Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate unused interfaces #1022

Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

Deprecate unused interfaces #1022

wants to merge 11 commits into from

Conversation

0xDEnYO
Copy link
Contributor

@0xDEnYO 0xDEnYO commented Feb 24, 2025
edited
Loading

Which Jira task belongs to this PR?

Why did I implement it this way?

Checklist before requesting a review

Checklist for reviewer (DO NOT DEPLOY and contracts BEFORE CHECKING THIS!!!)

  • I have checked that any arbitrary calls to external contracts are validated and or restricted
  • I have checked that any privileged calls (i.e. storage modifications) are validated and or restricted
  • I have ensured that any new contracts have had AT A MINIMUM 1 preliminary audit conducted on by <company/auditor>

@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 24, 2025
edited
Loading

Walkthrough

This update revises several configuration and deployment scripts to transition from the older Stargate configuration files to a new v2 format. In stargateV1.json, a new chain entry has been added, while in stargateV2.json, a previously defined endpoint mapping array has been removed. Multiple scripts have been updated to reference the new stargateV2.json configuration file, and deployment resource definitions have been adjusted by removing outdated blocks and updating file references accordingly.

Changes

File(s) Summary
archive/config/stargateV1.json Added a new chain entry { "chainId": 5000, "lzChainId": 181 } and resolved merge conflict markers in formatting.
config/stargateV2.json Removed the endpointIds array, leaving only the "zksync" entry marked as "---comingSoon---".
script/demoScripts/demoStargateV2Tx.ts Updated import statement from ../../config/stargate.json to ../../config/stargateV2.json.
script/deploy/facets/DeployReceiverStargateV2.s.sol
script/deploy/facets/DeployStargateFacetV2.s.sol
script/deploy/zksync/DeployReceiverStargateV2.s.sol
script/deploy/zksync/DeployStargateFacetV2.s.sol		 Updated file path references in functions (e.g., getConstructorArgs) from "/config/stargate.json" to "/config/stargateV2.json".
script/deploy/resources/deployRequirements.json Removed the "StargateFacet" and "Receiver" blocks, and updated "StargateFacetV2" and "ReceiverStargateV2" blocks to use stargateV2.json for configuration.

Possibly related PRs

Suggested labels

AuditRequired

Suggested Reviewers

  • ezynda3

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)
  • JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@lifi-action-bot lifi-action-bot marked this pull request as draft February 24, 2025 04:27
@lifi-action-bot lifi-action-bot changed the title Deprecate unused interfaces Deprecate unused interfaces [CalldataVerificationFacet v1.3.0] Feb 24, 2025
coderabbitai[bot]
coderabbitai bot reviewed Feb 24, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🔭 Outside diff range comments (2)
src/Facets/CalldataVerificationFacet.sol (2)

6-6: ⚠️ Potential issue

Remove duplicate import of AcrossFacetV3.

The AcrossFacetV3 import is duplicated on lines 6 and 8.

 import { ILiFi } from "../Interfaces/ILiFi.sol";
 import { LibSwap } from "../Libraries/LibSwap.sol";
 import { AcrossFacetV3 } from "./AcrossFacetV3.sol";
 import { StargateFacetV2 } from "./StargateFacetV2.sol";
-import { AcrossFacetV3 } from "./AcrossFacetV3.sol";
 import { CelerIMFacetBase, CelerIM } from "lifi/Helpers/CelerIMFacetBase.sol";

Also applies to: 8-8

354-412: ⚠️ Potential issue

Remove duplicate validation block for AcrossV3.

The validation block for AcrossFacetV3 (lines 354-412) is duplicated. The first block handles both startBridgeTokensViaAcrossV3 and swapAndStartBridgeTokensViaAcrossV3, making the second block redundant.

         // Case: AcrossV3
         if (selector == AcrossFacetV3.startBridgeTokensViaAcrossV3.selector) {
             (, AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
                 callData.slice(4, callData.length - 4),
                 (ILiFi.BridgeData, AcrossFacetV3.AcrossV3Data)
             );
 
             return
                 keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
                 keccak256(callTo) ==
                 keccak256(abi.encode(acrossV3Data.receiverAddress));
         }
         if (
             selector ==
             AcrossFacetV3.swapAndStartBridgeTokensViaAcrossV3.selector
         ) {
             (, , AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
                 callData.slice(4, callData.length - 4),
                 (
                     ILiFi.BridgeData,
                     LibSwap.SwapData[],
                     AcrossFacetV3.AcrossV3Data
                 )
             );
             return
                 keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
                 keccak256(callTo) ==
                 keccak256(abi.encode(acrossV3Data.receiverAddress));
         }
 
-        // ---------------------------------------
-        // Case: AcrossV3
-        if (selector == AcrossFacetV3.startBridgeTokensViaAcrossV3.selector) {
-            (, AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
-                callData.slice(4, callData.length - 4),
-                (ILiFi.BridgeData, AcrossFacetV3.AcrossV3Data)
-            );
-
-            return
-                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
-                keccak256(callTo) ==
-                keccak256(abi.encode(acrossV3Data.receiverAddress));
-        }
-        if (
-            selector ==
-            AcrossFacetV3.swapAndStartBridgeTokensViaAcrossV3.selector
-        ) {
-            (, , AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
-                callData.slice(4, callData.length - 4),
-                (
-                    ILiFi.BridgeData,
-                    LibSwap.SwapData[],
-                    AcrossFacetV3.AcrossV3Data
-                )
-            );
-            return
-                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
-                keccak256(callTo) ==
-                keccak256(abi.encode(acrossV3Data.receiverAddress));
-        }
🧹 Nitpick comments (1)
src/Facets/CalldataVerificationFacet.sol (1)

269-416: Consider refactoring validateDestinationCalldata for better maintainability.

The function has grown complex with multiple similar validation blocks. Consider refactoring it to reduce code duplication and improve maintainability.

Here's a suggested approach:

+    struct ValidationData {
+        bytes4 selector;
+        bytes callData;
+        bytes dstCalldata;
+        bytes callTo;
+    }
+
+    function _validateStargateV2(ValidationData memory data) internal pure returns (bool) {
+        if (data.selector == StargateFacetV2.startBridgeTokensViaStargate.selector) {
+            (, StargateFacetV2.StargateData memory stargateDataV2) = abi.decode(
+                data.callData.slice(4, data.callData.length - 4),
+                (ILiFi.BridgeData, StargateFacetV2.StargateData)
+            );
+            return
+                keccak256(data.dstCalldata) == keccak256(stargateDataV2.sendParams.composeMsg) &&
+                _compareBytesToBytes32CallTo(data.callTo, stargateDataV2.sendParams.to);
+        }
+        if (data.selector == StargateFacetV2.swapAndStartBridgeTokensViaStargate.selector) {
+            (, , StargateFacetV2.StargateData memory stargateDataV2) = abi.decode(
+                data.callData.slice(4, data.callData.length - 4),
+                (ILiFi.BridgeData, LibSwap.SwapData[], StargateFacetV2.StargateData)
+            );
+            return
+                keccak256(data.dstCalldata) == keccak256(stargateDataV2.sendParams.composeMsg) &&
+                _compareBytesToBytes32CallTo(data.callTo, stargateDataV2.sendParams.to);
+        }
+        return false;
+    }
+
     function validateDestinationCalldata(
         bytes calldata data,
         bytes calldata callTo,
         bytes calldata dstCalldata
     ) external pure returns (bool isValid) {
-        bytes memory callData = data;
+        ValidationData memory validationData;
+        validationData.callData = data;
+        validationData.dstCalldata = dstCalldata;
+        validationData.callTo = callTo;

         // Handle standardizedCall
         if (bytes4(data[:4]) == StandardizedCallFacet.standardizedCall.selector) {
-            callData = abi.decode(data[4:], (bytes));
+            validationData.callData = abi.decode(data[4:], (bytes));
         }

-        bytes4 selector = abi.decode(callData, (bytes4));
+        validationData.selector = abi.decode(validationData.callData, (bytes4));

         // Validate based on selector
-        if (selector == StargateFacetV2.startBridgeTokensViaStargate.selector ||
-            selector == StargateFacetV2.swapAndStartBridgeTokensViaStargate.selector) {
-            return _validateStargateV2(callData, callTo, dstCalldata);
-        }
+        return _validateStargateV2(validationData);
     }

This refactoring:

  1. Introduces a ValidationData struct to group related data
  2. Extracts validation logic into separate functions per bridge
  3. Reduces code duplication
  4. Makes it easier to add/remove bridge validations
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 40e5cda and 8e9149b.

📒 Files selected for processing (7)
  • archive/config/stargateV1.json (1 hunks)
  • archive/scripts/demoScripts/demoDeBridge.ts (1 hunks)
  • archive/scripts/demoScripts/demoSynapseBridge.ts (1 hunks)
  • config/stargate.json (1 hunks)
  • script/deploy/healthCheck.ts (0 hunks)
  • src/Facets/CalldataVerificationFacet.sol (1 hunks)
  • test/solidity/Facets/CalldataVerificationFacet.t.sol (0 hunks)
💤 Files with no reviewable changes (2)
  • script/deploy/healthCheck.ts
  • test/solidity/Facets/CalldataVerificationFacet.t.sol
✅ Files skipped from review due to trivial changes (4)
  • archive/scripts/demoScripts/demoSynapseBridge.ts
  • archive/config/stargateV1.json
  • archive/scripts/demoScripts/demoDeBridge.ts
  • config/stargate.json
🧰 Additional context used
🧠 Learnings (1)
src/Facets/CalldataVerificationFacet.sol (1) 
Learnt from: 0xDEnYO
PR: lifinance/contracts#1003
File: src/Facets/CalldataVerificationFacet.sol:16-16
Timestamp: 2025-02-19T08:30:20.501Z
Learning: The project does not actively maintain a changelog, and suggestions about adding changelog entries should be avoided.
⏰ Context from checks skipped due to timeout of 90000ms (4)
  • GitHub Check: enforce-min-test-coverage
  • GitHub Check: run-unit-tests
  • GitHub Check: Analyze (javascript-typescript)
  • GitHub Check: generate-tag
🔇 Additional comments (1)
src/Facets/CalldataVerificationFacet.sol (1)

18-18: LGTM! Version update to 1.3.0.

The version update aligns with the removal of deprecated interfaces.

@lifi-action-bot
Copy link
Collaborator

Test Coverage Report

Line Coverage: 78.75% (2079 / 2640 lines)
Function Coverage: 83.68% ( 359 / 429 functions)
Branch Coverage: 45.24% ( 233 / 515 branches)
Test coverage (78.75%) is above min threshold (76%). Check passed.

@0xDEnYO 0xDEnYO marked this pull request as ready for review February 26, 2025 02:22
@lifi-action-bot
Copy link
Collaborator

lifi-action-bot commented Feb 26, 2025
edited
Loading

🤖 GitHub Action: Security Alerts Review 🔍

🚨 Unresolved Security Alerts Found! 🚨
The following security alerts must be resolved before merging:

🔴 View Alert - File: src/Facets/CalldataVerificationFacet.sol
🔹 Test functions fail to verify specific revert reasons, potentially missing important contract behavior validation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/missing-revert-reason-tests

⚠️ Please resolve the above issues before merging.

🟢 Dismissed Security Alerts with Comments
The following alerts were dismissed with proper comments:

🟢 View Alert - File: src/Facets/CalldataVerificationFacet.sol
🔹 Performing a narrowing downcast may result in silent overflow due to bit truncation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unsafe-downcast
🔹 Dismiss Reason: Won't fix
🔹 Dismiss Comment: We are aware of this and the facet is specifically designed to deal with deterministically constructed calldata that meets these requirements and does not lead to truncation of important information

🟢 View Alert - File: src/Facets/CalldataVerificationFacet.sol
🔹 The contract is vulnerable to signature replay attacks, potentially allowing malicious actors to reuse valid signatures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/signature-replay-attacks
🔹 Dismiss Reason: False positive
🔹 Dismiss Comment: There is no signature being used in this function at all

🟢 View Alert - File: src/Facets/CalldataVerificationFacet.sol
🔹 External calls to functions with dynamic return types may possibly run out of gas if calling a malicious function. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/external-call-potential-out-of-gas
🔹 Dismiss Reason: False positive
🔹 Dismiss Comment: The call is an internal call, not an external one, therefore false positive as it cannot be malicious

🟢 View Alert - File: src/Facets/CalldataVerificationFacet.sol
🔹 External calls to functions with dynamic return types may possibly run out of gas if calling a malicious function. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/external-call-potential-out-of-gas
🔹 Dismiss Reason: False positive
🔹 Dismiss Comment: The call is an internal call, not an external one, therefore false positive as it cannot be malicious

🟢 View Alert - File: src/Facets/CalldataVerificationFacet.sol
🔹 External calls to functions with dynamic return types may possibly run out of gas if calling a malicious function. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/external-call-potential-out-of-gas
🔹 Dismiss Reason: False positive
🔹 Dismiss Comment: The call is an internal call, not an external one, therefore false positive as it cannot be malicious

🟢 View Alert - File: src/Facets/CalldataVerificationFacet.sol
🔹 Performing a narrowing downcast may result in silent overflow due to bit truncation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unsafe-downcast
🔹 Dismiss Reason: Won't fix
🔹 Dismiss Comment: We are aware of this and the facet is specifically designed to deal with deterministically constructed calldata that meets these requirements and does not lead to truncation of important information

🟢 View Alert - File: src/Facets/CalldataVerificationFacet.sol
🔹 Calling a function without checking the return value may lead to silent failures. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unused-return-function-call
🔹 Dismiss Reason: False positive
🔹 Dismiss Comment: We are using the return value of the function as if condition

@lifi-action-bot lifi-action-bot marked this pull request as draft February 26, 2025 02:22
@0xDEnYO 0xDEnYO marked this pull request as ready for review February 26, 2025 08:54
@lifi-action-bot lifi-action-bot changed the title Deprecate unused interfaces [CalldataVerificationFacet v1.3.0] Deprecate unused interfaces Feb 26, 2025
@lifi-action-bot lifi-action-bot marked this pull request as draft February 26, 2025 08:54
@0xDEnYO 0xDEnYO marked this pull request as ready for review March 3, 2025 09:22
@lifi-action-bot lifi-action-bot marked this pull request as draft March 3, 2025 09:22
coderabbitai[bot]
coderabbitai bot reviewed Mar 3, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (3)
config/stargateV2.json (3)

2-51: Validate endpointV2 Mapping Values
The endpointV2 object provides deployment addresses for multiple chains. Notice that several chains share the same address (for example, mainnet, arbitrum, aurora, base, blast, bsc, celo, fantom, etc. are assigned 0x1a44076050125825900e736c501f859c50fE728c). Please verify that reusing the same address across these chains is intentional and documented.

52-81: Review tokenMessaging Configuration Block
The tokenMessaging section now includes several critical deployment addresses along with reference links to documentation. Some entries (e.g., "fantom": "----FantomIsNotSupportedByStargateV2----") use explicit placeholder strings to denote lack of support. Verify that all downstream logic consuming these values is robust against placeholder strings and won’t inadvertently treat them as valid addresses.

82-82: Placeholder for zksync in tokenMessaging
The value for the "zksync" key is now set to "---comingSoon---", clearly marking it as a placeholder. Ensure that any code referring to this key properly checks for and handles this non-address value to avoid runtime errors or misconfigurations.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aa669e4 and d22e13f.

📒 Files selected for processing (1)
  • config/stargateV2.json (1 hunks)
🧰 Additional context used
🧠 Learnings (1)
config/stargateV2.json (1) 
Learnt from: ezynda3
PR: lifinance/contracts#875
File: config/stargate.json:34-34
Timestamp: 2024-11-26T07:14:24.221Z
Learning: For the Lisk chain, an entry in the `endpointIds` array in `config/stargate.json` is not required.
⏰ Context from checks skipped due to timeout of 90000ms (1)
  • GitHub Check: generate-tag
🔇 Additional comments (1)
config/stargateV2.json (1)

1-84: Overall Configuration Restructuring Confirmation
This file reflects a significant restructuring by removing the deprecated interfaces (such as the old endpointIds array) and organizing configuration into two clear objects: endpointV2 and tokenMessaging. Ensure that all downstream scripts and contracts have been updated to reference these new keys.

@mirooon mirooon marked this pull request as ready for review March 3, 2025 11:24
@lifi-action-bot lifi-action-bot marked this pull request as draft March 3, 2025 11:24
@mirooon mirooon marked this pull request as ready for review March 3, 2025 11:46
@lifi-action-bot lifi-action-bot marked this pull request as draft March 3, 2025 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
AuditNotRequired
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@0xDEnYO @lifi-action-bot