Conversation
Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
|
|
||
| address burnToken = quote.burnToken.toAddress(); | ||
| IERC20(burnToken).safeTransferFrom(msg.sender, destinationHandler, quote.amount); | ||
| ISponsoredCCTPDstPeriphery(destinationHandler).directReceiveMessage(quote, signature); |
There was a problem hiding this comment.
We push tokens into the dst handler, this is why we require a new DIRECT_CALLER_ROLE.
I understand that this is a gas optimization over pulling two times (depositor -> srcPeriphery -> dstHandler.
Hmm, on OFT side, this also lands nicely with authorizedSrcPeripheryContracts, so that doesn't need a special role for direct deposits. We can just reuse authorizedSrcPeripheryContracts for same-chain deposit authorizations
| using AddressToBytes32 for address; | ||
| using SafeERC20 for IERC20; | ||
|
|
||
| bytes32 public constant DIRECT_CALLER_ROLE = keccak256("DIRECT_CALLER_ROLE"); |
There was a problem hiding this comment.
Can we reuse authorizedSrcPeripheryContracts instead?
There was a problem hiding this comment.
I moved DIRECT_CALLER_ROLE to BaseModuleHandler.sol so both contracts get access to DIRECT_CALLER_ROLE
c5284cf
| import { Address } from "@openzeppelin/contracts-v4/utils/Address.sol"; | ||
|
|
||
| interface IDirectDstOFTHandler { | ||
| function executeDirect(address tokenSent, uint256 amountLD, bytes calldata composeMsg) external; | ||
| } |
There was a problem hiding this comment.
Same here with the interface, can we e.g. reuse DstOFTHandler definition?
| /// @notice Source endpoint id | ||
| uint32 public immutable SRC_EID; | ||
| /// @notice OFT shared decimals used by this deployment. | ||
| uint8 public immutable SHARED_DECIMALS; |
There was a problem hiding this comment.
removed, not sure how it got there
63062f2#diff-2ca540606eddfd4ac0070e98060f462069e9097c17cadd84c584cd77e4dc9e7a
|
@codex please review this one. It adds the ability to deposit funds directly from the same chain, rather than using OFT/CCTP bridge to deposit and mint tokens cross-chain. It allows us to reuse signature checking and binding functionality (e.g. Arbitrary EVM actions are bound to some received token amount via a signature) |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 83f0ba0ab7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (quote.signedParams.dstEid == SRC_EID) { | ||
| address destinationHandler = address(uint160(uint256(quote.signedParams.destinationHandler))); |
There was a problem hiding this comment.
In SponsoredOFTSrcPeriphery.deposit, the same-chain branch (dstEid == SRC_EID) skips all native-fee handling and never refunds msg.value, so any ETH sent with a direct quote is left in this contract permanently. This is a user-funds loss path if callers keep sending the bridge fee they use for cross-chain deposits (the previous flow always refunded surplus), and this contract has no withdrawal path for stuck ETH.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
@fusmanii hm, maybe force msg.value == 0 here?
There was a problem hiding this comment.
good point, yeah forcing msg.value == 0 makes sense here
| address burnToken = quote.burnToken.toAddress(); | ||
| IERC20(burnToken).safeTransferFrom(msg.sender, destinationHandler, quote.amount); | ||
| ISponsoredCCTPDstPeriphery(destinationHandler).directReceiveMessage(quote, signature); |
There was a problem hiding this comment.
The direct CCTP source path transfers quote.burnToken to the destination handler and immediately calls directReceiveMessage, but the destination execution path does not validate that burnToken matches the handler’s baseToken and proceeds with base-token accounting. If a signed quote contains a mismatched burnToken and the handler already holds baseToken, the flow can consume that baseToken while accepting an unrelated token from the caller, which creates a drain/mis-accounting path under that input condition.
Useful? React with 👍 / 👎.
Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
|
@codex re-review pls |
|
Codex Review: Didn't find any major issues. Delightful! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
fusmanii
requested review from
bmzig,
mrice32,
nicholaspai and
pxrl
as code owners
| bytes memory signature | ||
| ) external nonReentrant authorizeFundedFlow onlyRole(DIRECT_CALLER_ROLE) { | ||
| if (quote.burnToken.toAddress() != baseToken) revert InvalidBurnToken(); | ||
| _validateQuoteOrRevert(quote, signature); |
There was a problem hiding this comment.
nit, but we could remove the _validateQuoteOrRevert call here, and copy the logic from _validateQuoteOrRevert into here, minus the signature check, since we already did the signature check on SrcPeriphery. Right now we're checking the signature twice
There was a problem hiding this comment.
great point, I could remove the sig param all together: f37c45b
Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com>
fusmanii
added
the
need to audit
3 participants
No description provided.