@bloxchain/contracts 1.0.0-alpha.19 → 1.0.0-alpha.20

package/abi/BaseStateMachine.abi.json

@@ -4,22 +4,6 @@
     "name": "InvalidInitialization",
     "type": "error"
   },
-  {
-    "inputs": [
-      {
-        "internalType": "uint256",
-        "name": "from",
-        "type": "uint256"
-      },
-      {
-        "internalType": "uint256",
-        "name": "to",
-        "type": "uint256"
-      }
-    ],
-    "name": "InvalidRange",
-    "type": "error"
-  },
   {
     "inputs": [
       {

package/abi/EngineBlox.abi.json

@@ -349,6 +349,22 @@
     "name": "MetaTxExpired",
     "type": "error"
   },
+  {
+    "inputs": [
+      {
+        "internalType": "address",
+        "name": "signedContract",
+        "type": "address"
+      },
+      {
+        "internalType": "address",
+        "name": "entryContract",
+        "type": "address"
+      }
+    ],
+    "name": "MetaTxHandlerContractMismatch",
+    "type": "error"
+  },
   {
     "inputs": [
       {
@@ -596,6 +612,32 @@
     "name": "TransactionEvent",
     "type": "event"
   },
+  {
+    "inputs": [],
+    "name": "ATTACHED_PAYMENT_RECIPIENT_SELECTOR",
+    "outputs": [
+      {
+        "internalType": "bytes4",
+        "name": "",
+        "type": "bytes4"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
+  {
+    "inputs": [],
+    "name": "ERC20_TRANSFER_SELECTOR",
+    "outputs": [
+      {
+        "internalType": "bytes4",
+        "name": "",
+        "type": "bytes4"
+      }
+    ],
+    "stateMutability": "view",
+    "type": "function"
+  },
   {
     "inputs": [],
     "name": "MAX_BATCH_SIZE",
@@ -637,7 +679,7 @@
   },
   {
     "inputs": [],
-    "name": "MAX_ROLES",
+    "name": "MAX_RESULT_PREVIEW_BYTES",
     "outputs": [
       {
         "internalType": "uint256",
@@ -650,12 +692,12 @@
   },
   {
     "inputs": [],
-    "name": "NATIVE_TRANSFER_OPERATION",
+    "name": "MAX_ROLES",
     "outputs": [
       {
-        "internalType": "bytes32",
+        "internalType": "uint256",
         "name": "",
-        "type": "bytes32"
+        "type": "uint256"
       }
     ],
     "stateMutability": "view",

package/abi/GuardController.abi.json

@@ -58,20 +58,41 @@
     "name": "InvalidInitialization",
     "type": "error"
   },
+  {
+    "inputs": [],
+    "name": "InvalidPayment",
+    "type": "error"
+  },
   {
     "inputs": [
       {
-        "internalType": "uint256",
-        "name": "from",
-        "type": "uint256"
+        "internalType": "address",
+        "name": "signedContract",
+        "type": "address"
       },
       {
-        "internalType": "uint256",
-        "name": "to",
-        "type": "uint256"
+        "internalType": "address",
+        "name": "entryContract",
+        "type": "address"
+      }
+    ],
+    "name": "MetaTxHandlerContractMismatch",
+    "type": "error"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "bytes4",
+        "name": "signedSelector",
+        "type": "bytes4"
+      },
+      {
+        "internalType": "bytes4",
+        "name": "entrySelector",
+        "type": "bytes4"
       }
     ],
-    "name": "InvalidRange",
+    "name": "MetaTxHandlerSelectorMismatch",
     "type": "error"
   },
   {

package/abi/GuardControllerDefinitions.abi.json

@@ -53,7 +53,7 @@
   },
   {
     "inputs": [],
-    "name": "CONTROLLER_CONFIG_OPERATION",
+    "name": "CONTROLLER_CONFIG_BATCH",
     "outputs": [
       {
         "internalType": "bytes32",

package/abi/RuntimeRBAC.abi.json

@@ -58,20 +58,41 @@
     "name": "InvalidInitialization",
     "type": "error"
   },
+  {
+    "inputs": [],
+    "name": "InvalidPayment",
+    "type": "error"
+  },
   {
     "inputs": [
       {
-        "internalType": "uint256",
-        "name": "from",
-        "type": "uint256"
+        "internalType": "address",
+        "name": "signedContract",
+        "type": "address"
       },
       {
-        "internalType": "uint256",
-        "name": "to",
-        "type": "uint256"
+        "internalType": "address",
+        "name": "entryContract",
+        "type": "address"
+      }
+    ],
+    "name": "MetaTxHandlerContractMismatch",
+    "type": "error"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "bytes4",
+        "name": "signedSelector",
+        "type": "bytes4"
+      },
+      {
+        "internalType": "bytes4",
+        "name": "entrySelector",
+        "type": "bytes4"
       }
     ],
-    "name": "InvalidRange",
+    "name": "MetaTxHandlerSelectorMismatch",
     "type": "error"
   },
   {

package/abi/SecureOwnable.abi.json

@@ -34,17 +34,33 @@
   {
     "inputs": [
       {
-        "internalType": "uint256",
-        "name": "from",
-        "type": "uint256"
+        "internalType": "address",
+        "name": "signedContract",
+        "type": "address"
       },
       {
-        "internalType": "uint256",
-        "name": "to",
-        "type": "uint256"
+        "internalType": "address",
+        "name": "entryContract",
+        "type": "address"
+      }
+    ],
+    "name": "MetaTxHandlerContractMismatch",
+    "type": "error"
+  },
+  {
+    "inputs": [
+      {
+        "internalType": "bytes4",
+        "name": "signedSelector",
+        "type": "bytes4"
+      },
+      {
+        "internalType": "bytes4",
+        "name": "entrySelector",
+        "type": "bytes4"
       }
     ],
-    "name": "InvalidRange",
+    "name": "MetaTxHandlerSelectorMismatch",
     "type": "error"
   },
   {

package/core/access/RuntimeRBAC.sol

@@ -30,6 +30,10 @@ import "./interface/IRuntimeRBAC.sol";
  * - For ADD_WALLET and REVOKE_WALLET we call _requireRoleNotProtected so batch ops cannot
  *   change who holds system roles. For REMOVE_ROLE we rely on EngineBlox.removeRole, which
  *   enforces the same policy at the library layer (cannot remove protected roles).
+ * - Function-permission updates on protected roles are intentionally supported for flexibility,
+ *   but EngineBlox.removeFunctionFromRole still blocks removal of protected function schemas
+ *   (isProtected == true). This prevents bricking core protected operations like ownership flow
+ *   selectors while still allowing policy updates for non-protected selectors.
  * - The **only** place to modify system wallets (protected roles) is the SecureOwnable
  *   security component (e.g. transferOwnershipRequest, broadcaster/recovery changes).
  * - This layering is intentional: RBAC cannot touch protected roles; SecureOwnable is the
@@ -88,6 +92,12 @@ abstract contract RuntimeRBAC is BaseStateMachine, IRuntimeRBAC {
         EngineBlox.MetaTransaction memory metaTx
     ) public returns (uint256) {
         _validateBroadcaster(msg.sender);
+        SharedValidation.validateEmptyPayment(
+            metaTx.txRecord.payment.recipient,
+            metaTx.txRecord.payment.nativeTokenAmount,
+            metaTx.txRecord.payment.erc20TokenAddress,
+            metaTx.txRecord.payment.erc20TokenAmount
+        );
         EngineBlox.TxRecord memory txRecord = _requestAndApproveTransaction(metaTx);
         return txRecord.txId;
     }
@@ -222,7 +232,9 @@ abstract contract RuntimeRBAC is BaseStateMachine, IRuntimeRBAC {
      * @param data ABI-encoded (bytes32 roleHash, bytes4 functionSelector)
      * @custom:security By design we allow removing function permissions from protected roles (OWNER, BROADCASTER, RECOVERY)
      *                 to retain flexibility to adjust which functions system roles can call; only wallet add/revoke
-     *                 are restricted on protected roles.
+     *                 are restricted on protected roles. EngineBlox.removeFunctionFromRole still blocks
+     *                 removing protected function schemas (isProtected == true), so critical protected
+     *                 selectors cannot be stripped from roles.
      */
     function _executeRemoveFunctionFromRole(bytes calldata data) internal {
         (bytes32 roleHash, bytes4 functionSelector) = abi.decode(data, (bytes32, bytes4));