Bump js-yaml from 4.1.0 to 4.1.1#2
Closed
dependabot[bot] wants to merge 56 commits into
Closed
Conversation
## Summary Most of the diff here is from adding `yarn.lock` for `solhint` and this is otherwise mostly copied from evm-cctp-contracts. This mainly adds - base forge project structure (w/ default `Counter` contract/script/test) - basic makefile - basic CI job - `solhint` linter support and `mythril` static analyzer support - OpenZeppelin and forge-std starter dependencies - `.licenseignore` for dependencies with multiple licenses (safe, but not processed correctly by the scan action) # **Story:** https://circlepay.atlassian.net/browse/CCTPE-1991
Adds the interface as specified in the [contract requirements](https://circlepay.atlassian.net/wiki/x/MABIig).
This PR updates the project Solidity version from 0.8.20 to 0.7.6 to match CCTP. This will allow for reuse of library functions and interfaces.
This PR adds the IHypercoreCctpUsdcForwarder and implementation Stubs that immediately revert
Updates OpenZeppelin to the `8e029609` commit corresponding with the version used in evm-cctp-contracts-private. Also updates vscode settings to be the same as https://github.com/circlefin/evm-cctp-contracts-private/blob/master/.vscode/settings.json (except olympix configuration, which isn't enabled currently).
## Summary Implements CoreDepositWallet `deposit`, `depositFor`, and `transfer` functions. This is a partial implementation of these features, as this is still pending 1) initializer configuration 2) tests 3) additional comments on the interface contract, but will merge for now to unblock admin role setup. # **Story:** https://circlepay.atlassian.net/browse/CCTPE-1999
## Overview
This PR implements the Hypercore CCTP Forwarder. It roughly goes through
the following steps:
1. Validate message is a valid CCTP mint.
2. Fetches the mint `localToken` by querying CCTP contracts (as decoded
from the message) with the decoded sourceDomain and burnToken.
3. Retrieves the `forwardingAddress` from local mapping. (This mapping
is permissioned via `owner`.)
4. Mints the token by calling receiveMessage on CCTP. Manually keeps
track of self token balance change by calling
`localToken.balanceOf(self)`.
5. Approves the forwardingAddress by the amount previously calculated.
6. Calls `forwardingAddress.depositFor(...)`.
## Interface
```solidity
function mintAndForward(
bytes calldata message,
bytes calldata attestation
) external;
function addTokenForwardingAddress(
address token,
address forwardingAddress
) external;
function removeTokenForwardingAddress(address token) external;
```
## TODO
- Inherit `Ownable` and apply to admin functions. Tesets.
- Inherit `Rescuable`. Tests.
- Implement deployment script(s) and tests.
- Integration test with CCTP?
This PR adds Pausable, Rescuable, and Ownable2Step roles and role tests to the `CoreDepositWallet` contract. It also adds constructor, initializer, and proxy tests.
Quick follow to my previous PR that updates a revert comment in depositFor
**Description:** Add the ICctpExtension contract interface. **Testing:** N/A
… functionality (#14) ## Summary Adds the required token blacklist check for `depositFor` and adds tests to `CoreDepositWallet.t.sol` to cover deposit/transfer functionality. ## Details * Adds `IBlacklistableERC20` interface for the `token` type in `CoreDepositWallet` - this is necessary to reconcile differences in Solidity versions between these contracts and the `Blacklistable` interface defined in `evm-stablecoin`. * Adds function natspec to `ICoreDepositWallet`. * Adds `MockBlacklistableMintBurnToken` derived from the CCTP contracts' `MockMintBurnToken` to test blacklist checks. ## Testing Adds the following tests for `CoreDepositWallet` to reach 100% coverage: * `deposit` * `testDeposit_succeeds` * `testDeposit_revertsWhenTransferFails` * `depositFor` * `testDepositFor_succeeds` * `testDepositFor_revertsWhenTransferFails` * `testDepositFor_revertsWhenRecipientIsZeroAddress` * `testDepositFor_revertsWhenRecipientIsSystemAddress` * `testDepositFor_revertsWhenRecipientIsCoreDepositWallet` * `testDepositFor_revertsWhenRecipientBlocklisted` * `transfer` * `testTransfer_succeeds` * `testTransfer_revertsWhenSenderIsNotSystemAddress` * `testTransfer_revertsWhenToIsSystemAddress` * `testTransfer_revertsWhenTransferFails` * `testTransfer_revertsWhenPaused` These tests already existed: `testDeposit_revertsWhenPaused`, `testDeposit_revertsWithZeroAmount`, `testDepositFor_revertsWhenPaused`, `testDepositFor_revertsWithZeroAmount`, and `testTransfer_revertsWhenPaused`. # **Story:** <https://circlepay.atlassian.net/browse/CCTPE-1999>
## Overview This PR implements the deployment scripts for the smart contracts. - Added separate scripts for implementations and proxies. - Implemented the logic for deploying the `CctpForwarder` and `CoreDepositWallet` contracts. ## Tests - Added tests for CctpForwarder around initialization. - Injected the deployment scripts directly into the test setups. - Added tests for the scripts to verify inputs vs deployed state.
**Description:** * Add `CctpExtension` contract * Implement the `CctpExtension` constructor * Test the `CctpExtension` contract constructor * Add the mock contracts needed by the `CctpExtension` contract * Minor test fixes **Todo** - [ ] Implement and test the `batchDepositForBurnWithAuth` function - [ ] Add/Update the deployment script - [ ] Add documentation
This PR adds the `Ownable2Step` and `Rescuer` roles to `CctpForwarder`. Additionally, it enforces `onlyOwner` on `addTokenForwardingAddress` and `removeTokenForwardingAddress`. Additionally, I added proxy and constructor tests to get us up to 100% coverage
## Summary Adds support for the `depositWithAuth` function in `CoreDepositWallet`. Also renames `IBlacklistableERC20` to `IDepositableToken` to be a bit more general with the added requirements (blacklistable, ERC20, EIP3009 support). ## Testing Added `testDepositWithAuth_succeeds`, `testDepositWithAuth_revertsWhenPaused`, `testDepositWithAuth_revertsWithZeroAmount` and `testDepositWithAuth_revertsWhenReceiveFails` test cases. Updated coverage below: ``` Ran 5 test suites in 3.10s (7.10s CPU time): 95 tests passed, 0 failed, 0 skipped (95 total tests) ╭----------------------------------------+------------------+-------------------+-----------------+----------------╮ | File | % Lines | % Statements | % Branches | % Funcs | +==================================================================================================================+ | scripts/DeployImplementations.s.sol | 100.00% (14/14) | 100.00% (11/11) | 100.00% (0/0) | 100.00% (3/3) | |----------------------------------------+------------------+-------------------+-----------------+----------------| | scripts/DeployProxies.s.sol | 100.00% (26/26) | 100.00% (24/24) | 100.00% (0/0) | 100.00% (4/4) | |----------------------------------------+------------------+-------------------+-----------------+----------------| | src/CctpExtension.sol | 90.91% (10/11) | 100.00% (9/9) | 100.00% (8/8) | 50.00% (1/2) | |----------------------------------------+------------------+-------------------+-----------------+----------------| | src/CctpForwarder.sol | 100.00% (60/60) | 100.00% (60/60) | 100.00% (28/28) | 100.00% (9/9) | |----------------------------------------+------------------+-------------------+-----------------+----------------| | src/CoreDepositWallet.sol | 100.00% (35/35) | 100.00% (27/27) | 100.00% (28/28) | 100.00% (8/8) | |----------------------------------------+------------------+-------------------+-----------------+----------------| | src/messages/CctpForwarderHookData.sol | 100.00% (5/5) | 100.00% (5/5) | 100.00% (4/4) | 100.00% (1/1) | |----------------------------------------+------------------+-------------------+-----------------+----------------| | src/roles/Rescuable.sol | 100.00% (14/14) | 100.00% (8/8) | 100.00% (4/4) | 100.00% (6/6) | |----------------------------------------+------------------+-------------------+-----------------+----------------| | Total | 99.39% (164/165) | 100.00% (144/144) | 100.00% (72/72) | 96.97% (32/33) | ╰----------------------------------------+------------------+-------------------+-----------------+----------------╯ ✨ Done in 7.95s. ``` # **Story:** <https://circlepay.atlassian.net/browse/CCTPE-2105>
This PR adds an `emitsEvents` test to the `Forwarder` and checks to ensure `Initialized` is emitted
**Description:** * Implement the `batchDepositForBurn` function. **NOTE:** There seems to be a test coverage issue where forge thinking that there is only 50% of coverage on the branching but I have clearly tested all branches in the tests and I don't think my tests are failing either! I will look into this further!! Metric | Coverage | Status -- | -- | -- Lines | 100% (9/9) | ✅ Excellent Statements | 100% (10/10) | ✅ Excellent Branches | 50% (1/2) |⚠️ Needs Improvement Functions | 100% (1/1) | ✅ Excellent <br class="Apple-interchange-newline"> **Todo:** - [ ] Add tests for the contract roles - [ ] Add/Update the deployment script - [ ] Add documentation
**Description:** * Add the `CctpExtension` roles tests
## Summary Updates the `depositFor(address sender, address recipient, uint256 amount)` interface to `depositFor(address recipient, uint256 amount)` per Slack discussion to draw funds from `msg.sender` instead. ## Testing Updated relevant test cases, maintained full coverage: ``` Ran 5 test suites in 7.21s (20.18s CPU time): 115 tests passed, 0 failed, 0 skipped (115 total tests) ╭----------------------------------------+-------------------+-------------------+-----------------+-----------------╮ | File | % Lines | % Statements | % Branches | % Funcs | +====================================================================================================================+ | scripts/DeployImplementations.s.sol | 100.00% (14/14) | 100.00% (11/11) | 100.00% (0/0) | 100.00% (3/3) | |----------------------------------------+-------------------+-------------------+-----------------+-----------------| | scripts/DeployProxies.s.sol | 100.00% (26/26) | 100.00% (24/24) | 100.00% (0/0) | 100.00% (4/4) | |----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/CctpExtension.sol | 100.00% (23/23) | 100.00% (23/23) | 100.00% (10/10) | 100.00% (2/2) | |----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/CctpForwarder.sol | 100.00% (60/60) | 100.00% (60/60) | 100.00% (28/28) | 100.00% (9/9) | |----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/CoreDepositWallet.sol | 100.00% (35/35) | 100.00% (27/27) | 100.00% (28/28) | 100.00% (8/8) | |----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/messages/CctpForwarderHookData.sol | 100.00% (5/5) | 100.00% (5/5) | 100.00% (4/4) | 100.00% (1/1) | |----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/roles/Rescuable.sol | 100.00% (14/14) | 100.00% (8/8) | 100.00% (4/4) | 100.00% (6/6) | |----------------------------------------+-------------------+-------------------+-----------------+-----------------| | Total | 100.00% (177/177) | 100.00% (158/158) | 100.00% (74/74) | 100.00% (33/33) | ╰----------------------------------------+-------------------+-------------------+-----------------+-----------------╯ ✨ Done in 12.56s. ```
…nsion contract (#21) # Overview - Changed the deploy scripts to use CREATE2 for all implementations and proxies. Proxies are deployed with the same method as CCTP V2 such that their addresses are independent of the implementation. - Reorganized deploy scripts by contract. - Added script and tests for `CctpExtension` contract. - Updated readme and related instructions. - Added prediction script for CREATE2 addresses.
…sted runners (#22) This PR migrates GitHub Actions workflows from GitHub-hosted runners to self-hosted runners as part of infrastructure modernization. The change switches from using GitHub's standard ubuntu-latest runner to a custom large-dind-spot self-hosted runner. - Updates CI workflow to use self-hosted runner infrastructure - Replaces ubuntu-latest with large-dind-spot runner
Adding Olympix scanner workflow. --------- Co-authored-by: Khalid Aliweh <kaliweh@circle.com>
## Summary We switched over the ci workflows to use self hosted runners in this PR: circlefin/hyperevm-circle-contracts-private#22 But the runner type we chose is maxing out on cpu causing long build and test times. Let's revert to self hosted runners for now. Full context: https://circlefin.slack.com/archives/CQA25PXR8/p1756133045775629 Ref: https://app.datadoghq.com/containers?query=large-dind-spot-dtpfv-runner-dkpqp&selectedTopGraph=timeseries&from_ts=1756129610144&to_ts=1756133210144&live=false <img width="2375" height="972" alt="image" src="https://github.com/user-attachments/assets/7415c071-9582-427f-81cb-103eccf46aba" />
This is a quick PR to update the commands and add a reminder in the readme.
Remove unnecessary parameter from internal `_deposit` function
**Description:** Change the `CctpExtension` batching behavior to only allow for equal sized batches. Positive side effect: The test coverage now is not confused after we switched to a `for` loops vs the `while` loop.(shows %100 coverage on the branches)
## Overview This PR updates `tokenMessenger` to be immutable. ## Changes - Set `tokenMessenger` in **CctpForwarder** constructor. - Verify `message.recipient == tokenMessenger` before calling receiveMessage(). - Update README and scripts. ## Test Coverage ``` ╭-----------------------------------------+-------------------+-------------------+-----------------+-----------------╮ | File | % Lines | % Statements | % Branches | % Funcs | +=====================================================================================================================+ | scripts/DeployCctpExtension.s.sol | 100.00% (20/20) | 100.00% (19/19) | 50.00% (4/8) | 100.00% (3/3) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | scripts/DeployCctpForwarder.s.sol | 100.00% (29/29) | 100.00% (30/30) | 100.00% (0/0) | 100.00% (4/4) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | scripts/DeployCoreDepositWallet.s.sol | 100.00% (26/26) | 100.00% (27/27) | 100.00% (0/0) | 100.00% (4/4) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | scripts/PredictCreate2Deployments.s.sol | 100.00% (15/15) | 100.00% (10/10) | 100.00% (0/0) | 100.00% (5/5) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/CctpExtension.sol | 100.00% (23/23) | 100.00% (23/23) | 100.00% (10/10) | 100.00% (2/2) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/CctpForwarder.sol | 100.00% (62/62) | 100.00% (62/62) | 100.00% (32/32) | 100.00% (9/9) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/CoreDepositWallet.sol | 100.00% (35/35) | 100.00% (27/27) | 100.00% (28/28) | 100.00% (8/8) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/messages/CctpForwarderHookData.sol | 100.00% (5/5) | 100.00% (5/5) | 100.00% (4/4) | 100.00% (1/1) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | src/roles/Rescuable.sol | 100.00% (14/14) | 100.00% (8/8) | 100.00% (4/4) | 100.00% (6/6) | |-----------------------------------------+-------------------+-------------------+-----------------+-----------------| | Total | 100.00% (229/229) | 100.00% (211/211) | 95.35% (82/86) | 100.00% (42/42) | ╰-----------------------------------------+-------------------+-------------------+-----------------+-----------------╯ ``` --------- Co-authored-by: Maxime Berenshteyn <maxime.berenshteyn@circle.com>
Small PR to update the fuzz limits to use `bound` instead of `vm.assume`.
### Summary - Implement a configurable new Core account fee deducted when depositing to a non-existent HyperCore account. - Expose a unified view of Core protocol constants, including CoreWriter encoding and `CoreUserExists` precompile address. - Emit a new `SendAsset` event for transparency after CoreWriter action. - Refactor constants and naming for clarity; update tests with fuzzing and helpers. - Maintain proxy upgrade safety and storage compatibility for both testnet and mainnet deployments. ### Motivation - Deduct a small fee (default 1 USDC) for first-time Core recipients to cover creation overhead that will be taken from the `CoreDepositWallet` spot balance. - Improve observability around the amount sent to the end user on HyperCore. ### Deployment instructions #### Testnet - Deploy the new implementation contract and update the proxy to point to the new implementation - Call the `updateNewCoreAccountFee` from the `owner` wallet to set the fee to 1 USDC #### Mainnet - Deploy the contract and proxy (normal process) - The `newCoreAccountFee` will be set to the `DEFAULT_NEW_CORE_ACCOUNT_FEE` (1 USDC) when the `initialize` is called by the proxy.
Since `coreAmount > _newCoreAccountFee` we don't have to worry about underflow
…ctp (#40) Adds support for specifying a dex value, e.g. 0 for Perps, or uint32.max for Spot, either via hyperEVM or CctpForwarder. Implementation details: CoreDepositWallet: - updates deposit, depositFor, depositWithAuth to have a uint32 destinationDex param - adds admin functions for enabling and disabling specific destination dexes, as well as enabling/disabling all dexes. If a user's specified dex (or all dexes) is disabled, the deposit will fall back to spot, landing in the user's balance on Hypercore. CctpForwarder: - adds 4-byte destinationId to end of hook format (and forwards it to specified forwarding address) 100% Test Coverage: ``` | src/CctpExtension.sol | 100.00% (26/26) | 100.00% (29/29) | 100.00% (16/16) | 100.00% (2/2) | |---------------------------------------------+------------------+-------------------+------------------+-----------------| | src/CctpForwarder.sol | 100.00% (62/62) | 100.00% (62/62) | 100.00% (32/32) | 100.00% (9/9) | |---------------------------------------------+------------------+-------------------+------------------+-----------------| | src/CoreDepositWallet.sol | 100.00% (86/86) | 100.00% (75/75) | 100.00% (46/46) | 100.00% (18/18) | |---------------------------------------------+------------------+-------------------+------------------+-----------------| | src/messages/CctpForwarderHookData.sol | 100.00% (6/6) | 100.00% (6/6) | 100.00% (4/4) | 100.00% (1/1) | ```
Enforce a max transfer amount of `type(uint64.max) / 100` on the transfer to spot route, not just transfers to perp dexes. Why: - The maximum supply on Hypercore is the uint64 max, according to https://docs.layerzero.network/v2/developers/hyperliquid/hyperliquid-concepts#8-the-asset-bridge-linking-evm-spot-erc20-and-core-spot-hip-1. Since Hypercore uses 8 decimals, this means the max from HyperEVM is uint64.max / 100. Even if Hypercore supports higher values, capping deposits at $184 billion has no functional downside Gas implications: - insignificant because HyperEVM, but this should slightly reduces gas cost on the main path (deposits to perps), slightly increases gas cost on deposits on spot, and slightly reduce contract bytecode size.
…et (#41) ## Summary Implements contract changes for cross-chain Hyperliquid withdrawals via `CoreDepositWallet` `coreReceiveWithData` function. ## Testing Adds tests for `coreReceiveWithData` and max fee control functions, maintains 100% test coverage on updated code (updated with latest commit 10/27) ``` ╭---------------------------------------------+-------------------+-------------------+------------------+-----------------╮ | File | % Lines | % Statements | % Branches | % Funcs | +==========================================================================================================================+ | scripts/DeployCoreDepositWallet.s.sol | 100.00% (27/27) | 100.00% (28/28) | 100.00% (0/0) | 100.00% (4/4) | |---------------------------------------------+-------------------+-------------------+------------------+-----------------| | scripts/PredictCreate2Deployments.s.sol | 100.00% (15/15) | 100.00% (10/10) | 100.00% (0/0) | 100.00% (5/5) | |---------------------------------------------+-------------------+-------------------+------------------+-----------------| | src/CoreDepositWallet.sol | 100.00% (131/131) | 100.00% (115/115) | 100.00% (65/65) | 100.00% (26/26) | |---------------------------------------------+-------------------+-------------------+------------------+-----------------| ``` ---- **Story:** <https://circlepay.atlassian.net/browse/CCTPE-2279>
Changes: - Formatting changes - Add destinationDex to the sendAsset event - Fix comments
Updates the hook parsing logic, so if the destinationId is omitted/malformed (less than 4 bytes), it will be set to 0. This ensures that the funds will be forwarded to the main perps dex rather than stuck, if, e.g., user formats a hook with only 2 zero-bytes instead of 4. Coverage: | src/CctpForwarder.sol | 100.00% (62/62) | 100.00% (62/62) | 100.00% (32/32) | 100.00% (9/9) |
### 📝 Purpose Address audit comments ### 🔧 What Changed 1. **Constant & Struct Renaming (NON-functional)** * `CORE_WRITER_TOKEN_INDEX` → `CORE_TOKEN_INDEX` * `CORE_WRITER_SOURCE_SPOT_DEX` → `CORE_SPOT_DEX_ID` * `CORE_WRITER_DESTINATION_PERP_DEX` → `CORE_PERPS_DEX_ID` * `<NAME>_ADDRESS` → `<NAME>_PRECOMPILE_ADDRESS` for pre-compile addresses. * `MAX_TRANSFER_VALUE_FROM_EVM` now derived from `type(uint64).max / CORE_SCALING_FACTOR` (safer, self-documenting). 2. **ABI / Interface tweaks (BREAKING)** * `CoreProtocolConstants` field names updated to match the new constant names. * `CctpForwardFeeUpdated` now indexes `destinationDomain`. * Event/struct docstrings retouched to use “core asset units”. 3. **Logic refactor (behaviour unchanged)** * `_depositAndForwardIfDexEnabled` reorganised for readability; keeps same branching but emits events in clearer order. * Bounds-check comment and require wording polished. 4. **Tests updated** * Mirror renamed constants & addresses. * Indexing change reflected in `expectEmit`. * Fixed a flaky test (`testEnableDexForwarding_onlyOwner`) signature. ### 🔎 Reviewer Checklist * Constants: verify renamed values are **identical** to previous (esp. Perps = 0, Spot = `uint32.max`). * MAX_TRANSFER_VALUE_FROM_EVM: confirm new calculation still equals previous hard-coded value (`184467440737095516`). * Tests: verify coverage still passes; no silent logic regression.
## Purpose – Only charge the *forwarding* fee when the burn hook is the default “relay” hook (empty data or data that starts with the `cctp-forward` magic prefix). – Keep charging the *max* fee in all cases. ## What changed ### CoreDepositWallet.sol * Replaced the internal `_calculateCrossChainWithdrawFee` with a **public** `calculateCrossChainWithdrawFee(bytes data, uint32 destDomain)` that * Detects “forwarding required” when `data.length == 0` **or** `data` starts with `CCTP_FORWARD_HOOK_MAGIC_BYTES`. * If forwarding is required: `maxFee = cctpMaxFee + (overrideForwardFee | defaultForwardFee)` * Else: `maxFee = cctpMaxFee` * Added private helper `_startsWith(bytes calldata, bytes memory)` for the prefix check. * `coreReceiveWithData` now calls the new function and simplifies local logic. * Minor doc & comment tweaks; no-op change to scaling-factor comment. ### Tests * Updated existing tests and added a comprehensive suite covering all fee-calculation branches (empty data, magic prefix, non-magic data, override fees). * Small signature/param clean-ups where the helper is now public. ## Review Checklist 1. Fee logic • Verify `calculateCrossChainWithdrawFee` truth-table matches business rules. • Confirm `_startsWith` cannot underflow/overflow on short data arrays. 2. Security • Ensure making the function `public` does not leak sensitive information (it’s pure view). • Confirm comments about `destinationCaller = bytes32(0)` are still accurate. 3. Tests • Make sure new tests cover edge cases (empty data, prefix variants, override update/unset paths).
### What & Why
* Adds HyperCore transaction nonce support to cross-chain withdrawals
(Jira CCTPE-2405).
• Nonce is now embedded in the CCTP hook payload and surfaced in the
`CrossChainWithdraw` event.
• Keeping the nonce on-chain lets indexers easily tie between Hypercore
and CCTP transactions.
* Replaces ad-hoc hook construction with new library
`CrossChainWithdrawalHookData`.
• Library builds & parses the full wire-format (magic-bytes, version,
len, `from`, `nonce`, user data).
• Also provides cheap helpers to decide whether forwarding is required.
* Streamlines fee calculation.
• Old `calculateCrossChainWithdrawFee(bytes, …)` → new
`calculateCrossChainWithdrawalFee(bool, …)` which takes the forwarding
flag directly.
• Forwarding flag comes from `_isEmptyOrHasForwardingMagicBytes`.
### How it’s implemented
1. **Contract changes**
* Removed the inline hook constants; all hook logic is delegated to
`CrossChainWithdrawalHookData`.
* `coreReceiveWithData` signature:
`coreReceiveWithData(address from, bytes32 dest, uint32 domain, uint256
amount, uint64 nonce, bytes data)`
‑ adds `nonce`, parameter `data` renamed `_data`.
* Builds hook with `CrossChainWithdrawalHookData._build` and determines
forwarding with library helper.
* New `calculateCrossChainWithdrawalFee(bool shouldForward, …)` replaces
the old function.
* `CrossChainWithdraw` event extended with `uint64 indexed nonce`.
* Removed now-unused private helpers (`_shouldCrossChainForward`,
`calculateCrossChainWithdrawFee`).
2. **Interfaces / mocks / tests**
* `ICoreDepositWallet` updated with new function signature & docs.
* All mocks/tests adjusted; tests add helper to reconstruct expected
hook bytes.
* Test suite extended to cover new fee path and hook encoding.
### Risks / Points to review
* Correctness of the new hook encoding (`_build`) – offsets, endianess,
and length fields.
Verify against HyperCore & CCTP specs.
* Fee path: ensure `shouldForward` is derived exactly the same as the
old logic (empty data or magic prefix).
Edge-cases: data length <24, exactly 24 non-magic, long non-magic.
* Gas impact of additional calldata (nonce, larger hook); acceptable?
* Proper casting of `nonce` to `uint64`—overflow impossible? (HyperCore
nonce is `uint64`).
* Event/topic ordering stayed consistent after adding an extra indexed
param.
### Reviewer checklist
- [ ] Confirm library encoding matches documented format.
- [ ] Review test coverage for new paths (forwarding on/off, override
fees, short data).
- [ ] Ensure no leftover references to removed helpers or constants.
================================================================================
### What changed 1. coreReceiveWithData now **accepts hook payloads up to _and including_ 1 KB (1024 bytes)** * `require(data.length < MAX_HOOK_DATA_SIZE)` ➜ `<=` * NatSpec in interface + implementation updated accordingly. * New positive test written to verify 1024-byte payload is processed successfully. 2. _shouldForward early-return reorder * Empty-payload fast-path moved before `_validateHookData` to skip unnecessary validation and gas, while preserving behaviour. 3. Minor documentation/clarity fixes * Comment typo: `CORE_USER_EXISTS_PRECOMPILE_ADDRESS` reference. * Tests renamed/updated to reflect new inclusive limit.
Add license as pre-requisite of open sourcing repo
### What & Why
This PR expands the unit-test suite for `CrossChainWithdrawalHookData` :
1. Structural limits (max `address`, max `uint64`, large `bytes`)
2. Accuracy of the encoded *length* field under arbitrary fuzzed payload
sizes
3. Readability improvements by replacing hard-coded numbers with named
constants.
### How
test/CrossChainWithdrawalHookData.t.sol
• Added byte-length constants (`ADDRESS_LENGTH`, `UINT64_LENGTH`,
`BYTES24_LENGTH`, `UINT32_LENGTH`) to avoid “magic” numbers.
• New test `testBuild_structuralValidation_largeValues`
– Builds a hook with the largest possible field values and compares the
raw bytes to an `abi.encodePacked` reference.
• New fuzz test `testBuild_lengthFieldAccuracy_fuzzed(uint256 len)`
– Bounds `len` to a safe range, assembles a hook, then
1. Reads the encoded length field via `assembly`
2. Verifies it equals `20 + 8 + userData.length`
3. Verifies total byte size is header + payload.
No production contracts were touched; only the test file changed.
Update README title to hyperevm-circle-contracts
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Add a build_success_rollup CI job.
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.OpenSSF Scorecard
Scanned Files
|
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps js-yaml from 4.1.0 to 4.1.1.
Changelog
Sourced from js-yaml's changelog.
Commits
cc482e74.1.1 released50968b8dist rebuildd092d86lint fix383665ffix prototype pollution in merge (<<)0d3ca7aREADME.md: HTTP => HTTPS (#678)49baadddoc: 'empty' style option for !!nullba3460eFix demo link (#618)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.