@across-protocol/contracts 5.0.18 → 5.0.19

package/contracts/periphery/counterfactual/CounterfactualDepositCCTP.sol

@@ -3,25 +3,26 @@ pragma solidity ^0.8.0;
 
 import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
+import { EIP712 } from "@openzeppelin/contracts/utils/cryptography/EIP712.sol";
 import { SponsoredCCTPInterface } from "../../interfaces/SponsoredCCTPInterface.sol";
 import { ICounterfactualImplementation } from "../../interfaces/ICounterfactualImplementation.sol";
+import { CounterfactualImplementationBase } from "./CounterfactualImplementationBase.sol";
 import { BPS_SCALAR } from "./CounterfactualConstants.sol";
 
-/**
- * @notice Minimal interface for calling depositForBurn on SponsoredCCTPSrcPeriphery
- * @custom:security-contact bugs@across.to
- */
+/// @notice Minimal interface for `depositForBurn` on SponsoredCCTPSrcPeriphery.
 interface ISponsoredCCTPSrcPeriphery {
     function depositForBurn(SponsoredCCTPInterface.SponsoredCCTPQuote memory quote, bytes memory signature) external;
 }
 
 /**
- * @notice Route parameters committed to in the merkle leaf.
+ * @notice Route parameters committed to in the merkle leaf (chain-agnostic: no source chain, no token).
+ * @dev Burn token is always USDC (`beacon.usdc()`); source domain and periphery come from
+ *      `beacon.cctpSourceDomain()` / `beacon.cctpSrcPeriphery()`.
  */
-struct CCTPDepositParams {
+struct CCTPRouteParams {
     uint32 destinationDomain;
     bytes32 mintRecipient;
-    bytes32 burnToken;
     bytes32 destinationCaller;
     uint256 cctpMaxFeeBps;
     uint32 minFinalityThreshold;
@@ -33,7 +34,9 @@ struct CCTPDepositParams {
     uint8 accountCreationMode;
     uint8 executionMode;
     bytes actionData;
-    uint256 executionFee;
+    /// @dev Selector of the beacon getter for this route's per-chain execution-fee cap (e.g.
+    ///      `beacon.usdcCctpMaxExecutionFee.selector`).
+    bytes4 maxExecutionFeeGetter;
 }
 
 /**
@@ -44,16 +47,20 @@ struct CCTPSubmitterData {
     address executionFeeRecipient;
     bytes32 nonce;
     uint256 cctpDeadline;
-    bytes signature;
+    uint256 executionFee;
+    uint32 signatureDeadline;
+    bytes peripherySignature;
+    bytes counterfactualSignature;
 }
 
 /**
  * @title CounterfactualDepositCCTP
- * @notice Implementation contract for counterfactual deposits via SponsoredCCTP.
- * @dev Called via delegatecall from the CounterfactualDeposit dispatcher.
+ * @notice Counterfactual deposit via SponsoredCCTP.
+ * @dev Delegatecalled by the dispatcher. Periphery, source domain, burn token (USDC) and fee signer come
+ *      from the beacon, so the impl holds no chain-specific values and has one address per chain.
  * @custom:security-contact bugs@across.to
  */
-contract CounterfactualDepositCCTP is ICounterfactualImplementation {
+contract CounterfactualDepositCCTP is CounterfactualImplementationBase, EIP712 {
     using SafeERC20 for IERC20;
 
     /**
@@ -62,77 +69,115 @@ contract CounterfactualDepositCCTP is ICounterfactualImplementation {
      * @param executionFeeRecipient Address that received the execution fee.
      * @param nonce CCTP nonce used for the deposit.
      * @param cctpDeadline Deadline timestamp for the CCTP quote.
+     * @param executionFee Execution fee paid to the executor (in input token).
      */
     event CCTPDepositExecuted(
         uint256 amount,
         address indexed executionFeeRecipient,
         bytes32 nonce,
-        uint256 cctpDeadline
+        uint256 cctpDeadline,
+        uint256 executionFee
     );
 
-    /// @notice SponsoredCCTPSrcPeriphery contract (immutable, same for all deposits on this chain)
-    address public immutable srcPeriphery;
+    error InvalidSignature();
+    error SignatureExpired();
+    error MaxExecutionFee();
 
-    /// @notice CCTP source domain ID for this chain
-    uint32 public immutable sourceDomain;
+    /// @notice EIP-712 typehash binding the local fee signature to the route, nonce, runtime fee, and deadline.
+    bytes32 public constant EXECUTE_CCTP_TYPEHASH =
+        keccak256("ExecuteCCTP(bytes32 routeParamsHash,bytes32 nonce,uint256 executionFee,uint32 signatureDeadline)");
 
-    constructor(address _srcPeriphery, uint32 _sourceDomain) {
-        srcPeriphery = _srcPeriphery;
-        sourceDomain = _sourceDomain;
-    }
+    constructor() EIP712("CounterfactualDepositCCTP", "v2.0.0") {}
 
     /**
      * @inheritdoc ICounterfactualImplementation
-     * @dev Bridges tokens via SponsoredCCTP. `params` is ABI-encoded as `CCTPDepositParams`;
-     *      `submitterData` as `CCTPSubmitterData` (includes a signature forwarded to the CCTP periphery).
-     *      ERC-20 only (no native tokens). No local signature verification — delegated to `srcPeriphery`.
+     * @dev Bridges tokens via SponsoredCCTP. `routeParamsEncoded` is ABI-encoded as `CCTPRouteParams`;
+     *      `submitterDataEncoded` as `CCTPSubmitterData` (includes a signature forwarded to the CCTP periphery).
+     *      ERC-20 (USDC) only. The local fee signature binds the route (`routeParamsHash`); `amount` is
+     *      bound transitively via the periphery quote signature forwarded to `srcPeriphery`.
      */
-    function execute(bytes calldata params, bytes calldata submitterData) external payable {
-        CCTPDepositParams memory dp = abi.decode(params, (CCTPDepositParams));
-        CCTPSubmitterData memory sd = abi.decode(submitterData, (CCTPSubmitterData));
+    function execute(bytes calldata routeParamsEncoded, bytes calldata submitterDataEncoded) external payable {
+        CCTPRouteParams memory routeParams = abi.decode(routeParamsEncoded, (CCTPRouteParams));
+        CCTPSubmitterData memory submitterData = abi.decode(submitterDataEncoded, (CCTPSubmitterData));
+
+        _verifySignature(keccak256(routeParamsEncoded), submitterData);
+        if (submitterData.executionFee > _resolveBeaconUint(routeParams.maxExecutionFeeGetter))
+            revert MaxExecutionFee();
 
-        address inputToken = address(uint160(uint256(dp.burnToken)));
+        address srcPeriphery = _requireConfigured(_beacon().cctpSrcPeriphery());
+        address inputToken = _requireConfigured(_beacon().usdc());
 
-        if (dp.executionFee > 0) IERC20(inputToken).safeTransfer(sd.executionFeeRecipient, dp.executionFee);
+        // Fee paid before the periphery call (load-bearing): the local signature binds the route and
+        // (nonce, fee, deadline) but not `amount`, so amount-replay protection is the periphery's nonce
+        // check — a replayed fee reverts at `depositForBurn` and rolls back this transfer.
+        if (submitterData.executionFee > 0)
+            IERC20(inputToken).safeTransfer(submitterData.executionFeeRecipient, submitterData.executionFee);
 
-        uint256 depositAmount = sd.amount - dp.executionFee;
+        uint256 depositAmount = submitterData.amount - submitterData.executionFee;
 
         IERC20(inputToken).forceApprove(srcPeriphery, depositAmount);
 
-        _depositForBurn(dp, sd, depositAmount);
+        _depositForBurn(srcPeriphery, inputToken, routeParams, submitterData, depositAmount);
 
-        emit CCTPDepositExecuted(sd.amount, sd.executionFeeRecipient, sd.nonce, sd.cctpDeadline);
+        emit CCTPDepositExecuted(
+            submitterData.amount,
+            submitterData.executionFeeRecipient,
+            submitterData.nonce,
+            submitterData.cctpDeadline,
+            submitterData.executionFee
+        );
     }
 
-    /**
-     * @notice Calls depositForBurn on the SponsoredCCTPSrcPeriphery with the constructed quote.
-     * @param dp Route parameters from the merkle leaf.
-     * @param sd Submitter-provided execution data.
-     * @param depositAmount Amount to deposit after deducting the execution fee.
-     */
-    function _depositForBurn(CCTPDepositParams memory dp, CCTPSubmitterData memory sd, uint256 depositAmount) private {
+    function _verifySignature(bytes32 routeParamsHash, CCTPSubmitterData memory submitterData) private view {
+        if (block.timestamp > submitterData.signatureDeadline) revert SignatureExpired();
+        bytes32 structHash = keccak256(
+            abi.encode(
+                EXECUTE_CCTP_TYPEHASH,
+                routeParamsHash,
+                submitterData.nonce,
+                submitterData.executionFee,
+                submitterData.signatureDeadline
+            )
+        );
+        if (ECDSA.recover(_hashTypedDataV4(structHash), submitterData.counterfactualSignature) != _beacon().signer())
+            revert InvalidSignature();
+    }
+
+    /// @notice Calls `depositForBurn` on the SponsoredCCTPSrcPeriphery with the constructed quote.
+    /// @param srcPeriphery The CCTP source periphery (from the beacon).
+    /// @param inputToken The burn token, USDC (from the beacon).
+    /// @param routeParams Route parameters from the merkle leaf.
+    /// @param submitterData Submitter-provided execution data.
+    /// @param depositAmount Amount to deposit after deducting the execution fee.
+    function _depositForBurn(
+        address srcPeriphery,
+        address inputToken,
+        CCTPRouteParams memory routeParams,
+        CCTPSubmitterData memory submitterData,
+        uint256 depositAmount
+    ) private {
         ISponsoredCCTPSrcPeriphery(srcPeriphery).depositForBurn(
             SponsoredCCTPInterface.SponsoredCCTPQuote({
-                sourceDomain: sourceDomain,
-                destinationDomain: dp.destinationDomain,
-                mintRecipient: dp.mintRecipient,
+                sourceDomain: _beacon().cctpSourceDomain(),
+                destinationDomain: routeParams.destinationDomain,
+                mintRecipient: routeParams.mintRecipient,
                 amount: depositAmount,
-                burnToken: dp.burnToken,
-                destinationCaller: dp.destinationCaller,
-                maxFee: (depositAmount * dp.cctpMaxFeeBps) / BPS_SCALAR,
-                minFinalityThreshold: dp.minFinalityThreshold,
-                nonce: sd.nonce,
-                deadline: sd.cctpDeadline,
-                maxBpsToSponsor: dp.maxBpsToSponsor,
-                maxUserSlippageBps: dp.maxUserSlippageBps,
-                finalRecipient: dp.finalRecipient,
-                finalToken: dp.finalToken,
-                destinationDex: dp.destinationDex,
-                accountCreationMode: dp.accountCreationMode,
-                executionMode: dp.executionMode,
-                actionData: dp.actionData
+                burnToken: bytes32(uint256(uint160(inputToken))),
+                destinationCaller: routeParams.destinationCaller,
+                maxFee: (depositAmount * routeParams.cctpMaxFeeBps) / BPS_SCALAR,
+                minFinalityThreshold: routeParams.minFinalityThreshold,
+                nonce: submitterData.nonce,
+                deadline: submitterData.cctpDeadline,
+                maxBpsToSponsor: routeParams.maxBpsToSponsor,
+                maxUserSlippageBps: routeParams.maxUserSlippageBps,
+                finalRecipient: routeParams.finalRecipient,
+                finalToken: routeParams.finalToken,
+                destinationDex: routeParams.destinationDex,
+                accountCreationMode: routeParams.accountCreationMode,
+                executionMode: routeParams.executionMode,
+                actionData: routeParams.actionData
             }),
-            sd.signature
+            submitterData.peripherySignature
         );
     }
 }

package/contracts/periphery/counterfactual/CounterfactualDepositFactory.sol

@@ -1,112 +1,90 @@
 // SPDX-License-Identifier: BUSL-1.1
 pragma solidity ^0.8.0;
 
-import { Clones } from "@openzeppelin/contracts/proxy/Clones.sol";
-import { ICounterfactualDepositFactory } from "../../interfaces/ICounterfactualDepositFactory.sol";
+import { Create2 } from "@openzeppelin/contracts/utils/Create2.sol";
+import { BeaconProxy } from "@openzeppelin/contracts/proxy/beacon/BeaconProxy.sol";
+import { CounterfactualDeposit } from "./CounterfactualDeposit.sol";
 
 /**
  * @title CounterfactualDepositFactory
- * @notice Generic factory for deploying counterfactual deposit addresses via CREATE2
- * @dev Bridge-agnostic: takes a pre-computed paramsHash and stores it in the clone's immutable args.
- *      Each implementation defines its own immutables struct. The caller hashes the params off-chain.
+ * @notice Deterministically deploys counterfactual `BeaconProxy` instances. Each proxy uses the global
+ *         `CounterfactualBeacon` as its beacon (so it always runs the registry's current implementation) and
+ *         is initialized with its route root in the constructor `data`.
+ * @dev The `initialize(initialRoot)` call data is part of the proxy's init code, so for a fixed `salt`
+ *      the address is `f(salt, initialRoot)`. Callers wanting one canonical address per destination
+ *      identity (and automatic cross-chain parity) should pass `salt = 0`; a non-zero `salt` yields
+ *      additional addresses for the same `initialRoot` and requires the caller to reuse the same `salt`
+ *      on every chain for parity. The factory and the beacon must be deployed deterministically at
+ *      identical addresses across chains for cross-chain address parity.
+ *      `predictAddress` / `_initCode` / `_computeProxyAddress` are `virtual`/`internal` so chain-specific
+ *      variants (e.g. Tron's 0x41 CREATE2 prefix) can override prediction.
  * @custom:security-contact bugs@across.to
  */
-contract CounterfactualDepositFactory is ICounterfactualDepositFactory {
-    /**
-     * @notice Deploys a counterfactual deposit contract
-     * @param counterfactualDepositImplementation Implementation contract address
-     * @param paramsHash keccak256 hash of the ABI-encoded route parameters
-     * @param salt Unique salt for address generation
-     * @return depositAddress Address of deployed contract
-     */
-    function deploy(
-        address counterfactualDepositImplementation,
-        bytes32 paramsHash,
-        bytes32 salt
-    ) public returns (address depositAddress) {
-        depositAddress = Clones.cloneDeterministicWithImmutableArgs(
-            counterfactualDepositImplementation,
-            abi.encode(paramsHash),
-            salt
-        );
-        emit DepositAddressCreated(depositAddress, counterfactualDepositImplementation, paramsHash, salt);
+contract CounterfactualDepositFactory {
+    /// @notice The beacon (the `CounterfactualBeacon`) every deployed proxy points at.
+    address public immutable BEACON;
+
+    /// @notice Emitted when a counterfactual proxy is deployed.
+    event CounterfactualDeployed(address indexed counterfactual, bytes32 initialRoot);
+
+    constructor(address beacon) {
+        BEACON = beacon;
+    }
+
+    /// @notice Predict the proxy address for a given `salt` and `initialRoot`.
+    function predictAddress(bytes32 salt, bytes32 initialRoot) public view virtual returns (address) {
+        return _computeProxyAddress(salt, keccak256(_initCode(initialRoot)));
     }
 
-    /**
-     * @notice Forwards calldata to a deployed clone, bubbling up any revert
-     * @param depositAddress Address of the deployed clone
-     * @param executeCalldata Calldata to forward (e.g. abi.encodeCall of executeDeposit)
-     */
-    function execute(address depositAddress, bytes calldata executeCalldata) external payable {
-        _execute(depositAddress, executeCalldata);
+    /// @notice Deploy the proxy for `salt` and `initialRoot` (already initialized + always-current via
+    ///         the beacon). Reverts if already deployed.
+    function deploy(bytes32 salt, bytes32 initialRoot) public returns (address counterfactual) {
+        counterfactual = address(
+            new BeaconProxy{ salt: salt }(BEACON, abi.encodeCall(CounterfactualDeposit.initialize, (initialRoot)))
+        );
+        emit CounterfactualDeployed(counterfactual, initialRoot);
     }
 
-    /**
-     * @notice Deploys and executes a deposit in one transaction
-     * @dev Reverts if the clone is already deployed. Use deployIfNeededAndExecute for idempotent behavior.
-     * @param counterfactualDepositImplementation Implementation contract address
-     * @param paramsHash keccak256 hash of the ABI-encoded route parameters
-     * @param salt Unique salt for address generation
-     * @param executeCalldata Calldata to forward to the clone (e.g. abi.encodeCall of executeDeposit)
-     * @return depositAddress Address of deposit contract
-     */
+    /// @notice Deploy, then forward `executeCalldata` to the proxy. Reverts if already deployed.
     function deployAndExecute(
-        address counterfactualDepositImplementation,
-        bytes32 paramsHash,
         bytes32 salt,
+        bytes32 initialRoot,
         bytes calldata executeCalldata
-    ) external payable returns (address depositAddress) {
-        depositAddress = deploy(counterfactualDepositImplementation, paramsHash, salt);
-        _execute(depositAddress, executeCalldata);
+    ) external payable returns (address counterfactual) {
+        counterfactual = deploy(salt, initialRoot);
+        _execute(counterfactual, executeCalldata);
     }
 
-    /**
-     * @notice Deploys (if not already deployed) and executes a deposit in one transaction
-     * @dev Unlike deployAndExecute, this does not revert if the clone already exists.
-     * @param counterfactualDepositImplementation Implementation contract address
-     * @param paramsHash keccak256 hash of the ABI-encoded route parameters
-     * @param salt Unique salt for address generation
-     * @param executeCalldata Calldata to forward to the clone (e.g. abi.encodeCall of executeDeposit)
-     * @return depositAddress Address of deposit contract
-     */
+    /// @notice Deploy if needed (idempotent), then forward `executeCalldata` to the proxy.
     function deployIfNeededAndExecute(
-        address counterfactualDepositImplementation,
-        bytes32 paramsHash,
         bytes32 salt,
+        bytes32 initialRoot,
         bytes calldata executeCalldata
-    ) external payable returns (address depositAddress) {
-        depositAddress = predictDepositAddress(counterfactualDepositImplementation, paramsHash, salt);
-        if (depositAddress.code.length == 0) deploy(counterfactualDepositImplementation, paramsHash, salt);
-        _execute(depositAddress, executeCalldata);
+    ) external payable returns (address counterfactual) {
+        counterfactual = predictAddress(salt, initialRoot);
+        if (counterfactual.code.length == 0) deploy(salt, initialRoot);
+        _execute(counterfactual, executeCalldata);
     }
 
-    /**
-     * @notice Predicts the address of a counterfactual deposit contract
-     * @param counterfactualDepositImplementation Implementation contract address
-     * @param paramsHash keccak256 hash of the ABI-encoded route parameters
-     * @param salt Unique salt for address generation
-     * @return Predicted address
-     */
-    function predictDepositAddress(
-        address counterfactualDepositImplementation,
-        bytes32 paramsHash,
-        bytes32 salt
-    ) public view virtual returns (address) {
+    /// @dev The proxy creation code (creation bytecode + constructor args) — `virtual` for Tron etc.
+    function _initCode(bytes32 initialRoot) internal view virtual returns (bytes memory) {
         return
-            Clones.predictDeterministicAddressWithImmutableArgs(
-                counterfactualDepositImplementation,
-                abi.encode(paramsHash),
-                salt
+            abi.encodePacked(
+                type(BeaconProxy).creationCode,
+                abi.encode(BEACON, abi.encodeCall(CounterfactualDeposit.initialize, (initialRoot)))
             );
     }
 
-    /**
-     * @dev Forwards calldata to a clone, bubbling up any revert.
-     * @param depositAddress Address of the deployed clone.
-     * @param executeCalldata Calldata to forward.
-     */
-    function _execute(address depositAddress, bytes calldata executeCalldata) private {
-        (bool success, bytes memory returnData) = depositAddress.call{ value: msg.value }(executeCalldata);
+    /// @dev CREATE2 address derivation for a `salt` and the proxy init-code hash. `virtual` so
+    ///      chain-specific variants (e.g. Tron's 0x41 prefix) can override the derivation. Deployment
+    ///      via `deploy()` uses the `create2` opcode directly, which is correct on every chain; this
+    ///      hook only governs off-chain-style prediction.
+    function _computeProxyAddress(bytes32 salt, bytes32 initCodeHash) internal view virtual returns (address) {
+        return Create2.computeAddress(salt, initCodeHash, address(this));
+    }
+
+    function _execute(address counterfactual, bytes calldata executeCalldata) private {
+        (bool success, bytes memory returnData) = counterfactual.call{ value: msg.value }(executeCalldata);
         if (!success) {
             assembly {
                 revert(add(returnData, 32), mload(returnData))

package/contracts/periphery/counterfactual/CounterfactualDepositFactoryTron.sol

@@ -6,31 +6,21 @@ import { CounterfactualDepositFactory } from "./CounterfactualDepositFactory.sol
 
 /**
  * @title CounterfactualDepositFactoryTron
- * @notice Tron-compatible factory for deploying counterfactual deposit addresses via CREATE2.
- * @dev Tron's TVM uses 0x41 instead of 0xff as the CREATE2 address derivation prefix.
- *      OZ Clones deploys correctly (the create2 opcode natively uses 0x41 on Tron), but its
- *      address prediction hardcodes 0xff. This factory overrides predictDepositAddress to use
- *      TronClones with the correct 0x41 prefix. All other logic is inherited from the base factory.
+ * @notice Tron-compatible variant of `CounterfactualDepositFactory` for deploying counterfactual
+ *         proxies via CREATE2 on the TVM.
+ * @dev Tron's TVM uses 0x41 instead of EVM's 0xff as the CREATE2 address derivation prefix. The
+ *      `create2` opcode itself uses 0x41 natively, so deployment via the inherited `deploy(...)`
+ *      (which uses `new BeaconProxy{ salt: 0 }(...)`) produces the correct address on Tron. Only
+ *      OZ's `Create2.computeAddress` — used for off-chain-style prediction — hardcodes 0xff and would
+ *      return the wrong address. This variant overrides the `_computeProxyAddress` hook to predict
+ *      with the 0x41 prefix; all other logic is inherited unchanged.
+ * @custom:security-contact bugs@across.to
  */
 contract CounterfactualDepositFactoryTron is CounterfactualDepositFactory {
-    /**
-     * @notice Predicts the Tron CREATE2 address of a counterfactual deposit contract.
-     * @dev Uses TronClones with the 0x41 prefix instead of OZ's 0xff to match TVM behavior.
-     * @param counterfactualDepositImplementation Implementation contract address.
-     * @param paramsHash keccak256 hash of the ABI-encoded route parameters.
-     * @param salt Unique salt for address generation.
-     * @return Predicted address of the clone on Tron.
-     */
-    function predictDepositAddress(
-        address counterfactualDepositImplementation,
-        bytes32 paramsHash,
-        bytes32 salt
-    ) public view override returns (address) {
-        return
-            TronClones.predictDeterministicAddressWithImmutableArgs(
-                counterfactualDepositImplementation,
-                abi.encode(paramsHash),
-                salt
-            );
+    constructor(address beacon) CounterfactualDepositFactory(beacon) {} // solhint-disable-line no-empty-blocks
+
+    /// @dev TRON OVERRIDE: predict the `BeaconProxy` CREATE2 address using the 0x41 prefix.
+    function _computeProxyAddress(bytes32 salt, bytes32 initCodeHash) internal view override returns (address) {
+        return TronClones.computeAddress(salt, initCodeHash, address(this));
     }
 }