@bananapus/suckers-v6 0.0.41 → 0.0.43

package/foundry.toml

@@ -1,5 +1,6 @@
 [profile.default]
 solc = '0.8.28'
+bytecode_hash = "none"
 evm_version = 'cancun'
 optimizer_runs = 200
 libs = ["node_modules", "lib"]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bananapus/suckers-v6",
-  "version": "0.0.41",
+  "version": "0.0.43",
   "license": "MIT",
   "repository": {
     "type": "git",

package/src/JBSwapCCIPSucker.sol

@@ -309,6 +309,14 @@ contract JBSwapCCIPSucker is JBCCIPSucker, IUnlockCallback, IUniswapV3SwapCallba
                             delivered: deliveredToken, expected: address(BRIDGE_TOKEN)
                         });
                     }
+                    // Zero delivery alongside a positive root is structurally indistinguishable from
+                    // "no delivery + positive root" — both leave the local sucker with nothing to back
+                    // the leaves the root advertises. Reject so a peer cannot mint a claimable rate
+                    // that records `leafTotal=N, localTotal=0` and lets later claims withdraw against
+                    // unrelated balance.
+                    if (leafTotal > 0 && deliveredAmount == 0) {
+                        revert JBSwapCCIPSucker_PositiveRootWithoutDelivery(leafTotal);
+                    }
                 }
             }
 
@@ -658,29 +666,69 @@ contract JBSwapCCIPSucker is JBCCIPSucker, IUnlockCallback, IUniswapV3SwapCallba
     //*********************************************************************//
 
     /// @notice Find the nonce whose batch contains the given leaf index.
-    /// @dev Scans from the newest nonce backwards so recent batches resolve first without storing extra cache state.
+    /// @dev Binary search by nonce. Source-side `prepare()` appends batches in nonce order with each
+    /// new batch's `batchStart` equal to the previous batch's `batchEnd`, so across populated
+    /// destination slots `_batchStartOf` is strictly increasing in nonce — the populated subset is
+    /// monotonic even when CCIP delivery is out of order and leaves intermediate slots empty.
+    /// Binary search exploits that monotonicity for O(log N) lookup.
+    /// @dev Gap handling: when the midpoint slot is empty (CCIP out-of-order delivery or sparse
+    /// attacker writes), the search falls back to a single linear scan over the remaining window.
+    /// This matches the previous linear-scan cost in the worst case, so the change is never worse
+    /// than the prior implementation. The fallback also keeps bytecode small enough that
+    /// JBSwapCCIPSucker stays under EIP-170.
     /// @param token The local token address.
     /// @param leafIndex The leaf index from the claim.
-    /// @return The nonce of the batch containing this leaf, or 0 if no conversion rates exist.
+    /// @return The nonce of the batch containing this leaf, or 0 if no batches have been recorded.
     function _findNonceForLeafIndex(address token, uint256 leafIndex) internal view returns (uint64) {
+        // `_highestReceivedNonce` upper-bounds any populated slot for this token; zero means
+        // nothing has been received yet, so the leaf belongs to no batch.
         uint64 maxNonce = _highestReceivedNonce[token];
         if (maxNonce == 0) return 0;
 
-        // Scan from most recent nonce backwards so the normal just-bridged claim path exits quickly.
-        for (uint64 n = maxNonce; n >= 1; n--) {
-            if (_nonceContainsLeaf({token: token, nonce: n, leafIndex: leafIndex})) return n;
+        // Nonce 0 is reserved by inbox initialization and never holds a batch, so search [1, max].
+        uint64 lo = 1;
+        uint64 hi = maxNonce;
+
+        // Wrap arithmetic in `unchecked` — `lo` and `hi` are always in `[1, maxNonce]` and the
+        // edge-guards (`mid == lo` / `mid == hi` breaks) prevent the only ways `mid - 1` or
+        // `mid + 1` could over/underflow. Skipping the compiler checks shaves enough bytecode to
+        // stay under EIP-170 without changing semantics.
+        unchecked {
+            while (lo <= hi) {
+                uint64 mid = lo + (hi - lo) / 2;
+                // `batchEnd == 0` is the established sentinel for "no batch recorded" (see the
+                // write guard in `ccipReceive`); a real batch always has `batchEnd > batchStart`.
+                uint256 end = _batchEndOf[token][mid];
+
+                // Empty midpoint from out-of-order CCIP delivery. Fall back to a tight linear
+                // scan over the remaining window — same complexity as the pre-fix path, but only
+                // on the gap branch (the audit's dense-nonce attack never trips this).
+                if (end == 0) {
+                    for (uint64 n = lo; n <= hi; n++) {
+                        uint256 nEnd = _batchEndOf[token][n];
+                        if (nEnd == 0) continue;
+                        uint256 nStart = _batchStartOf[token][n];
+                        if (leafIndex >= nStart && leafIndex < nEnd) return n;
+                    }
+                    break;
+                }
+
+                // Each batch covers [batchStart, batchEnd). Across populated nonces these ranges
+                // are non-overlapping and strictly increasing, so the standard comparison applies.
+                uint256 start = _batchStartOf[token][mid];
+                if (leafIndex < start) {
+                    if (mid == lo) break; // Guard against `mid - 1` underflow at the lower edge.
+                    hi = mid - 1;
+                } else if (leafIndex >= end) {
+                    if (mid == hi) break; // Mirror guard at the upper edge.
+                    lo = mid + 1;
+                } else {
+                    return mid; // `start <= leafIndex < end`: leaf is inside this batch.
+                }
+            }
         }
 
+        // Window collapsed without a hit — surface the same error the legacy linear scan used.
         revert JBSwapCCIPSucker_BatchNotReceived({nonce: 0});
     }
-
-    /// @notice Check whether the given nonce's batch range contains the leaf index.
-    /// @param token The local token address.
-    /// @param nonce The nonce to check.
-    /// @param leafIndex The leaf index to look for.
-    /// @return True if the nonce's [start, end) range contains `leafIndex`.
-    function _nonceContainsLeaf(address token, uint64 nonce, uint256 leafIndex) internal view returns (bool) {
-        uint256 end = _batchEndOf[token][nonce];
-        return end != 0 && leafIndex >= _batchStartOf[token][nonce] && leafIndex < end;
-    }
 }

package/src/libraries/JBSwapPoolLib.sol

@@ -51,6 +51,7 @@ library JBSwapPoolLib {
     error JBSwapPoolLib_InsufficientTwapHistory(address pool, uint256 availableWindow, uint256 requiredWindow);
     error JBSwapPoolLib_NoLiquidity(address pool, PoolId poolId);
     error JBSwapPoolLib_NoPool(address tokenIn, address tokenOut);
+    error JBSwapPoolLib_PartialFill(uint256 consumed, uint256 requested);
     error JBSwapPoolLib_SlippageExceeded(uint256 amountOut, uint256 minAmountOut);
 
     //*********************************************************************//
@@ -989,6 +990,18 @@ library JBSwapPoolLib {
             data: abi.encode(originalTokenIn, normalizedTokenIn, normalizedTokenOut)
         });
 
+        // Reject partial fills: when the V3 pool's price limit is hit before the full input is
+        // consumed, the pool returns only the consumed portion of `amount` and the caller is left
+        // holding the unconsumed remainder. The sucker's accounting assumes the full bridge amount
+        // was either swapped or made retryable, so a silent partial fill strands input tokens and
+        // breaks cross-chain solvency. Revert so the caller can either retry with a smaller size
+        // or wait for liquidity to return.
+        // forge-lint: disable-next-line(unsafe-typecast)
+        uint256 consumedAmount = uint256(zeroForOne ? amount0 : amount1);
+        if (consumedAmount < amount) {
+            revert JBSwapPoolLib_PartialFill({consumed: consumedAmount, requested: amount});
+        }
+
         // Extract the output amount from the signed delta (negative = tokens received).
         amountOut = uint256(-(zeroForOne ? amount1 : amount0));