@evvm/testnet-contracts 2.1.0 → 2.1.2

package/contracts/treasuryTwoChains/TreasuryHostChainStation.sol

@@ -2,15 +2,33 @@
 // Full license terms available at: https://www.evvm.info/docs/EVVMNoncommercialLicense
 
 pragma solidity ^0.8.0;
-/*  
-888b     d888                   888            .d8888b.                    888                             888    
-8888b   d8888                   888           d88P  Y88b                   888                             888    
-88888b.d88888                   888           888    888                   888                             888    
-888Y88888P888  .d88b.   .d8888b 888  888      888         .d88b.  88888b.  888888 888d888 8888b.   .d8888b 888888 
-888 Y888P 888 d88""88b d88P"    888 .88P      888        d88""88b 888 "88b 888    888P"      "88b d88P"    888    
-888  Y8P  888 888  888 888      888888K       888    888 888  888 888  888 888    888    .d888888 888      888    
-888   "   888 Y88..88P Y88b.    888 "88b      Y88b  d88P Y88..88P 888  888 Y88b.  888    888  888 Y88b.    Y88b.  
-888       888  "Y88P"   "Y8888P 888  888       "Y8888P"   "Y88P"  888  888  "Y888 888    "Y888888  "Y8888P  "Y888                                                                                                          
+
+/**
+ _____                                                       
+/__   \_ __ ___  __ _ ___ _   _ _ __ _   _                   
+  / /\| '__/ _ \/ _` / __| | | | '__| | | |                  
+ / /  | | |  __| (_| \__ | |_| | |  | |_| |                  
+ \/   |_|  \___|\__,_|___/\__,_|_|   \__, |                  
+                                     |___/                   
+   ___ _           _       __ _        _   _                 
+  / __| |__   __ _(_)_ __ / _| |_ __ _| |_(_) ___  _ __      
+ / /  | '_ \ / _` | | '_ \\ \| __/ _` | __| |/ _ \| '_ \     
+/ /___| | | | (_| | | | | _\ | || (_| | |_| | (_) | | | |    
+\____/|_| |_|\__,_|_|_| |_\__/\__\__,_|\__|_|\___/|_| |_|    
+                                                             
+                                                             
+                                                             
+ _____ _____ _____ _____ _____ _____ _____ _____ _____ _____ 
+|_____|_____|_____|_____|_____|_____|_____|_____|_____|_____|
+                                                             
+    __  __           __          __          _     
+   / / / ____  _____/ /_   _____/ /_  ____ _(_____ 
+  / /_/ / __ \/ ___/ __/  / ___/ __ \/ __ `/ / __ \
+ / __  / /_/ (__  / /_   / /__/ / / / /_/ / / / / /
+/_/ /_/\____/____/\__/   \___/_/ /_/\__,_/_/_/ /_/ 
+                                                   
+ * @title Treasury Cross-Chain Host Station Contract
+ * @author Mate labs
  */
 
 import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
@@ -19,9 +37,11 @@ import {ErrorsLib} from "@evvm/testnet-contracts/contracts/treasuryTwoChains/lib
 import {HostChainStationStructs} from "@evvm/testnet-contracts/contracts/treasuryTwoChains/lib/HostChainStationStructs.sol";
 
 import {SignatureUtils} from "@evvm/testnet-contracts/contracts/treasuryTwoChains/lib/SignatureUtils.sol";
+import {PayloadUtils} from "@evvm/testnet-contracts/contracts/treasuryTwoChains/lib/PayloadUtils.sol";
 
 import {IMailbox} from "@hyperlane-xyz/core/contracts/interfaces/IMailbox.sol";
 
+import {MessagingParams, MessagingReceipt} from "@layerzerolabs/lz-evm-protocol-v2/contracts/interfaces/ILayerZeroEndpointV2.sol";
 import {OApp, Origin, MessagingFee} from "@layerzerolabs/oapp-evm/contracts/oapp/OApp.sol";
 import {OAppOptionsType3} from "@layerzerolabs/oapp-evm/contracts/oapp/libs/OAppOptionsType3.sol";
 import {OptionsBuilder} from "@layerzerolabs/oapp-evm/contracts/oapp/libs/OptionsBuilder.sol";
@@ -38,28 +58,58 @@ contract TreasuryHostChainStation is
     OAppOptionsType3,
     AxelarExecutable
 {
-    /// @notice Address of the EVVM core contract
+    /// @notice Address of the EVVM core contract for balance operations
+    /// @dev Used to integrate with EVVM's balance management and token operations
     address evvmAddress;
 
+    /// @notice Admin address management with time-delayed proposals
+    /// @dev Stores current admin, proposed admin, and acceptance timestamp
     AddressTypeProposal admin;
 
+    /// @notice Fisher executor address management with time-delayed proposals
+    /// @dev Fisher executor can process cross-chain bridge transactions
     AddressTypeProposal fisherExecutor;
 
+    /// @notice Hyperlane protocol configuration for cross-chain messaging
+    /// @dev Contains domain ID, external chain address, and mailbox contract address
     HyperlaneConfig hyperlane;
 
+    /// @notice LayerZero protocol configuration for omnichain messaging
+    /// @dev Contains endpoint ID, external chain address, and endpoint contract address
     LayerZeroConfig layerZero;
 
+    /// @notice Axelar protocol configuration for cross-chain communication
+    /// @dev Contains chain name, external chain address, gas service, and gateway addresses
     AxelarConfig axelar;
 
+    /// @notice Pending proposal for changing external chain addresses across all protocols
+    /// @dev Used for coordinated updates to external chain addresses with time delay
+    ChangeExternalChainAddressParams externalChainAddressChangeProposal;
+
+    /// @notice Tracks the next nonce for Fisher bridge operations per user address
+    /// @dev Prevents replay attacks in Fisher bridge transactions
     mapping(address => uint256) nextFisherExecutionNonce;
 
-    bytes _options =
+    /// @notice LayerZero execution options with gas limit configuration
+    /// @dev Pre-built options for LayerZero message execution (200k gas limit)
+    bytes options =
         OptionsBuilder.addExecutorLzReceiveOption(
             OptionsBuilder.newOptions(),
-            50000,
+            200_000,
             0
         );
 
+    /// @notice One-time fuse for setting initial external chain addresses
+    /// @dev Prevents multiple calls to _setExternalChainAddress after initial setup
+    bytes1 fuseSetExternalChainAddress = 0x01;
+
+    /// @notice Emitted when Fisher bridge sends tokens from host to external chain
+    /// @param from Original sender address on host chain
+    /// @param addressToReceive Recipient address on external chain
+    /// @param tokenAddress Token contract address (address(0) for ETH)
+    /// @param priorityFee Fee paid for priority processing
+    /// @param amount Amount of tokens transferred
+    /// @param nonce Sequential nonce for the Fisher bridge operation
     event FisherBridgeSend(
         address indexed from,
         address indexed addressToReceive,
@@ -69,6 +119,8 @@ contract TreasuryHostChainStation is
         uint256 nonce
     );
 
+    /// @notice Restricts function access to the current admin only
+    /// @dev Validates caller against admin.current address
     modifier onlyAdmin() {
         if (msg.sender != admin.current) {
             revert();
@@ -76,6 +128,8 @@ contract TreasuryHostChainStation is
         _;
     }
 
+    /// @notice Restricts function access to the current Fisher executor only
+    /// @dev Validates caller against fisherExecutor.current address for bridge operations
     modifier onlyFisherExecutor() {
         if (msg.sender != fisherExecutor.current) {
             revert();
@@ -83,10 +137,11 @@ contract TreasuryHostChainStation is
         _;
     }
 
-    /**
-     * @notice Initialize Treasury with EVVM contract address
-     * @param _evvmAddress Address of the EVVM core contract
-     */
+    /// @notice Initializes the Host Chain Station with EVVM integration and cross-chain protocols
+    /// @dev Sets up Hyperlane, LayerZero, and Axelar configurations for multi-protocol support
+    /// @param _evvmAddress Address of the EVVM core contract for balance operations
+    /// @param _admin Initial admin address with full administrative privileges
+    /// @param _crosschainConfig Configuration struct containing all cross-chain protocol settings
     constructor(
         address _evvmAddress,
         address _admin,
@@ -122,10 +177,16 @@ contract TreasuryHostChainStation is
         });
     }
 
-    function setExternalChainAddress(
+    /// @notice One-time setup of external chain station address across all protocols
+    /// @dev Can only be called once (protected by fuseSetExternalChainAddress)
+    /// @param externalChainStationAddress Address-type representation for Hyperlane and LayerZero
+    /// @param externalChainStationAddressString String representation for Axelar protocol
+    function _setExternalChainAddress(
         address externalChainStationAddress,
         string memory externalChainStationAddressString
     ) external onlyAdmin {
+        if (fuseSetExternalChainAddress != 0x01) revert();
+
         hyperlane.externalChainStationAddress = bytes32(
             uint256(uint160(externalChainStationAddress))
         );
@@ -137,13 +198,16 @@ contract TreasuryHostChainStation is
             layerZero.externalChainStationEid,
             layerZero.externalChainStationAddress
         );
+
+        fuseSetExternalChainAddress = 0x00;
     }
 
-    /**
-     * @notice Withdraw ETH or ERC20 tokens
-     * @param token Token address (address(0) for ETH)
-     * @param amount Amount to withdraw
-     */
+    /// @notice Withdraws tokens from EVVM balance and sends to external chain via selected protocol
+    /// @dev Validates balance, deducts from EVVM, and bridges via Hyperlane/LayerZero/Axelar
+    /// @param toAddress Recipient address on the external chain
+    /// @param token Token contract address (cannot be Principal Token)
+    /// @param amount Amount to withdraw and send to external chain
+    /// @param protocolToExecute Protocol selector: 0x01=Hyperlane, 0x02=LayerZero, 0x03=Axelar
     function withdraw(
         address toAddress,
         address token,
@@ -158,7 +222,11 @@ contract TreasuryHostChainStation is
 
         executerEVVM(false, msg.sender, token, amount);
 
-        bytes memory payload = encodePayload(token, toAddress, amount);
+        bytes memory payload = PayloadUtils.encodePayload(
+            token,
+            toAddress,
+            amount
+        );
 
         if (protocolToExecute == 0x01) {
             // 0x01 = Hyperlane
@@ -172,12 +240,11 @@ contract TreasuryHostChainStation is
             );
         } else if (protocolToExecute == 0x02) {
             // 0x02 = LayerZero
-            uint256 fee = quoteLayerZero(toAddress, token, amount);
             _lzSend(
                 layerZero.externalChainStationEid,
                 payload,
-                _options,
-                MessagingFee(fee, 0),
+                options,
+                MessagingFee(msg.value, 0),
                 msg.sender // Refund any excess fees to the sender.
             );
         } else if (protocolToExecute == 0x03) {
@@ -200,6 +267,14 @@ contract TreasuryHostChainStation is
         }
     }
 
+    /// @notice Receives Fisher bridge transactions from external chain and credits EVVM balances
+    /// @dev Verifies signature, increments nonce, and adds balance to recipient and executor
+    /// @param from Original sender address from external chain
+    /// @param addressToReceive Recipient address on this host chain
+    /// @param tokenAddress Token contract address (address(0) for ETH)
+    /// @param priorityFee Fee amount paid to Fisher executor
+    /// @param amount Amount of tokens being received
+    /// @param signature ECDSA signature proving transaction authorization
     function fisherBridgeReceive(
         address from,
         address addressToReceive,
@@ -229,6 +304,14 @@ contract TreasuryHostChainStation is
             executerEVVM(true, msg.sender, tokenAddress, priorityFee);
     }
 
+    /// @notice Processes Fisher bridge token transfers from host to external chain
+    /// @dev Validates balance and signature, deducts from sender, pays executor fee
+    /// @param from Sender address initiating the bridge transaction
+    /// @param addressToReceive Recipient address on the external chain
+    /// @param tokenAddress Token contract address (cannot be Principal Token)
+    /// @param priorityFee Fee amount paid to Fisher executor
+    /// @param amount Amount of tokens to bridge to external chain
+    /// @param signature ECDSA signature proving transaction authorization
     function fisherBridgeSend(
         address from,
         address addressToReceive,
@@ -276,6 +359,13 @@ contract TreasuryHostChainStation is
     }
 
     // Hyperlane Specific Functions //
+    
+    /// @notice Calculates the fee required for Hyperlane cross-chain message dispatch
+    /// @dev Queries the Hyperlane mailbox for accurate fee estimation
+    /// @param toAddress Recipient address on the destination chain
+    /// @param token Token contract address being transferred
+    /// @param amount Amount of tokens being transferred
+    /// @return Fee amount in native currency required for the Hyperlane message
     function getQuoteHyperlane(
         address toAddress,
         address token,
@@ -285,10 +375,15 @@ contract TreasuryHostChainStation is
             IMailbox(hyperlane.mailboxAddress).quoteDispatch(
                 hyperlane.externalChainStationDomainId,
                 hyperlane.externalChainStationAddress,
-                encodePayload(token, toAddress, amount)
+                PayloadUtils.encodePayload(token, toAddress, amount)
             );
     }
 
+    /// @notice Handles incoming Hyperlane messages from the external chain
+    /// @dev Validates origin, sender authorization, and processes deposit to EVVM
+    /// @param _origin Source chain domain ID where the message originated
+    /// @param _sender Address of the message sender (must be external chain station)
+    /// @param _data Encoded payload containing deposit instructions
     function handle(
         uint32 _origin,
         bytes32 _sender,
@@ -308,6 +403,12 @@ contract TreasuryHostChainStation is
 
     // LayerZero Specific Functions //
 
+    /// @notice Calculates the fee required for LayerZero cross-chain message
+    /// @dev Queries LayerZero endpoint for accurate native fee estimation
+    /// @param toAddress Recipient address on the destination chain
+    /// @param token Token contract address being transferred
+    /// @param amount Amount of tokens being transferred
+    /// @return Native fee amount required for the LayerZero message
     function quoteLayerZero(
         address toAddress,
         address token,
@@ -315,13 +416,17 @@ contract TreasuryHostChainStation is
     ) public view returns (uint256) {
         MessagingFee memory fee = _quote(
             layerZero.externalChainStationEid,
-            encodePayload(token, toAddress, amount),
-            _options,
+            PayloadUtils.encodePayload(token, toAddress, amount),
+            options,
             false
         );
         return fee.nativeFee;
     }
 
+    /// @notice Handles incoming LayerZero messages from the external chain
+    /// @dev Validates origin chain and sender, then processes deposit to EVVM
+    /// @param _origin Origin information containing source endpoint ID and sender
+    /// @param message Encoded payload containing deposit instructions
     function _lzReceive(
         Origin calldata _origin,
         bytes32 /*_guid*/,
@@ -339,8 +444,46 @@ contract TreasuryHostChainStation is
         decodeAndDeposit(message);
     }
 
+    /// @notice Sends LayerZero messages to the destination chain
+    /// @dev Handles fee payment and message dispatch through LayerZero endpoint
+    /// @param _dstEid Destination endpoint ID (target chain)
+    /// @param _message Encoded message payload to send
+    /// @param _options Execution options for the destination chain
+    /// @param _fee Messaging fee structure (native + LZ token fees)
+    /// @param _refundAddress Address to receive excess fees
+    /// @return receipt Messaging receipt with transaction details
+    function _lzSend(
+        uint32 _dstEid,
+        bytes memory _message,
+        bytes memory _options,
+        MessagingFee memory _fee,
+        address _refundAddress
+    ) internal override returns (MessagingReceipt memory receipt) {
+        // @dev Push corresponding fees to the endpoint, any excess is sent back to the _refundAddress from the endpoint.
+        uint256 messageValue = _fee.nativeFee;
+        if (_fee.lzTokenFee > 0) _payLzToken(_fee.lzTokenFee);
+
+        return
+            // solhint-disable-next-line check-send-result
+            endpoint.send{value: messageValue}(
+                MessagingParams(
+                    _dstEid,
+                    _getPeerOrRevert(_dstEid),
+                    _message,
+                    _options,
+                    _fee.lzTokenFee > 0
+                ),
+                _refundAddress
+            );
+    }
+
     // Axelar Specific Functions //
 
+    /// @notice Handles incoming Axelar messages from the external chain
+    /// @dev Validates source chain and address, then processes deposit to EVVM
+    /// @param _sourceChain Source blockchain name (must match configured external chain)
+    /// @param _sourceAddress Source contract address (must match external chain station)
+    /// @param _payload Encoded payload containing deposit instructions
     function _execute(
         bytes32 /*commandId*/,
         string calldata _sourceChain,
@@ -356,11 +499,9 @@ contract TreasuryHostChainStation is
         decodeAndDeposit(_payload);
     }
 
-    /**
-     * @notice Proposes a new admin address with 1-day time delay
-     * @dev Part of the time-delayed governance system for admin changes
-     * @param _newOwner Address of the proposed new admin
-     */
+    /// @notice Proposes a new admin address with 1-day time delay
+    /// @dev Part of the time-delayed governance system for admin changes
+    /// @param _newOwner Address of the proposed new admin (cannot be zero or current admin)
     function proposeAdmin(address _newOwner) external onlyAdmin {
         if (_newOwner == address(0) || _newOwner == admin.current) revert();
 
@@ -368,19 +509,15 @@ contract TreasuryHostChainStation is
         admin.timeToAccept = block.timestamp + 1 days;
     }
 
-    /**
-     * @notice Cancels a pending admin change proposal
-     * @dev Allows current admin to reject proposed admin changes
-     */
+    /// @notice Cancels a pending admin change proposal
+    /// @dev Allows current admin to reject proposed admin changes and reset proposal state
     function rejectProposalAdmin() external onlyAdmin {
         admin.proposal = address(0);
         admin.timeToAccept = 0;
     }
 
-    /**
-     * @notice Accepts a pending admin proposal and becomes the new admin
-     * @dev Can only be called by the proposed admin after the time delay
-     */
+    /// @notice Accepts a pending admin proposal and becomes the new admin
+    /// @dev Can only be called by the proposed admin after the 1-day time delay
     function acceptAdmin() external {
         if (block.timestamp < admin.timeToAccept) revert();
 
@@ -390,8 +527,13 @@ contract TreasuryHostChainStation is
 
         admin.proposal = address(0);
         admin.timeToAccept = 0;
+
+        _transferOwnership(admin.current);
     }
 
+    /// @notice Proposes a new Fisher executor address with 1-day time delay
+    /// @dev Fisher executor handles cross-chain bridge transaction processing
+    /// @param _newFisherExecutor Address of the proposed new Fisher executor
     function proposeFisherExecutor(
         address _newFisherExecutor
     ) external onlyAdmin {
@@ -404,11 +546,15 @@ contract TreasuryHostChainStation is
         fisherExecutor.timeToAccept = block.timestamp + 1 days;
     }
 
+    /// @notice Cancels a pending Fisher executor change proposal
+    /// @dev Allows current admin to reject Fisher executor changes and reset proposal state
     function rejectProposalFisherExecutor() external onlyAdmin {
         fisherExecutor.proposal = address(0);
         fisherExecutor.timeToAccept = 0;
     }
 
+    /// @notice Accepts a pending Fisher executor proposal
+    /// @dev Can only be called by the proposed Fisher executor after the 1-day time delay
     function acceptFisherExecutor() external {
         if (block.timestamp < fisherExecutor.timeToAccept) revert();
 
@@ -420,11 +566,73 @@ contract TreasuryHostChainStation is
         fisherExecutor.timeToAccept = 0;
     }
 
+    /// @notice Proposes new external chain addresses for all protocols with 1-day time delay
+    /// @dev Updates addresses across Hyperlane, LayerZero, and Axelar simultaneously
+    /// @param externalChainStationAddress Address-type representation for Hyperlane and LayerZero
+    /// @param externalChainStationAddressString String representation for Axelar protocol
+    function proposeExternalChainAddress(
+        address externalChainStationAddress,
+        string memory externalChainStationAddressString
+    ) external onlyAdmin {
+        if (fuseSetExternalChainAddress == 0x01) revert();
+
+        externalChainAddressChangeProposal = ChangeExternalChainAddressParams({
+            porposeAddress_AddressType: externalChainStationAddress,
+            porposeAddress_StringType: externalChainStationAddressString,
+            timeToAccept: block.timestamp + 1 days
+        });
+    }
+
+    /// @notice Cancels a pending external chain address change proposal
+    /// @dev Resets the external chain address proposal to default state
+    function rejectProposalExternalChainAddress() external onlyAdmin {
+        externalChainAddressChangeProposal = ChangeExternalChainAddressParams({
+            porposeAddress_AddressType: address(0),
+            porposeAddress_StringType: "",
+            timeToAccept: 0
+        });
+    }
+
+    /// @notice Accepts pending external chain address changes across all protocols
+    /// @dev Updates Hyperlane, LayerZero, and Axelar configurations simultaneously
+    function acceptExternalChainAddress() external {
+        if (block.timestamp < externalChainAddressChangeProposal.timeToAccept)
+            revert();
+
+        hyperlane.externalChainStationAddress = bytes32(
+            uint256(
+                uint160(
+                    externalChainAddressChangeProposal
+                        .porposeAddress_AddressType
+                )
+            )
+        );
+        layerZero.externalChainStationAddress = bytes32(
+            uint256(
+                uint160(
+                    externalChainAddressChangeProposal
+                        .porposeAddress_AddressType
+                )
+            )
+        );
+        axelar.externalChainStationAddress = externalChainAddressChangeProposal
+            .porposeAddress_StringType;
+        _setPeer(
+            layerZero.externalChainStationEid,
+            layerZero.externalChainStationAddress
+        );
+    }
+
     // Getter functions //
+    
+    /// @notice Returns the complete admin configuration including proposals and timelock
+    /// @return Current admin address, proposed admin, and acceptance timestamp
     function getAdmin() external view returns (AddressTypeProposal memory) {
         return admin;
     }
 
+    /// @notice Returns the complete Fisher executor configuration including proposals
+    /// @return Current Fisher executor, proposed executor, and acceptance timestamp
     function getFisherExecutor()
         external
         view
@@ -433,16 +641,24 @@ contract TreasuryHostChainStation is
         return fisherExecutor;
     }
 
+    /// @notice Returns the next nonce for Fisher bridge operations for a specific user
+    /// @dev Used to prevent replay attacks in cross-chain bridge transactions
+    /// @param user Address to query the next Fisher execution nonce for
+    /// @return Next sequential nonce value for the user's Fisher bridge operations
     function getNextFisherExecutionNonce(
         address user
     ) external view returns (uint256) {
         return nextFisherExecutionNonce[user];
     }
 
+    /// @notice Returns the EVVM core contract address
+    /// @return Address of the EVVM contract used for balance operations
     function getEvvmAddress() external view returns (address) {
         return evvmAddress;
     }
 
+    /// @notice Returns the complete Hyperlane protocol configuration
+    /// @return Hyperlane configuration including domain ID, external chain address, and mailbox
     function getHyperlaneConfig()
         external
         view
@@ -451,6 +667,8 @@ contract TreasuryHostChainStation is
         return hyperlane;
     }
 
+    /// @notice Returns the complete LayerZero protocol configuration
+    /// @return LayerZero configuration including endpoint ID, external chain address, and endpoint
     function getLayerZeroConfig()
         external
         view
@@ -459,38 +677,35 @@ contract TreasuryHostChainStation is
         return layerZero;
     }
 
+    /// @notice Returns the complete Axelar protocol configuration
+    /// @return Axelar configuration including chain name, addresses, gas service, and gateway
     function getAxelarConfig() external view returns (AxelarConfig memory) {
         return axelar;
     }
 
+    /// @notice Returns the LayerZero execution options configuration
+    /// @return Encoded options bytes for LayerZero message execution (200k gas limit)
     function getOptions() external view returns (bytes memory) {
-        return _options;
+        return options;
     }
 
     // Internal Functions //
 
+    /// @notice Decodes cross-chain payload and credits EVVM balance
+    /// @dev Extracts token, recipient, and amount from payload and adds to EVVM balance
+    /// @param payload Encoded transfer data containing token, recipient, and amount
     function decodeAndDeposit(bytes memory payload) internal {
-        (address token, address from, uint256 amount) = decodePayload(payload);
+        (address token, address from, uint256 amount) = PayloadUtils
+            .decodePayload(payload);
         executerEVVM(true, from, token, amount);
     }
 
-    function encodePayload(
-        address token,
-        address toAddress,
-        uint256 amount
-    ) internal pure returns (bytes memory payload) {
-        payload = abi.encode(token, toAddress, amount);
-    }
-
-    function decodePayload(
-        bytes memory payload
-    ) internal pure returns (address token, address toAddress, uint256 amount) {
-        (token, toAddress, amount) = abi.decode(
-            payload,
-            (address, address, uint256)
-        );
-    }
-
+    /// @notice Executes EVVM balance operations (add or remove)
+    /// @dev Interface to EVVM's addAmountToUser and removeAmountFromUser functions
+    /// @param typeOfExecution True to add balance, false to remove balance
+    /// @param userToExecute Address whose balance will be modified
+    /// @param token Token contract address for the balance operation
+    /// @param amount Amount to add or remove from the user's balance
     function executerEVVM(
         bool typeOfExecution,
         address userToExecute,
@@ -509,4 +724,14 @@ contract TreasuryHostChainStation is
             );
         }
     }
+
+    /// @notice Disabled ownership transfer function for security
+    /// @dev Ownership changes must go through the time-delayed admin proposal system
+    function transferOwnership(
+        address newOwner
+    ) public virtual override onlyOwner {}
+
+    /// @notice Disabled ownership renouncement function for security
+    /// @dev Prevents accidental loss of administrative control over the contract
+    function renounceOwnership() public virtual override onlyOwner {}
 }

package/contracts/treasuryTwoChains/lib/ErrorsLib.sol

@@ -3,13 +3,44 @@
 
 pragma solidity ^0.8.0;
 
+/**
+ * @title ErrorsLib
+ * @author Mate labs
+ * @notice Custom error definitions for Treasury Cross-Chain operations
+ * @dev Centralized error library for both TreasuryHostChainStation and TreasuryExternalChainStation
+ *      Provides gas-efficient custom errors with descriptive names for better debugging
+ *      and user experience across all cross-chain treasury operations
+ */
 library ErrorsLib {
+    /// @notice Thrown when a user has insufficient balance for the requested operation
+    /// @dev Used in withdraw operations and Fisher bridge transfers when EVVM balance is too low
     error InsufficientBalance();
+
+    /// @notice Thrown when attempting to withdraw or bridge the Principal Token (MATE)
+    /// @dev Principal Token is reserved for EVVM ecosystem operations and cannot be withdrawn cross-chain
     error PrincipalTokenIsNotWithdrawable();
+
+    /// @notice Thrown when deposit amount validation fails
+    /// @dev Generic validation error for deposit amount issues beyond zero checks
     error InvalidDepositAmount();
+
+    /// @notice Thrown when deposit or transfer amount is zero or negative
+    /// @dev Prevents meaningless transactions and ensures positive value transfers
     error DepositAmountMustBeGreaterThanZero();
+
+    /// @notice Thrown when Hyperlane message sender is not the authorized mailbox contract
+    /// @dev Security check to prevent unauthorized cross-chain message execution via Hyperlane
     error MailboxNotAuthorized();
+
+    /// @notice Thrown when cross-chain message sender is not the authorized counterpart station
+    /// @dev Security check across all protocols (Hyperlane, LayerZero, Axelar) to prevent impersonation
     error SenderNotAuthorized();
+
+    /// @notice Thrown when cross-chain message originates from non-authorized chain
+    /// @dev Prevents cross-chain attacks from unauthorized chains or wrong network configurations
     error ChainIdNotAuthorized();
+
+    /// @notice Thrown when Fisher bridge signature verification fails
+    /// @dev Security check for Fisher bridge operations to ensure transaction authenticity and prevent replay attacks
     error InvalidSignature();
 }