Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: review fixes #383

Merged
merged 6 commits into from
Oct 14, 2024
Merged

fix: review fixes #383

merged 6 commits into from
Oct 14, 2024

Conversation

skosito
Copy link
Contributor

@skosito skosito commented Oct 10, 2024
edited by coderabbitai bot
Loading

fixes from review in PRs:
#363 (review)
#361 (review)
#376 (review)

this should be backported to node/v20 branch

Summary by CodeRabbit

  • New Features

    • Enhanced event emissions for TSS address updates across multiple contracts, improving traceability.
    • New error handling for message size validation in various functions.

  • Bug Fixes

    • Deprecated the deposit function in the ERC20Custody contract to prevent further use.

  • Documentation

    • Updated test contracts to reflect changes in event emissions and added tests for message size validation.

  • Refactor

    • Improved encapsulation by changing function visibility to private in several contracts.

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 10, 2024
edited
Loading

📝 Walkthrough

Walkthrough

The pull request introduces significant modifications across multiple contracts, focusing on the updateTSSAddress function and enhancing event emissions to include both old and new TSS addresses. The deposit function in the ERC20Custody contract is marked as deprecated. Additionally, several internal functions in various contracts are made private to improve encapsulation, and new tests are added to validate message size and zero address handling.

Changes

File(s) Change Summary
v2/contracts/evm/ERC20Custody.sol, v2/contracts/evm/interfaces/IERC20Custody.sol, v2/test/ERC20Custody.t.sol Updated updateTSSAddress to emit UpdatedCustodyTSSAddress with old and new addresses; deprecated deposit function.
v2/contracts/evm/GatewayEVM.sol, v2/contracts/evm/interfaces/IGatewayEVM.sol, v2/test/GatewayEVM.t.sol Modified updateTSSAddress to emit UpdatedGatewayTSSAddress; updated several functions and added payload size checks.
v2/contracts/evm/ZetaConnectorBase.sol, v2/contracts/evm/ZetaConnectorNonNative.sol, v2/contracts/evm/interfaces/IZetaConnector.sol, v2/test/ZetaConnectorNative.t.sol Updated updateTSSAddress to emit UpdatedZetaConnectorTSSAddress; restricted _mintTo visibility; added error type.
v2/contracts/zevm/GatewayZEVM.sol, v2/test/GatewayZEVM.t.sol Changed visibility of multiple functions to private; refined error handling for message size checks; added new tests.

Possibly related PRs

  • fix: missing tss update in erc20custody, zetaConnector and gatewayEVM #363: The changes in this PR include the addition of the updateTSSAddress function in the ERC20Custody contract, which is directly related to the modifications made in the main PR regarding the updateTSSAddress function and event emissions.
  • fix: cleanup tss updater changes #368: This PR focuses on the cleanup of TSS updater changes in the GatewayEVM, which aligns with the main PR's updates to the updateTSSAddress function and its associated event emissions.
  • fix: add pauser role to tss #386: The addition of the PAUSER_ROLE to the TSS address in the ERC20Custody and GatewayEVM contracts relates to the role management changes discussed in the main PR.

Suggested reviewers

  • fadeev
  • CharlieMc0
  • andresaiello
  • brewmaster012
  • lumtis
  • fbac

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@codecov-commenter
Copy link

codecov-commenter commented Oct 10, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 92.00000% with 2 lines in your changes missing coverage. Please review.

Project coverage is 84.95%. Comparing base (93c01e5) to head (1a17447).

Files with missing lines Patch % Lines
v2/contracts/evm/GatewayEVM.sol 84.61% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #383      +/-   ##
==========================================
+ Coverage   84.80%   84.95%   +0.14%     
==========================================
  Files           8        8              
  Lines         408      412       +4     
  Branches      134      138       +4     
==========================================
+ Hits          346      350       +4     
  Misses         62       62

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

coderabbitai[bot]
coderabbitai bot reviewed Oct 10, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (10)
v2/contracts/evm/interfaces/IZetaConnector.sol (1)

28-29: Minor correction needed in the event comment.

The comment for the oldTSSAddress parameter incorrectly describes it as the "new tss address". This should be updated to accurately reflect that it's the old TSS address.

Here's the suggested correction:

-    /// @param oldTSSAddress new tss address
+    /// @param oldTSSAddress old tss address
     /// @param newTSSAddress new tss address
v2/contracts/evm/interfaces/IERC20Custody.sol (1)

45-47: Approved: Enhanced event signature and improved documentation

The changes to the UpdatedCustodyTSSAddress event are well-implemented and improve the contract's transparency. Including both the old and new TSS addresses in the event allows for better tracking of historical changes.

Consider updating the parameter descriptions for clarity:

/// @param oldTSSAddress The previous TSS address
/// @param newTSSAddress The updated TSS address
v2/contracts/evm/ERC20Custody.sol (3)

72-74: LGTM! Consider adding a NatSpec comment for the event.

The changes to the updateTSSAddress function improve transparency by emitting an event before updating the state. The function signature update also enhances security by restricting access to admin roles.

Consider adding a NatSpec comment for the UpdatedCustodyTSSAddress event at the contract level for better documentation. For example:

/// @notice Emitted when the TSS address is updated
/// @param oldTSSAddress The previous TSS address
/// @param newTSSAddress The new TSS address
event UpdatedCustodyTSSAddress(address oldTSSAddress, address newTSSAddress);

Line range hint 185-185: Consider a more robust approach for handling the deprecated deposit function.

While marking the function as deprecated is a good first step, it may not be sufficient to prevent its usage. Consider the following suggestions:

  1. Add a deprecation notice in the function body that emits an event or logs a warning when the function is called.
  2. Implement a time-based approach where the function becomes non-functional after a certain date.
  3. If possible, remove the function entirely and update any dependent contracts or interfaces.

Here's an example of how you could implement suggestion 1:

event DeprecatedFunctionCalled(string functionName);

function deposit(
    bytes calldata recipient,
    IERC20 asset,
    uint256 amount,
    bytes calldata message
)
    external
    nonReentrant
    whenNotPaused
{
    emit DeprecatedFunctionCalled("deposit");
    // ... rest of the function
}

This approach provides clearer signals to users and allows for easier tracking of deprecated function usage.

Line range hint 1-214: Overall, the changes improve contract functionality and transparency.

The modifications to the ERC20Custody contract, particularly the updateTSSAddress function, enhance transparency and security. The deprecation of the deposit function aligns with the PR objectives.

However, consider the following recommendations for further improvement:

  1. Add NatSpec comments for events to improve documentation.
  2. Implement a more robust approach for handling the deprecated deposit function.
  3. Ensure that any external contracts or interfaces depending on the deposit function are updated accordingly.

To maintain consistency across the codebase and prevent potential issues, it's crucial to update any external contracts or interfaces that might be relying on the now-deprecated deposit function. Consider creating a migration plan for users of this function if it's going to be removed in the future.

v2/test/GatewayEVM.t.sol (4)

444-451: Maintain Consistent Revert Expectation Methods

In the testDepositERC20ToCustodyFailsIfPayloadSizeExceeded function, you're using vm.expectRevert(PayloadSizeExceeded.selector); to expect a revert. However, in other tests, you use the revert message string. For consistency, it's recommended to adopt a uniform approach across all tests.

Consider updating the code to use the error message string:

-vm.expectRevert(PayloadSizeExceeded.selector);
+vm.expectRevert("PayloadSizeExceeded");

Alternatively, if you prefer using error selectors, update the other tests to match this style.

499-503: Inconsistent Revert Expectation Style

In testFailDepositEthToTssIfPayloadSizeExceeded, you use vm.expectRevert("PayloadSizeExceeded"); to expect the revert. This is inconsistent with the previous test where you use the error selector. Consistency improves readability and reduces potential confusion.

Update the code to use the error selector:

-vm.expectRevert("PayloadSizeExceeded");
+vm.expectRevert(PayloadSizeExceeded.selector);

590-590: Apply Payload Size Constant for Consistency

Similarly, at line 590, you set revertOptions.revertMessage = new bytes(513);. Using the defined MAX_REVERT_MESSAGE_SIZE constant here will maintain consistency across your tests.

Update the code as follows:

-revertOptions.revertMessage = new bytes(513);
+revertOptions.revertMessage = new bytes(MAX_REVERT_MESSAGE_SIZE + 1);

622-622: Consistent Use of Payload Size Constant

At line 622, in testCallWithPayloadFailsIfPayloadSizeExceeded, consider using the MAX_REVERT_MESSAGE_SIZE constant to ensure consistency.

Apply this change:

-revertOptions.revertMessage = new bytes(513);
+revertOptions.revertMessage = new bytes(MAX_REVERT_MESSAGE_SIZE + 1);
v2/test/GatewayZEVM.t.sol (1)

123-127: Use a constant for maximum message size limit

In testWithdrawZRC20FailsIfMessageSizeExceeded, consider defining a constant for the maximum allowed message size instead of hardcoding the value 1025. This enhances readability and maintainability.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 475acfa and 9d9f74d.

⛔ Files ignored due to path filters (89)
  • v2/docs/src/contracts/Revert.sol/interface.Revertable.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/Revert.sol/struct.RevertContext.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/Revert.sol/struct.RevertOptions.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ERC20Custody.sol/contract.ERC20Custody.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/GatewayEVM.sol/contract.GatewayEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorBase.sol/abstract.ZetaConnectorBase.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorNative.sol/contract.ZetaConnectorNative.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorNonNative.sol/contract.ZetaConnectorNonNative.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20Custody.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20CustodyErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20CustodyEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.Callable.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVMErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVMEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/struct.MessageContext.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IZetaConnector.sol/interface.IZetaConnectorEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IZetaNonEthNew.sol/interface.IZetaNonEthNew.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/GatewayZEVM.sol/contract.GatewayZEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/SystemContract.sol/contract.SystemContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/SystemContract.sol/interface.SystemContractErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/ZRC20.sol/contract.ZRC20.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/ZRC20.sol/interface.ZRC20Errors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVMErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVMEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/struct.CallOptions.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/ISystem.sol/interface.ISystem.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IWZETA.sol/interface.IWETH9.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/enum.CoinType.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.IZRC20.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.IZRC20Metadata.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.ZRC20Events.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/interface.UniversalContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/interface.zContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/struct.zContext.md is excluded by !v2/docs/**
  • v2/pkg/erc20custody.sol/erc20custody.go is excluded by !v2/pkg/**
  • v2/pkg/erc20custody.t.sol/erc20custodytest.go is excluded by !v2/pkg/**
  • v2/pkg/erc20custodyechidnatest.sol/erc20custodyechidnatest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.sol/gatewayevm.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.t.sol/gatewayevminboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.t.sol/gatewayevmtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmechidnatest.sol/gatewayevmechidnatest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmupgrade.t.sol/gatewayevmuupsupgradetest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmupgradetest.sol/gatewayevmupgradetest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmzevm.t.sol/gatewayevmzevmtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayzevm.sol/gatewayzevm.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayzevm.t.sol/gatewayzevminboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayzevm.t.sol/gatewayzevmoutboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/ierc20custody.sol/ierc20custody.go is excluded by !v2/pkg/**
  • v2/pkg/ierc20custody.sol/ierc20custodyevents.go is excluded by !v2/pkg/**
  • v2/pkg/igatewayevm.sol/igatewayevm.go is excluded by !v2/pkg/**
  • v2/pkg/igatewayevm.sol/igatewayevmevents.go is excluded by !v2/pkg/**
  • v2/pkg/izetaconnector.sol/izetaconnectorevents.go is excluded by !v2/pkg/**
  • v2/pkg/receiverevm.sol/receiverevm.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectorbase.sol/zetaconnectorbase.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornative.sol/zetaconnectornative.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornative.t.sol/zetaconnectornativetest.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornonnative.sol/zetaconnectornonnative.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornonnative.t.sol/zetaconnectornonnativetest.go is excluded by !v2/pkg/**
  • v2/pkg/zrc20.t.sol/zrc20test.go is excluded by !v2/pkg/**
  • v2/types/ERC20Custody.ts is excluded by !v2/types/**
  • v2/types/ERC20CustodyEchidnaTest.ts is excluded by !v2/types/**
  • v2/types/GatewayEVM.ts is excluded by !v2/types/**
  • v2/types/GatewayEVMEchidnaTest.ts is excluded by !v2/types/**
  • v2/types/GatewayEVMUpgradeTest.ts is excluded by !v2/types/**
  • v2/types/IERC20Custody.sol/IERC20Custody.ts is excluded by !v2/types/**
  • v2/types/IERC20Custody.sol/IERC20CustodyEvents.ts is excluded by !v2/types/**
  • v2/types/IGatewayEVM.sol/IGatewayEVM.ts is excluded by !v2/types/**
  • v2/types/IGatewayEVM.sol/IGatewayEVMEvents.ts is excluded by !v2/types/**
  • v2/types/IZetaConnector.sol/IZetaConnectorEvents.ts is excluded by !v2/types/**
  • v2/types/ZetaConnectorBase.ts is excluded by !v2/types/**
  • v2/types/ZetaConnectorNative.ts is excluded by !v2/types/**
  • v2/types/ZetaConnectorNonNative.ts is excluded by !v2/types/**
  • v2/types/factories/ERC20CustodyEchidnaTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ERC20Custody__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayEVMEchidnaTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayEVMUpgradeTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayEVM__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayZEVM__factory.ts is excluded by !v2/types/**
  • v2/types/factories/IERC20Custody.sol/IERC20CustodyEvents__factory.ts is excluded by !v2/types/**
  • v2/types/factories/IERC20Custody.sol/IERC20Custody__factory.ts is excluded by !v2/types/**
  • v2/types/factories/IGatewayEVM.sol/IGatewayEVMEvents__factory.ts is excluded by !v2/types/**
  • v2/types/factories/IGatewayEVM.sol/IGatewayEVM__factory.ts is excluded by !v2/types/**
  • v2/types/factories/IZetaConnector.sol/IZetaConnectorEvents__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ReceiverEVM__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorBase__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorNative__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorNonNative__factory.ts is excluded by !v2/types/**
📒 Files selected for processing (12)
  • v2/contracts/evm/ERC20Custody.sol (1 hunks)
  • v2/contracts/evm/GatewayEVM.sol (12 hunks)
  • v2/contracts/evm/ZetaConnectorBase.sol (1 hunks)
  • v2/contracts/evm/ZetaConnectorNonNative.sol (1 hunks)
  • v2/contracts/evm/interfaces/IERC20Custody.sol (1 hunks)
  • v2/contracts/evm/interfaces/IGatewayEVM.sol (1 hunks)
  • v2/contracts/evm/interfaces/IZetaConnector.sol (1 hunks)
  • v2/contracts/zevm/GatewayZEVM.sol (11 hunks)
  • v2/test/ERC20Custody.t.sol (1 hunks)
  • v2/test/GatewayEVM.t.sol (6 hunks)
  • v2/test/GatewayZEVM.t.sol (8 hunks)
  • v2/test/ZetaConnectorNative.t.sol (1 hunks)
🧰 Additional context used
🔇 Additional comments (31)
v2/contracts/evm/interfaces/IZetaConnector.sol (1)

30-30: LGTM: Event signature update improves traceability.

The addition of the oldTSSAddress parameter to the UpdatedZetaConnectorTSSAddress event is a good improvement. It enhances the event's informativeness by allowing tracking of both the old and new TSS addresses when an update occurs.

Let's verify the impact of this change on the codebase:

✅ Verification successful

Action Required: Verification Scripts Adjustment Needed

The previous verification attempt failed due to an unrecognized file type. To accurately verify the impact of the UpdatedZetaConnectorTSSAddress event signature change, new scripts targeting .sol files are necessary.

: Event signature update confirmed.

All instances of the UpdatedZetaConnectorTSSAddress event have been successfully updated to include both oldTSSAddress and newTSSAddress parameters. The old event signature is no longer present, and all emit statements correctly use the new signature.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for occurrences of the old event signature and verify that all emits use the new signature.

# Test 1: Search for old event signature. Expect: No results.
echo "Searching for old event signature..."
rg --type solidity "event UpdatedZetaConnectorTSSAddress\(address newTSSAddress\)"

# Test 2: Verify all emit statements use the new signature. Expect: All results to have two address parameters.
echo "Verifying emit statements..."
rg --type solidity "emit UpdatedZetaConnectorTSSAddress\("

Length of output: 361

Script:

#!/bin/bash
# Description: Check for occurrences of the old event signature and verify that all emits use the new signature within .sol files.

# Test 1: Search for old event signature. Expect: No results.
echo "Searching for old event signature..."
rg 'event UpdatedZetaConnectorTSSAddress\(address newTSSAddress\)' --type-add 'solidity:*.sol' --type solidity

# Test 2: Verify all emit statements use the new signature with two address parameters.
echo "Verifying emit statements with updated signature..."
rg 'emit UpdatedZetaConnectorTSSAddress\([^,]+, [^)]+\)' --type-add 'solidity:*.sol' --type solidity

Length of output: 628

v2/contracts/evm/ZetaConnectorNonNative.sol (2)

120-123: Approved: Improved encapsulation by changing _mintTo to private

The change of _mintTo function visibility from internal to private is a good security practice. It restricts the function's accessibility to only within the ZetaConnectorNonNative contract, preventing potential misuse in derived contracts and adhering to the principle of least privilege.

This modification enhances the contract's security without affecting its core functionality. The function's internal logic remains unchanged, maintaining its checks for max supply and using the appropriate interface for minting.

Line range hint 1-124: Overall impact: Improved security with minimal risk

The change to make _mintTo private improves the contract's security by restricting access to this critical function. This modification aligns well with the PR's objective of implementing fixes from previous reviews.

The change doesn't affect the overall functionality of the contract, as the internal logic of _mintTo and the functions that use it (withdraw, withdrawAndCall, withdrawAndRevert) remain unchanged.

To ensure no breaking changes were introduced, please run the following script to check for any derived contracts or external calls to _mintTo:

If the script returns any results, please review them to ensure that changing _mintTo to private doesn't break any existing functionality.

✅ Verification successful

Verified: Changing _mintTo to private does not impact any external contracts or functionality. All calls to _mintTo are internal within ZetaConnectorNonNative.sol, ensuring enhanced security without introducing breaking changes.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for potential derived contracts or external calls to _mintTo
echo "Searching for potential derived contracts:"
rg --type solidity "contract \w+ is ZetaConnectorNonNative"

echo "Searching for external calls to _mintTo:"
rg --type solidity "_mintTo\("

Length of output: 346

Script:

#!/bin/bash
# Search for potential derived contracts using .sol extension
echo "Searching for potential derived contracts:"
rg -g '*.sol' 'contract\s+\w+\s+is\s+ZetaConnectorNonNative'

echo "Searching for external calls to _mintTo:"
rg -g '*.sol' '_mintTo\('

Length of output: 706

v2/contracts/evm/ZetaConnectorBase.sol (1)

64-66: Improved event emission order in updateTSSAddress

The changes to the updateTSSAddress function improve its implementation by emitting the UpdatedZetaConnectorTSSAddress event after updating the tssAddress state variable. This ensures that the event accurately reflects the new state when emitted, which is considered a best practice.

The core logic and security measures of the function remain intact, including the zero address check and proper role management.

v2/contracts/evm/interfaces/IGatewayEVM.sol (1)

56-56: Verify impact of event signature change

The change in the UpdatedGatewayTSSAddress event signature is localized to the IGatewayEVMEvents interface. However, this change may affect other parts of the codebase.

Please run the following script to identify potential areas that need to be updated:

Ensure that all identified usages are updated to match the new event signature.

✅ Verification successful

Re-run verification with adjusted search parameters

The previous script failed to recognize Solidity files. Please execute the following updated script to locate usages of the UpdatedGatewayTSSAddress event:

Impact of UpdatedGatewayTSSAddress Event Signature Change Verified

The UpdatedGatewayTSSAddress event signature change in the IGatewayEVM.sol interface has been properly localized. All event emissions and interface implementations identified in the test and contract files have been reviewed to ensure compatibility with the new signature.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Find usages of UpdatedGatewayTSSAddress event in the codebase

# Search for event emissions
echo "Searching for UpdatedGatewayTSSAddress event emissions:"
rg --type solidity "emit UpdatedGatewayTSSAddress\(" -A 1

# Search for event listeners
echo "\nSearching for UpdatedGatewayTSSAddress event listeners:"
rg --type solidity "UpdatedGatewayTSSAddress\(.*\)" -A 1

# Search for interface implementations
echo "\nSearching for IGatewayEVMEvents interface implementations:"
rg --type solidity "contract.*is.*IGatewayEVMEvents"

Length of output: 649

Script:

#!/bin/bash
# Description: Find usages of UpdatedGatewayTSSAddress event in Solidity (.sol) files

# Search for event emissions
echo "Searching for UpdatedGatewayTSSAddress event emissions in .sol files:"
rg --glob "*.sol" "emit UpdatedGatewayTSSAddress\(" -A 1

# Search for event listeners
echo "\nSearching for UpdatedGatewayTSSAddress event listeners in .sol files:"
rg --glob "*.sol" "UpdatedGatewayTSSAddress\(.*\)" -A 1

# Search for interface implementations
echo "\nSearching for IGatewayEVMEvents interface implementations in .sol files:"
rg --glob "*.sol" "contract\s+.*\s+is\s+.*IGatewayEVMEvents"

Length of output: 1952

v2/test/ZetaConnectorNative.t.sol (3)

96-96: Improved event emission for better traceability

The update to include both the old and new TSS addresses in the UpdatedZetaConnectorTSSAddress event emission is a positive change. This modification enhances the traceability of TSS address updates, allowing for easier tracking and auditing of these critical changes.

Line range hint 321-325: Excellent addition of zero address validation test

The new testTSSUpgradeFailsIfZeroAddress function is a valuable addition to the test suite. It verifies that the updateTSSAddress function correctly rejects attempts to set the TSS address to a zero address, which is a critical security measure. This test enhances the robustness of the contract by ensuring proper input validation and error handling.

Line range hint 1-434: Summary: Improved TSS address update process and testing

The changes in this file focus on enhancing the TSS address update process and its associated tests. The modifications include:

  1. Improved event emission for UpdatedZetaConnectorTSSAddress, now including both old and new TSS addresses for better traceability.
  2. Addition of a new test testTSSUpgradeFailsIfZeroAddress to ensure proper handling of zero address inputs.

These changes align with best practices for event emission, input validation, and thorough testing. They contribute to the overall robustness and security of the ZetaConnectorNative contract.

v2/contracts/evm/GatewayEVM.sol (8)

84-86: Improved transparency in TSS address updates

The addition of the UpdatedGatewayTSSAddress event emission enhances the contract's transparency by providing a clear audit trail of TSS address changes. This is a positive improvement that allows for better off-chain tracking and monitoring of critical contract updates.

193-199: Enhanced security in ERC20 approvals

The changes to the executeWithERC20 function improve both code readability and security:

  1. Renaming resetApproval to _resetApproval follows the convention for private functions, enhancing code clarity.
  2. Calling _resetApproval both before and after the main execution ensures that no lingering approvals remain, reducing the risk of unauthorized token transfers.

These modifications represent a positive step towards more secure ERC20 token handling.

204-204: Improved consistency in function naming

The renaming of transferToAssetHandler to _transferToAssetHandler aligns with the naming convention for private functions. This change enhances code readability and maintains consistency throughout the contract.

252-252: Added safety check for revert message size

A new validation has been introduced to ensure that the revertOptions.revertMessage length does not exceed MAX_PAYLOAD_SIZE. This is a valuable safety measure that prevents potential issues related to excessively large revert messages, such as out-of-gas errors or unexpected behavior in cross-chain communications.

278-280: Consistent improvements in deposit functions

  1. The addition of the revert message size check (revertOptions.revertMessage.length > MAX_PAYLOAD_SIZE) aligns with the ETH deposit function, ensuring consistent safety measures across different deposit types.
  2. Renaming transferFromToAssetHandler to _transferFromToAssetHandler maintains the naming convention for private functions, enhancing code readability and consistency throughout the contract.

These changes demonstrate a systematic approach to improving both safety and code quality.

301-301: Enhanced payload size management in depositAndCall functions

Both ETH and ERC20 depositAndCall functions have been updated with improved payload size checks:

  1. The combined length of payload and revertOptions.revertMessage is now checked against MAX_PAYLOAD_SIZE. This comprehensive check prevents potential issues related to excessively large payloads in cross-chain communications.

  2. In the ERC20 version, transferFromToAssetHandler has been consistently renamed to _transferFromToAssetHandler, maintaining the naming convention for private functions.

These changes demonstrate a thorough approach to payload size management and code consistency.

Also applies to: 329-331

350-350: Consistent payload size check in call function

The call function has been updated to include a check on the combined length of payload and revertOptions.revertMessage against MAX_PAYLOAD_SIZE. This change aligns with similar modifications in the deposit and depositAndCall functions, ensuring consistent payload size management across all relevant contract interactions.

This update contributes to the overall robustness of the contract by preventing potential issues related to excessively large payloads in cross-chain communications.

Line range hint 1-470: Summary of GatewayEVM.sol changes

The modifications to the GatewayEVM contract demonstrate a comprehensive approach to improving code quality, security, and functionality:

  1. Enhanced transparency through event emissions for critical operations.
  2. Improved security in ERC20 token handling with double approval resets.
  3. Consistent naming conventions for private functions, enhancing code readability.
  4. Robust payload size management across all relevant functions, preventing potential issues in cross-chain communications.
  5. Maintained consistency in error handling and existing functionality.

These changes collectively contribute to a more secure, transparent, and maintainable contract. The systematic nature of the improvements suggests a thorough code review and refactoring process.

v2/contracts/zevm/GatewayZEVM.sol (6)

94-94: Improved encapsulation by changing function visibility to private

The change from internal to private for the _withdrawZRC20 function enhances the contract's security by restricting access to this function. This modification prevents potential misuse in derived contracts and reduces the overall attack surface.

104-104: Enhanced security by changing function visibility to private

The visibility change from internal to private for the _withdrawZRC20WithGasLimit function improves the contract's security posture. This modification ensures that the function can only be called within the contract itself, preventing potential misuse in derived contracts.

122-122: Strengthened encapsulation by changing function visibility to private

The modification of the _transferZETA function's visibility from internal to private aligns with best practices for encapsulation. This change restricts the function's accessibility to within the contract, reducing the risk of unintended use in derived contracts and enhancing overall security.

146-146: Verify intention of relaxed message size check

The condition for checking revertOptions.revertMessage.length has been changed from >= to >. This subtle modification now allows messages of exactly MAX_MESSAGE_SIZE length, whereas previously it would have reverted.

Please confirm if this change is intentional and if there are any potential implications or edge cases that need to be considered with this relaxed condition.

393-393: Improved contract security by changing function visibility to private

The visibility change of the _call function from internal to private enhances the contract's security and encapsulation. This modification ensures that the function can only be invoked within the contract itself, preventing potential misuse or unexpected behavior in derived contracts.

185-185: Consistent relaxation of message size checks across multiple functions

The condition for checking message length (including revertOptions.revertMessage.length) has been consistently changed from >= to > across multiple functions:

  • withdrawAndCall (lines 185, 224, 293, 332)
  • withdraw (line 257)
  • call (lines 358, 381)

This change allows messages of exactly MAX_MESSAGE_SIZE length in all these functions, whereas previously they would have reverted.

Please confirm:

  1. Is this change intentional and applied consistently as part of a broader design decision?
  2. Have potential implications or edge cases been considered, especially in cross-function interactions?
  3. Are there any updates needed in the documentation or external interfaces to reflect this change in behavior?

To help verify the consistency and impact of these changes, you can run the following script:

Also applies to: 224-224, 257-257, 293-293, 332-332, 358-358, 381-381

✅ Verification successful

Message size checks consistently updated and verified

The message size condition has been uniformly changed from >= to > across all relevant functions:

  • withdrawAndCall (lines 185, 224, 293, 332)
  • withdraw (line 257)
  • call (lines 358, 381)

Additionally, the MAX_MESSAGE_SIZE constant is correctly defined as 1024.

These changes allow messages with a length exactly equal to MAX_MESSAGE_SIZE, aligning with the intended contract behavior.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the consistency of message size checks across the contract

# Test: Search for all occurrences of message size checks
rg --type solidity "revertOptions\.revertMessage\.length \s*>\s*MAX_MESSAGE_SIZE" v2/contracts/zevm/GatewayZEVM.sol

# Test: Check if there are any remaining occurrences of the old condition
rg --type solidity "revertOptions\.revertMessage\.length \s*>=\s*MAX_MESSAGE_SIZE" v2/contracts/zevm/GatewayZEVM.sol

# Test: Verify the value of MAX_MESSAGE_SIZE constant
rg --type solidity "MAX_MESSAGE_SIZE\s*=\s*\d+" v2/contracts/zevm/GatewayZEVM.sol

Length of output: 419

Script:

#!/bin/bash
# Description: Verify the consistency of message size checks across the contract

# Test: Search for all occurrences of message size checks using '*.sol' extension
rg -g '*.sol' "revertOptions\.revertMessage\.length\s*>\s*MAX_MESSAGE_SIZE" v2/contracts/zevm/GatewayZEVM.sol

# Test: Check if there are any remaining occurrences of the old condition using '*.sol' extension
rg -g '*.sol' "revertOptions\.revertMessage\.length\s*>=\s*MAX_MESSAGE_SIZE" v2/contracts/zevm/GatewayZEVM.sol

# Test: Verify the value of MAX_MESSAGE_SIZE constant using '*.sol' extension
rg -g '*.sol' "MAX_MESSAGE_SIZE\s*=\s*\d+" v2/contracts/zevm/GatewayZEVM.sol

Length of output: 1234

v2/test/ERC20Custody.t.sol (1)

99-99: Improved event emission for TSS address updates.

The updated event emission now includes both the old and new TSS addresses, which enhances the traceability and auditability of TSS address changes. This modification aligns well with best practices for event logging in smart contracts.

v2/test/GatewayEVM.t.sol (1)

92-92: Ensure Event Definition Matches Emitted Event

At line 92, the emit UpdatedGatewayTSSAddress(tssAddress, newTSSAddress); statement now emits both the old and new TSS addresses. Please verify that the UpdatedGatewayTSSAddress event definition has been updated accordingly to accept two address parameters.

To confirm the event definition, you can run the following script:

✅ Verification successful

Event Definition Verified

The UpdatedGatewayTSSAddress event is correctly defined with two address parameters.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the UpdatedGatewayTSSAddress event is defined with two address parameters.

ast-grep --lang solidity --pattern 'event UpdatedGatewayTSSAddress(address, address);'

Length of output: 205

Script:

#!/bin/bash
# Description: Verify that the UpdatedGatewayTSSAddress event is defined with two address parameters using ripgrep.

rg --type solidity 'event\s+UpdatedGatewayTSSAddress\s*\(\s*address\s+\w+\s*,\s*address\s+\w+\s*\)\s*;' .

Length of output: 140

Script:

#!/bin/bash
# Description: Verify that the UpdatedGatewayTSSAddress event is defined with two address parameters in Solidity files using ripgrep.

rg 'event\s+UpdatedGatewayTSSAddress\s*\(\s*address\s+\w+\s*,\s*address\s+\w+\s*\)\s*;' --glob '*.sol'

Length of output: 230

v2/test/GatewayZEVM.t.sol (7)

163-163: Use a constant for maximum message size limit

Similarly, in testWithdrawAndCallZRC20FailsIfMessageSizeExceeded, using a defined constant for the maximum message size improves code clarity and consistency.

232-232: Use a constant for maximum message size limit

Again, consider defining a constant for the maximum allowed message size in this test to enhance maintainability.

298-302: Use a constant for maximum message size limit

In testWithdrawZETAFailsIfMessageSizeExceeded, replacing the hardcoded value 1025 with a defined constant for the maximum message size will improve code readability and ease future updates.

317-317: Use a constant for maximum message size limit

As before, using a defined constant for the maximum message size in this test will enhance code maintainability.

336-336: Use a constant for maximum message size limit

Consider using a constant for the maximum allowed message size in this test to improve consistency across the codebase.

554-554: Use a constant for maximum message size limit

In this test, defining a constant for the maximum message size instead of hardcoding 513 will enhance readability and maintainability.

581-581: Use a constant for maximum message size limit

Similarly, consider using a defined constant for the maximum message size in this test to ensure consistency.

v2/contracts/evm/interfaces/IGatewayEVM.sol Outdated Show resolved Hide resolved
v2/test/GatewayEVM.t.sol Outdated Show resolved Hide resolved
lumtis
lumtis reviewed Oct 11, 2024
View reviewed changes
v2/test/GatewayEVM.t.sol Outdated Show resolved Hide resolved
@skosito skosito requested a review from lumtis October 11, 2024 12:08
coderabbitai[bot]
coderabbitai bot reviewed Oct 11, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 9d9f74d and 6d1537c.

⛔ Files ignored due to path filters (61)
  • v2/docs/src/contracts/Revert.sol/interface.Revertable.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/Revert.sol/struct.RevertContext.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/Revert.sol/struct.RevertOptions.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ERC20Custody.sol/contract.ERC20Custody.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/GatewayEVM.sol/contract.GatewayEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorBase.sol/abstract.ZetaConnectorBase.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorNative.sol/contract.ZetaConnectorNative.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorNonNative.sol/contract.ZetaConnectorNonNative.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20Custody.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20CustodyErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20CustodyEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.Callable.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVMErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVMEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/struct.MessageContext.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IZetaConnector.sol/interface.IZetaConnectorEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IZetaNonEthNew.sol/interface.IZetaNonEthNew.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/GatewayZEVM.sol/contract.GatewayZEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/SystemContract.sol/contract.SystemContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/SystemContract.sol/interface.SystemContractErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/ZRC20.sol/contract.ZRC20.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/ZRC20.sol/interface.ZRC20Errors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVMErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVMEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/struct.CallOptions.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/ISystem.sol/interface.ISystem.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IWZETA.sol/interface.IWETH9.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/enum.CoinType.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.IZRC20.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.IZRC20Metadata.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.ZRC20Events.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/interface.UniversalContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/interface.zContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/struct.zContext.md is excluded by !v2/docs/**
  • v2/pkg/erc20custody.sol/erc20custody.go is excluded by !v2/pkg/**
  • v2/pkg/erc20custody.t.sol/erc20custodytest.go is excluded by !v2/pkg/**
  • v2/pkg/erc20custodyechidnatest.sol/erc20custodyechidnatest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.sol/gatewayevm.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.t.sol/gatewayevminboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.t.sol/gatewayevmtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmechidnatest.sol/gatewayevmechidnatest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmupgrade.t.sol/gatewayevmuupsupgradetest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmupgradetest.sol/gatewayevmupgradetest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmzevm.t.sol/gatewayevmzevmtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayzevm.t.sol/gatewayzevminboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayzevm.t.sol/gatewayzevmoutboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/receiverevm.sol/receiverevm.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornative.sol/zetaconnectornative.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornative.t.sol/zetaconnectornativetest.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornonnative.sol/zetaconnectornonnative.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornonnative.t.sol/zetaconnectornonnativetest.go is excluded by !v2/pkg/**
  • v2/types/factories/ERC20CustodyEchidnaTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ERC20Custody__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayEVMEchidnaTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayEVMUpgradeTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayEVM__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ReceiverEVM__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorNative__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorNonNative__factory.ts is excluded by !v2/types/**
📒 Files selected for processing (5)
  • v2/contracts/evm/interfaces/IERC20Custody.sol (1 hunks)
  • v2/contracts/evm/interfaces/IGatewayEVM.sol (1 hunks)
  • v2/contracts/evm/interfaces/IZetaConnector.sol (1 hunks)
  • v2/test/GatewayEVM.t.sol (6 hunks)
  • v2/test/GatewayZEVM.t.sol (8 hunks)
🚧 Files skipped from review as they are similar to previous changes (4)
  • v2/contracts/evm/interfaces/IERC20Custody.sol
  • v2/contracts/evm/interfaces/IGatewayEVM.sol
  • v2/contracts/evm/interfaces/IZetaConnector.sol
  • v2/test/GatewayEVM.t.sol
🧰 Additional context used
🔇 Additional comments (7)
v2/test/GatewayZEVM.t.sol (7)

123-127: Test accurately checks message size limit for withdraw

The new test testWithdrawZRC20FailsIfMessageSizeExceeded correctly verifies that withdraw reverts with MessageSizeExceeded when revertOptions.revertMessage exceeds MAX_MESSAGE_SIZE.

231-232: Duplicate of previous suggestion to refactor repetitive test code

The same setup code is repeated here. Refactoring can improve maintainability.

298-302: Test correctly verifies message size limit for ZETA withdrawal

The test testWithdrawZETAFailsIfMessageSizeExceeded accurately checks that withdraw reverts with MessageSizeExceeded when revertOptions.revertMessage exceeds MAX_MESSAGE_SIZE.

316-317: Duplicate of previous suggestion to refactor repetitive test code

Reiterating the suggestion to refactor the message size setup code.

335-336: Duplicate of previous suggestion to refactor repetitive test code

Refactoring repeated code enhances maintainability.

553-554: Duplicate of previous suggestion to refactor repetitive test code

Consider extracting repeated setup code into a helper.

580-581: Duplicate of previous suggestion to refactor repetitive test code

Same as above.

v2/test/GatewayZEVM.t.sol
Comment on lines +162 to +163
bytes memory message = new bytes(gateway.MAX_MESSAGE_SIZE() / 2);
revertOptions.revertMessage = new bytes(gateway.MAX_MESSAGE_SIZE() / 2 + 1);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Consider refactoring repetitive test setup code for exceeding message size

The code initializing message and revertOptions.revertMessage to exceed MAX_MESSAGE_SIZE is repeated across multiple tests. Refactoring this code into a helper function or utility can reduce duplication and improve maintainability.

@skosito skosito merged commit f7f6d9f into main Oct 14, 2024
11 checks passed
@skosito skosito deleted the review-fixes branch October 14, 2024 09:35
coderabbitai[bot]
coderabbitai bot reviewed Oct 14, 2024
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (3)
v2/contracts/evm/ZetaConnectorNonNative.sol (1)

Line range hint 1-129: Suggestions for improving contract documentation and security

  1. Consider adding a comment at the beginning of the contract to explicitly state that it's upgradeable. This helps developers understand the contract's nature and the need for careful state management during upgrades.

  2. It's recommended to conduct a thorough security audit, particularly focusing on the interactions with the gateway contract. External contract calls can be a source of vulnerabilities if not properly secured.

Here's a suggested comment to add at the beginning of the contract:

/// @dev This contract is upgradeable. Be careful when adding new state variables
/// and ensure proper initialization in the initialize function.
contract ZetaConnectorNonNative is ZetaConnectorBase {
    // ... rest of the contract
}
v2/test/utils/upgrades/ERC20CustodyUpgradeTest.sol (1)

Line range hint 1-224: Consider future handling of deprecated functions and update documentation.

The contract looks well-structured and follows best practices for upgradeable contracts. However, there are a couple of points to consider:

  1. The deposit function is marked as deprecated. In future upgrades, you might want to consider removing this function entirely or providing a clear migration path for users.

  2. The contract name ERC20CustodyUpgradeTest and the comment /// @dev The only difference is in event naming might be slightly misleading, as there are functional changes beyond just event naming (e.g., the WithdrawnV2 event in the withdraw function).

Consider the following actions:

  1. Plan for the removal of the deprecated deposit function in future upgrades.
  2. Update the contract documentation to accurately reflect all changes, not just event naming differences.
  3. If this contract is intended for testing upgrades, consider adding more comprehensive tests to cover all changes and potential upgrade scenarios.
v2/test/ERC20Custody.t.sol (1)

110-110: LGTM! Consider adding a test for the old address.

The update to include both the old and new TSS addresses in the UpdatedCustodyTSSAddress event is a good improvement. It enhances traceability and provides more context for the address change.

Consider adding an assertion to verify that the tssAddress variable holds the correct old address before the update. This would ensure that the test is using the expected initial state:

+       assertEq(tssAddress, custody.tssAddress());
        vm.expectEmit(true, true, true, true, address(custody));
        emit UpdatedCustodyTSSAddress(tssAddress, newTSSAddress);
        custody.updateTSSAddress(newTSSAddress);
📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 6d1537c and 1a17447.

⛔ Files ignored due to path filters (69)
  • v2/docs/src/contracts/Revert.sol/interface.Revertable.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/Revert.sol/struct.RevertContext.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/Revert.sol/struct.RevertOptions.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ERC20Custody.sol/contract.ERC20Custody.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/GatewayEVM.sol/contract.GatewayEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorBase.sol/abstract.ZetaConnectorBase.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorNative.sol/contract.ZetaConnectorNative.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/ZetaConnectorNonNative.sol/contract.ZetaConnectorNonNative.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20Custody.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20CustodyErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IERC20Custody.sol/interface.IERC20CustodyEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.Callable.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVMErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/interface.IGatewayEVMEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IGatewayEVM.sol/struct.MessageContext.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IZetaConnector.sol/interface.IZetaConnectorEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/evm/interfaces/IZetaNonEthNew.sol/interface.IZetaNonEthNew.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/GatewayZEVM.sol/contract.GatewayZEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/SystemContract.sol/contract.SystemContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/SystemContract.sol/interface.SystemContractErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/ZRC20.sol/contract.ZRC20.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/ZRC20.sol/interface.ZRC20Errors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVM.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVMErrors.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/interface.IGatewayZEVMEvents.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IGatewayZEVM.sol/struct.CallOptions.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/ISystem.sol/interface.ISystem.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IWZETA.sol/interface.IWETH9.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/enum.CoinType.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.IZRC20.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.IZRC20Metadata.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/IZRC20.sol/interface.ZRC20Events.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/interface.UniversalContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/interface.zContract.md is excluded by !v2/docs/**
  • v2/docs/src/contracts/zevm/interfaces/UniversalContract.sol/struct.zContext.md is excluded by !v2/docs/**
  • v2/pkg/erc20custody.sol/erc20custody.go is excluded by !v2/pkg/**
  • v2/pkg/erc20custody.t.sol/erc20custodytest.go is excluded by !v2/pkg/**
  • v2/pkg/erc20custodyupgradetest.sol/erc20custodyupgradetest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.sol/gatewayevm.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.t.sol/gatewayevminboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevm.t.sol/gatewayevmtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmupgradetest.sol/gatewayevmupgradetest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayevmzevm.t.sol/gatewayevmzevmtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayzevm.t.sol/gatewayzevminboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/gatewayzevm.t.sol/gatewayzevmoutboundtest.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectorbase.sol/zetaconnectorbase.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornative.sol/zetaconnectornative.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornative.t.sol/zetaconnectornativetest.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornativeupgradetest.sol/zetaconnectornativeupgradetest.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornonnative.sol/zetaconnectornonnative.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornonnative.t.sol/zetaconnectornonnativetest.go is excluded by !v2/pkg/**
  • v2/pkg/zetaconnectornonnativeupgradetest.sol/zetaconnectornonnativeupgradetest.go is excluded by !v2/pkg/**
  • v2/types/ERC20Custody.ts is excluded by !v2/types/**
  • v2/types/ERC20CustodyUpgradeTest.ts is excluded by !v2/types/**
  • v2/types/ZetaConnectorBase.ts is excluded by !v2/types/**
  • v2/types/ZetaConnectorNative.ts is excluded by !v2/types/**
  • v2/types/ZetaConnectorNativeUpgradeTest.ts is excluded by !v2/types/**
  • v2/types/ZetaConnectorNonNative.ts is excluded by !v2/types/**
  • v2/types/ZetaConnectorNonNativeUpgradeTest.ts is excluded by !v2/types/**
  • v2/types/factories/ERC20CustodyUpgradeTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ERC20Custody__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayEVMUpgradeTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/GatewayEVM__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorBase__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorNativeUpgradeTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorNative__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorNonNativeUpgradeTest__factory.ts is excluded by !v2/types/**
  • v2/types/factories/ZetaConnectorNonNative__factory.ts is excluded by !v2/types/**
📒 Files selected for processing (9)
  • v2/contracts/evm/ERC20Custody.sol (1 hunks)
  • v2/contracts/evm/GatewayEVM.sol (12 hunks)
  • v2/contracts/evm/ZetaConnectorBase.sol (1 hunks)
  • v2/contracts/evm/ZetaConnectorNonNative.sol (1 hunks)
  • v2/test/ERC20Custody.t.sol (1 hunks)
  • v2/test/GatewayEVM.t.sol (6 hunks)
  • v2/test/GatewayZEVM.t.sol (8 hunks)
  • v2/test/ZetaConnectorNative.t.sol (1 hunks)
  • v2/test/utils/upgrades/ERC20CustodyUpgradeTest.sol (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (4)
  • v2/contracts/evm/ERC20Custody.sol
  • v2/contracts/evm/ZetaConnectorBase.sol
  • v2/test/GatewayEVM.t.sol
  • v2/test/ZetaConnectorNative.t.sol
🧰 Additional context used
🔇 Additional comments (13)
v2/contracts/evm/ZetaConnectorNonNative.sol (1)

126-129: Approved: Improved encapsulation of minting logic

Changing _mintTo from internal to private enhances the security of the minting process by restricting access to only within this contract. This change aligns with the principle of least privilege and reduces the potential attack surface.

To ensure this change doesn't introduce any regressions, please verify:

  1. No derived contracts were relying on this function.
  2. This change doesn't impact any upgrade patterns used in the system.

Run the following script to check for any derived contracts or references to _mintTo:

✅ Verification successful

Approved: Improved encapsulation of minting logic

Changing _mintTo from internal to private enhances the security of the minting process by restricting access to only within this contract. This change aligns with the principle of least privilege and reduces the potential attack surface.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for contracts deriving from ZetaConnectorNonNative
echo "Contracts deriving from ZetaConnectorNonNative:"
rg --type solidity "contract \w+ is .*ZetaConnectorNonNative"

# Search for references to _mintTo outside this contract
echo "References to _mintTo outside ZetaConnectorNonNative:"
rg --type solidity "_mintTo" -g "!ZetaConnectorNonNative.sol"

Length of output: 413

Script:

#!/bin/bash
# Search for contracts deriving from ZetaConnectorNonNative
echo "Contracts deriving from ZetaConnectorNonNative:"
rg "contract \w+ is .*ZetaConnectorNonNative" -g '*.sol'

# Search for references to _mintTo outside ZetaConnectorNonNative.sol
echo "References to _mintTo outside ZetaConnectorNonNative.sol:"
rg "_mintTo" -g '*.sol' -g '!v2/contracts/evm/ZetaConnectorNonNative.sol'

Length of output: 861

v2/test/ERC20Custody.t.sol (1)

Line range hint 1-669: Overall, the test file looks good with the updated event emission.

The change to include both old and new TSS addresses in the UpdatedCustodyTSSAddress event improves the test coverage and aligns with likely changes in the main contract. The rest of the test cases remain comprehensive, covering various scenarios for the ERC20Custody contract functionality.

v2/test/GatewayZEVM.t.sol (6)

137-141: LGTM: New test for message size limit in ZRC20 withdrawal.

This new test function effectively checks the failure case when the revert message size exceeds the maximum allowed size during ZRC20 withdrawal. It's a valuable addition to ensure proper error handling for oversized messages.

176-177: LGTM: Improved test for message size limit in ZRC20 withdrawal and call.

The changes enhance the test by setting both the message and revert message sizes. This ensures a more comprehensive check of the size limit enforcement.

Regarding the previous suggestion to refactor repetitive setup code:
While the current implementation is acceptable, consider creating a helper function to generate oversized messages if this pattern is repeated in multiple tests. This could improve maintainability and readability.

245-246: LGTM: Consistent improvement in message size testing for ZRC20 withdrawal and call with options.

These changes align with the previous modifications, ensuring consistent and comprehensive testing of message size limits across different scenarios. The use of MAX_MESSAGE_SIZE for both message and revert message sizes is a good practice.

312-316: LGTM: New test for message size limit in ZETA withdrawal.

This new test function effectively checks the failure case when the revert message size exceeds the maximum allowed size during ZETA withdrawal. It's a valuable addition to ensure consistent error handling across different token types.

330-331: LGTM: Consistent improvement in message size testing for ZETA withdrawal and call.

These changes align with the previous modifications for ZRC20, ensuring consistent and comprehensive testing of message size limits for ZETA operations. The use of MAX_MESSAGE_SIZE for both message and revert message sizes maintains good testing practices across different token types.

567-568: LGTM: Consistent improvement in message size testing for call operations.

These changes in both testCallFailsIfMessageSizeExceeded and testCallWithCallOptsFailsIfMessageSizeExceeded align with the previous modifications for withdrawal operations. They ensure consistent and comprehensive testing of message size limits across different operation types (withdrawal and call). The continued use of MAX_MESSAGE_SIZE for both message and revert message sizes maintains good testing practices throughout the test suite.

Also applies to: 594-595

v2/contracts/evm/GatewayEVM.sol (5)

85-87: Emission of event before state update is appropriate

Emitting the UpdatedGatewayTSSAddress event before updating the tssAddress state variable ensures the event captures the transition from the old address to the new one accurately.

194-200: Proper resetting of token approvals enhances security

The use of _resetApproval both before and after the external call ensures that token approvals are correctly managed, minimizing the risk of unauthorized token transfers.

205-205: Safe transfer of remaining token balance

Transferring any remaining token balance back to the asset handler prevents tokens from being left in the contract, which is a good practice for security and fund management.

Line range hint 381-455: Consistent naming for private functions improves readability

Renaming internal functions with a leading underscore and setting them as private clarifies their intended scope, adhering to Solidity best practices and enhancing code clarity.

431-431: Validation before executing arbitrary calls enhances security

Calling _revertIfOnCallOrOnRevert(data); before executing an arbitrary call effectively prevents calls to sensitive functions like onCall or onRevert, mitigating potential security risks.

v2/test/utils/upgrades/ERC20CustodyUpgradeTest.sol
@@ -95,7 +95,7 @@ contract ERC20CustodyUpgradeTest is

tssAddress = newTSSAddress;

emit UpdatedCustodyTSSAddress(newTSSAddress);
emit UpdatedCustodyTSSAddress(tssAddress, newTSSAddress);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Approve the event update with a minor suggestion.

The updated event emission is an improvement, providing both the old and new TSS addresses. This change enhances the contract's ability to track important state changes.

However, there's a minor logical issue:

Consider updating the event emission to use the old TSS address before updating the tssAddress variable. Here's a suggested modification:

-        emit UpdatedCustodyTSSAddress(tssAddress, newTSSAddress);
+        address oldTSSAddress = tssAddress;
+        tssAddress = newTSSAddress;
+        emit UpdatedCustodyTSSAddress(oldTSSAddress, newTSSAddress);

This ensures that the event accurately reflects the old and new addresses.

Committable suggestion was skipped due to low confidence.

v2/contracts/evm/GatewayEVM.sol Show resolved Hide resolved
@skosito skosito mentioned this pull request Oct 14, 2024
Open
@coderabbitai coderabbitai bot mentioned this pull request Oct 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@lumtis lumtis lumtis approved these changes

@fbac fbac fbac approved these changes

@andresaiello andresaiello Awaiting requested review from andresaiello andresaiello is a code owner

@brewmaster012 brewmaster012 Awaiting requested review from brewmaster012 brewmaster012 is a code owner

@CharlieMc0 CharlieMc0 Awaiting requested review from CharlieMc0 CharlieMc0 is a code owner

@fadeev fadeev Awaiting requested review from fadeev fadeev is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@skosito @codecov-commenter @lumtis @fbac