklePath helper (tests use buildTwoLeafRoot)
circuits/setup.mjs:
- Add r1cs existence check before trusted setup with clear error message
contracts/Makefile:
- Restore test-core to exclude invariant tests (--no-match-path)
so ci-fast remains fast as documented
contracts/script/ci/architecture-guard.sh:
- Tighten all four import regexes to handle optional leading whitespace
and any number of ../ segments (prevents bypass via indented imports
or deeper relative paths)
* fix: address remaining CodeRabbit findings
contracts/src/pool/MARKPool.sol:
- setVerifier: add code.length check (consistent with constructor)
circuits/test/MARKPool.test.mjs:
- expectFail: only treat constraint/assertion failures as PASS;
rethrow other errors so regressions surface
contracts/KNOWN_ISSUES.md:
- KI-7: separate design capability from configuration state for
settlement system wording
* fix(circuits): lowercase error message comparison in expectFail
* docs(deployment): add Groth16SettlementVerifier wiring step (Step 18)
Documents the two post-deploy calls required to activate ZK-based
settlement: setSettlementModule and setVerifierContract on
Groth16SettlementVerifier, then setVerifier on MARKSettlementModule.
AttestedSettlementVerifier remains the fallback until wiring is complete.
…Verifier (#101) abi.decode reverts on malformed/short proof bytes, which propagated through MARKSettlementModule as a raw error instead of VerificationFailed. Fix: check proof.length == 672 before decoding (fixed ABI encoding size: uint256[2]+uint256[2][2]+uint256[2]+uint256[13] = 64+128+64+416 = 672). Malformed proofs now return false cleanly. Tests: testVerifySettlementReturnsFalseForMalformedProof, testVerifySettlementReturnsFalseForEmptyProof
test-core was running integration tests (which require supersim on port 9545) because --no-match-path on the command line overrides foundry.toml's no_match_path setting rather than adding to it. Use brace glob to exclude both invariant and integration tests.
… test (#103) testBridgeToTransfersTokensCrossChain switched to fork B and checked the recipient balance, but Foundry fork tests cannot simulate supersim's async message relay — the contract simply doesn't exist on the other fork. Fix: assert only the source-chain burn (which is fully verifiable in a fork test). Add a NatSpec note explaining the relay limitation.
…ployable (#104) * docs(pool): correct KI-8 — PoseidonT3 is inlined via via_ir, MARKPool is deployable via_ir=true causes the compiler to inline PoseidonT3 into MARKPool rather than deploying it as a linked library. MARKPool has no link references and is 24,298 bytes (278 bytes under EIP-170). KI-8 was based on an earlier state where MARKPool exceeded the limit. Updated KI-8 to reflect accurate current state and note the tight margin. * refactor(crypto): use >>= 1 instead of /= 2 in MerkleTree insert
* security: harden pool domain before testnet - Add pool/withdraw/Groth16 contracts to slither-core scope - Document all slither exclusion rationale in Makefile - RYLACreditLedger: add Credit/Debit events, move before external calls (CEI) - MARKWithdrawAdapter: add test for recipient zero-check (existing check, missing test) - THREAT_MODEL.md: add pool stack overview, trust boundaries, role compromise impact, and 3 new invariants (nullifier replay, withdraw binding, debit approval) * fix(ci): use per-contract slither exclusions instead of global CodeRabbit correctly noted that global exclusions could suppress actionable findings in newly added contracts. Refactored slither-core to apply only the relevant exclusions per contract. Also added arbitrary-send-erc20 to MARKSettlementModule and RYLACreditLedger (both use safeTransferFrom with prior approval — not arbitrary). * fix(ci): add set -e to slither-core, fix preflight to use python3 -m slither Without set -e, a failing early slither invocation would be masked if the final command succeeds. Also align the preflight check with the actual invocation (python3 -m slither, not command -v slither).
* ci: fix 4 workflow issues pre-testnet 1. Sync _reusable-contracts-slither.yml with Makefile - Delegate to 'make slither-core' (single source of truth) - Now covers all 8 contracts with per-contract exclusions - Previously only scanned 4 settlement contracts with global exclusions 2. Enable pool execute smoke in contracts-ci.yml - KI-8 resolved: via_ir inlines PoseidonT3, MARKPool is 24,298 bytes - Pool broadcast to Anvil now works; remove stale blocker comment 3. Fix integration test readiness check - Wait on ports 9545/9546 (actual RPC ports) not 8420 (admin port) - Use nc loop consistent with anvil readiness pattern 4. Pin foundry-rs/foundry-toolchain to v1.8.0 commit SHA - Floating @v1 could silently break on Foundry breaking changes - Pinned: c7450ba673e133f5ee30098b3b54f444d3a2ca2d (v1.8.0) * fix(ci): remove foundry version input from reusable slither workflow The version input was passed as 'v1.8.0' to the action's 'version' input which expects a Foundry binary tag (e.g. 'stable', 'nightly'), not the action version. This caused foundryup to fail extracting the tar archive. Use the action's default Foundry version instead. * fix(ci): revert pool execute smoke — Foundry rejects PoseidonT3 artifact size forge create/broadcast checks all library artifacts for EIP-170 compliance. PoseidonT3 is 55,856 bytes as a standalone artifact even though via_ir inlines it into MARKPool at compile time. The broadcast is blocked before deployment. Keep dry-run only. Update KI-8 with the precise diagnosis.
…ce (#107) PoseidonT3 is a Solidity library with a public function — it gets deployed as a separate linked contract (55,856 bytes) which exceeds EIP-170 (24,576). This blocked all pool deployments. Fix: replace the library call with an external interface (IPoseidonT3). MerkleTree now stores the Poseidon contract address in the Tree struct and calls it via DELEGATECALL-free external call. MARKPool constructor accepts a _poseidon address parameter. Default deployment address: 0xB43122Ecb241DD50062641f089876679fd06599a This is Semaphore's PoseidonT3 (PSE/Ethereum Foundation), deployed at the same address on all EVM networks via CREATE2. Verified compatible with our implementation: hash([0,0]) and hash([1,2]) produce identical outputs. MARKPool now has zero link references and is fully self-contained. MARKPool size: 24,231 bytes (345 bytes margin under EIP-170). Tests: deployCode('PoseidonT3.sol:PoseidonT3') in test setUp bypasses EIP-170 (Foundry test runner does not enforce the limit).
* chore(circuits): remove stale UTXOSettlement artifacts UTXOSettlement circuit is superseded by MARKPool.circom. Remove the stale test file and old verification key artifact. The utxo/ source and build/ artifacts are already gitignored. * ci: trigger Release Gate Container for circuits-only PRs Add circuits/** to path filter so the required check runs and passes when only circuit files change (no contracts affected). * ci: add circuits/** to push paths for consistency * ci: remove path filter from release gate pull_request trigger * ci: add circuits/** to CodeQL path filter to unblock circuits-only PRs
Bug: RYLACreditLedger.debit() — move _totalBurned update before safeTransferFrom to follow CEI pattern. Previously the state update happened after the external call, creating a reentrancy window where _totalBurned was not yet incremented during the transfer callback. Docs: KNOWN_ISSUES.md KI-8 — update stale size figures and description. MARKPool is now 24,231 bytes (345 bytes margin). PoseidonT3 is no longer inlined via via_ir; MerkleTree calls it via IPoseidonT3 interface at 0xB43122... (Semaphore, same address on all EVM networks). Tests: add testConstructorRevertsOnZeroPoseidon and testConstructorRevertsOnEOAPoseidon to MARKPool.t.sol — the _poseidon constructor parameter added in PR #107 had no test coverage.
* ci: pin action-shellcheck to commit SHA ludeeus/action-shellcheck@2.0.0 was pinned by version tag only. Tags are mutable — a compromised tag could point to malicious code. Pin to the immutable commit SHA (00cae50) for supply chain safety. * ci: trigger CodeQL for all .github/workflows/** changes
Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4 to 5. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@v4...v5) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ith 21 updates (#91) Bumps the frontend-minor-patch group with 6 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) | `4.2.4` | `4.3.0` | | [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.5.0` | `3.6.0` | | [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.2.4` | `4.3.0` | | [baseline-browser-mapping](https://github.com/web-platform-dx/baseline-browser-mapping) | `2.10.27` | `2.10.29` | | [electron-to-chromium](https://github.com/Kilian/electron-to-chromium) | `1.5.352` | `1.5.353` | | [get-east-asian-width](https://github.com/sindresorhus/get-east-asian-width) | `1.5.0` | `1.6.0` | Updates `@tailwindcss/vite` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-vite) Updates `tailwind-merge` from 3.5.0 to 3.6.0 - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](dcastil/tailwind-merge@v3.5.0...v3.6.0) Updates `tailwindcss` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/tailwindcss) Updates `@tailwindcss/node` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/packages/@tailwindcss-node) Updates `@tailwindcss/oxide-android-arm64` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/android-arm64) Updates `@tailwindcss/oxide-darwin-arm64` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/darwin-arm64) Updates `@tailwindcss/oxide-darwin-x64` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/darwin-x64) Updates `@tailwindcss/oxide-freebsd-x64` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/freebsd-x64) Updates `@tailwindcss/oxide-linux-arm-gnueabihf` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-arm-gnueabihf) Updates `@tailwindcss/oxide-linux-arm64-gnu` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-arm64-gnu) Updates `@tailwindcss/oxide-linux-arm64-musl` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-arm64-musl) Updates `@tailwindcss/oxide-linux-x64-gnu` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-x64-gnu) Updates `@tailwindcss/oxide-linux-x64-musl` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/linux-x64-musl) Updates `@tailwindcss/oxide-wasm32-wasi` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node) Updates `@tailwindcss/oxide-win32-arm64-msvc` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/win32-arm64-msvc) Updates `@tailwindcss/oxide-win32-x64-msvc` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node/npm/win32-x64-msvc) Updates `@tailwindcss/oxide` from 4.2.4 to 4.3.0 - [Release notes](https://github.com/tailwindlabs/tailwindcss/releases) - [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.3.0/crates/node) Updates `baseline-browser-mapping` from 2.10.27 to 2.10.29 - [Release notes](https://github.com/web-platform-dx/baseline-browser-mapping/releases) - [Commits](web-platform-dx/baseline-browser-mapping@v2.10.27...v2.10.29) Updates `electron-to-chromium` from 1.5.352 to 1.5.353 - [Changelog](https://github.com/Kilian/electron-to-chromium/blob/main/CHANGELOG.md) - [Commits](Kilian/electron-to-chromium@v1.5.352...v1.5.353) Updates `enhanced-resolve` from 5.21.1 to 5.21.2 - [Release notes](https://github.com/webpack/enhanced-resolve/releases) - [Changelog](https://github.com/webpack/enhanced-resolve/blob/main/CHANGELOG.md) - [Commits](webpack/enhanced-resolve@v5.21.1...v5.21.2) Updates `get-east-asian-width` from 1.5.0 to 1.6.0 - [Release notes](https://github.com/sindresorhus/get-east-asian-width/releases) - [Commits](sindresorhus/get-east-asian-width@v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: "@tailwindcss/node" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-android-arm64" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-darwin-arm64" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-darwin-x64" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-freebsd-x64" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-linux-arm-gnueabihf" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-linux-arm64-gnu" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-linux-arm64-musl" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-linux-x64-gnu" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-linux-x64-musl" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-wasm32-wasi" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-win32-arm64-msvc" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/oxide-win32-x64-msvc" dependency-version: 4.3.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: "@tailwindcss/vite" dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: baseline-browser-mapping dependency-version: 2.10.29 dependency-type: indirect update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: electron-to-chromium dependency-version: 1.5.353 dependency-type: indirect update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: enhanced-resolve dependency-version: 5.21.2 dependency-type: indirect update-type: version-update:semver-patch dependency-group: frontend-minor-patch - dependency-name: get-east-asian-width dependency-version: 1.6.0 dependency-type: indirect update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: tailwind-merge dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch - dependency-name: tailwindcss dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: frontend-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Iko <6572003+iap@users.noreply.github.com>
* chore: update LICENSE copyright to Trade 2026 The project was scaffolded from an Optimism template but is original work. Update copyright holder from Optimism to Trade and year to 2026. * ci: remove path filter from CodeQL pull_request trigger CodeQL is a required check for all PRs. With a path filter, PRs that only touch files outside the filter (e.g. LICENSE, README) are blocked indefinitely waiting for CodeQL results that never come. Remove the pull_request path filter so CodeQL always runs on PRs. Keep the push path filter to avoid unnecessary runs on branch pushes.
deploy:supersim and deploy:counter-incrementer:supersim are template artifacts from the original Optimism scaffold. They no longer exist. Remove the stale deploy-contracts proc.
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
Author
|
Closing — canary has diverged from dev due to previous squash merges. Will merge directly. |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: fd428ffb1a
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| uint256 expectedDirection = isMint ? DIRECTION_TRUE : DIRECTION_FALSE; | ||
| if (signals[7] != expectedDirection) return false; | ||
| } else { | ||
| if (signals[7] != 0) return false; |
There was a problem hiding this comment.
In the default path (directionEnforcementEnabled == false) this forces signals[7] to be zero, but this verifier is documented to consume MARKPoolVerifier proofs, and the MARKPool circuit constrains every public nullifier to be non-zero (circuits/mark/MARKPool.circom lines 72-77). As a result any settlement with Groth16 proof validation enabled rejects all valid proofs; burn flows are also impossible when direction enforcement is enabled because the false direction is still zero.
Useful? React with 👍 / 👎.
| vm.startBroadcast(cfg.deployerKey); | ||
|
|
||
| // 1. AccessManager — admin is owner | ||
| d.accessManager = new AccessManager(cfg.owner); |
There was a problem hiding this comment.
When MARK_POOL_OWNER differs from PRIVATE_KEY (the documented hardware-owner setup), this constructs the AccessManager with cfg.owner as the sole admin while all subsequent grantRole/setTargetFunctionRole calls are sent under cfg.deployer due to startBroadcast(cfg.deployerKey). OpenZeppelin AccessManager only grants the admin role to the initialAdmin passed to the constructor, so the first grantRole reverts and the pool stack cannot be released with separated deployer/owner keys.
Useful? React with 👍 / 👎.
Comment on lines
+133
to
+134
| if (signals[8] != 0) return false; | ||
| if (signals[9] != 0) return false; |
There was a problem hiding this comment.
This verifier is documented to wrap MARKPoolVerifier proofs, but the MARKPool circuit publishes outCommitment[0] and [1] as Poseidon note commitments and the pool-side validation rejects zero commitments. Requiring both public signals to be zero makes every real MARKPool proof fail settlement verification even if the nullifier/direction mapping is fixed.
Useful? React with 👍 / 👎.
| if (signals[11] != uint256(uint160(account))) return false; | ||
| if (signals[12] != amount) return false; | ||
|
|
||
| return v.verifyProof(a, b, c, signals); |
There was a problem hiding this comment.
The proof ABI for this wrapper says b is supplied in snarkjs coordinate order, and MARKPool._verifyProof converts that order with ProofUtils.convertProof before calling the same generated verifier interface. Here the decoded b is forwarded directly, so real snarkjs proofs that pass through the pool path fail settlement verification unless callers pre-swap coordinates contrary to the documented encoding.
Useful? React with 👍 / 👎.
| if (signals[3] != 0) return false; | ||
| if (signals[4] != 0) return false; | ||
| if (signals[5] != 0) return false; | ||
| if (signals[6] != uint256(intentId)) return false; |
There was a problem hiding this comment.
Together with the root check above, this requires a MARKPool proof to have merkleRoot == nullifier[0] == intentId, but the circuit computes the root from the Merkle path and the nullifier from the note secret/commitment/chain id, so real pool proofs have unrelated values there. Any Groth16-backed settlement using normal pool witnesses will be rejected unless the operator can somehow manufacture a tree root equal to the spent nullifier.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Promotes
devtocanaryfor OP Sepolia staging rehearsal. Last staging run was 2026-05-11 (95 commits behind currentdev).What's included since last staging
Verification
make ci-fullexits 0make smoke-production-modepasses (settlement stack deploys to Anvil, production mode locks)Staging scope
The staging rehearsal deploys the settlement stack only (RYLA, MARKSettlementModule, MARKBridgeAdapter, AttestedSettlementVerifier). Pool deployment is a separate step after settlement is confirmed live.