@inco/lightning 0.7.10 → 0.8.0-devnet-1

package/src/test/TestFeeWithdrawal.t.sol

@@ -0,0 +1,60 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {inco} from "../Lib.sol";
+import {IncoTest} from "./IncoTest.sol";
+import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import {Fee} from "../lightning-parts/Fee.sol";
+
+contract RejectingContract {
+    // Contract that rejects all Ether transfers
+
+    }
+
+contract TestFeeWithdrawal is IncoTest {
+
+    function setUp() public override {
+        super.setUp();
+    }
+
+    function testWithdrawFees_Succeeds() public {
+        vm.deal(address(inco), 1 ether);
+        vm.prank(owner);
+        inco.withdrawFees();
+        assertEq(address(inco).balance, 0);
+        assertEq(address(owner).balance, 1 ether);
+    }
+
+    function testWithdrawFees_Reverts_NoFeesToWithdraw() public {
+        vm.expectRevert(Fee.NoFeesToWithdraw.selector);
+        vm.prank(owner);
+        inco.withdrawFees();
+    }
+
+    function testWithdrawFees_Reverts_NotOwner() public {
+        vm.expectRevert(abi.encodeWithSelector(OwnableUpgradeable.OwnableUnauthorizedAccount.selector, alice));
+        vm.prank(alice);
+        inco.withdrawFees();
+    }
+
+    function testWithdrawFees_Reverts_FeeWithdrawalFailed() public {
+        // Deploy a contract that rejects Ether
+        RejectingContract rejectingOwner = new RejectingContract();
+
+        // Change owner to the rejecting contract
+        vm.prank(owner);
+        inco.transferOwnership(address(rejectingOwner));
+
+        // Add fees to withdraw
+        vm.deal(address(inco), 1 ether);
+
+        // Expect the FeeWithdrawalFailed error
+        vm.expectRevert(Fee.FeeWithdrawalFailed.selector);
+
+        // Try to withdraw (will fail because rejectingOwner can't receive Ether)
+        vm.prank(address(rejectingOwner));
+        inco.withdrawFees();
+    }
+
+}
+

package/src/test/TestIncoUtils.t.sol

@@ -0,0 +1,242 @@
+// SPDX-License-Identifier: No License
+pragma solidity ^0.8;
+
+import {Test} from "forge-std/Test.sol";
+import {IncoUtils} from "../periphery/IncoUtils.sol";
+
+/// @dev Helper contract that inherits IncoUtils and rejects ETH refunds
+contract RejectingContract is IncoUtils {
+
+    // No receive() function - will reject ETH transfers
+
+    function callWithRefund() external payable refundUnspent {
+        // Does nothing, should trigger refund which will fail because this contract can't receive ETH
+    }
+
+}
+
+/// @dev Helper contract that sends ETH to the target during execution
+contract EthSenderDuringExecution {
+
+    function sendTo(address target, uint256 amount) external {
+        payable(target).transfer(amount);
+    }
+
+    receive() external payable {}
+
+}
+
+/// @dev Attacker contract that tries to re-enter on receiving refund
+contract ReentrantAttacker {
+
+    TestIncoUtils target;
+    uint256 public attackCount;
+
+    constructor(TestIncoUtils _target) {
+        target = _target;
+    }
+
+    function attack() external payable {
+        target.mockFunctionNoSpend{value: msg.value}();
+    }
+
+    receive() external payable {
+        attackCount++;
+        if (attackCount < 3) {
+            // Try to re-enter
+            target.mockFunctionNoSpend{value: msg.value}();
+        }
+    }
+
+}
+
+contract TestIncoUtils is Test, IncoUtils {
+
+    EthSenderDuringExecution sender;
+
+    function setUp() public {
+        sender = new EthSenderDuringExecution();
+    }
+
+    // Mock functions to test the modifier
+    function mockFunctionNoSpend() external payable refundUnspent {
+        // Does nothing, no ETH spent
+    }
+
+    function mockFunctionPartialSpend(uint256 amount) external payable refundUnspent {
+        // Send ETH to simulate spending
+        payable(address(0)).transfer(amount);
+    }
+
+    function mockFunctionFullSpend() external payable refundUnspent {
+        // Send all msg.value to simulate full spending
+        payable(address(0)).transfer(msg.value);
+    }
+
+    /// @dev Mock function that receives ETH during execution (simulates external deposit)
+    function mockFunctionReceivesEthDuringExecution(address payable ethSender, uint256 incomingAmount)
+        external
+        payable
+        refundUnspent
+    {
+        // Trigger external contract to send us ETH during execution
+        EthSenderDuringExecution(ethSender).sendTo(address(this), incomingAmount);
+    }
+
+    receive() external payable {}
+
+    function testRefundUnspentWhenNoSpend() public {
+        uint256 msgValue = 1 ether;
+
+        // Set up balance for the call (vm.deal overwrites, not adds)
+        vm.deal(address(this), msgValue);
+        uint256 balanceBefore = address(this).balance;
+
+        // Call function that doesn't spend any ETH
+        this.mockFunctionNoSpend{value: msgValue}();
+
+        // Check that full amount was refunded (balance unchanged)
+        assertEq(address(this).balance, balanceBefore);
+    }
+
+    function testRefundUnspentWhenPartialSpend() public {
+        uint256 msgValue = 1 ether;
+        uint256 spendAmount = 0.3 ether;
+
+        // Set up balance for the call
+        vm.deal(address(this), msgValue);
+        uint256 balanceBefore = address(this).balance;
+
+        // Call function that spends partial amount
+        this.mockFunctionPartialSpend{value: msgValue}(spendAmount);
+
+        // Check that correct amount was refunded (only spendAmount was consumed)
+        assertEq(address(this).balance, balanceBefore - spendAmount);
+    }
+
+    function testRefundUnspentWhenFullSpend() public {
+        uint256 msgValue = 1 ether;
+
+        // Set up balance for the call
+        vm.deal(address(this), msgValue);
+        uint256 balanceBefore = address(this).balance;
+
+        // Call function that spends full amount
+        this.mockFunctionFullSpend{value: msgValue}();
+
+        // Check that no refund occurred (all was spent)
+        assertEq(address(this).balance, balanceBefore - msgValue);
+    }
+
+    function testRefundUnspentWhenOverSpend() public {
+        uint256 msgValue = 0.5 ether;
+        uint256 spendAmount = 1 ether;
+
+        // Add extra balance to contract beyond what we'll send
+        vm.deal(address(this), spendAmount + msgValue);
+        uint256 balanceBefore = address(this).balance;
+
+        // Call function that spends more than msg.value (uses contract's existing balance)
+        this.mockFunctionPartialSpend{value: msgValue}(spendAmount);
+
+        // Check that no refund occurred (spent more than msg.value, so nothing to refund)
+        assertEq(address(this).balance, balanceBefore - spendAmount);
+    }
+
+    function testRefundFailedReverts() public {
+        uint256 msgValue = 1 ether;
+
+        // Create a contract that cannot receive ETH refunds (no receive function)
+        RejectingContract rejecter = new RejectingContract();
+        vm.deal(address(rejecter), msgValue);
+
+        // Call from rejecter itself so msg.sender (rejecter) cannot receive the refund
+        vm.prank(address(rejecter));
+        vm.expectRevert(IncoUtils.RefundFailed.selector);
+        rejecter.callWithRefund{value: msgValue}();
+    }
+
+    function testRefundUnspentWithZeroMsgValue() public {
+        // Set up some initial balance
+        vm.deal(address(this), 1 ether);
+        uint256 balanceBefore = address(this).balance;
+
+        // Call with zero msg.value - should not revert and no refund needed
+        this.mockFunctionNoSpend{value: 0}();
+
+        // Balance should be unchanged
+        assertEq(address(this).balance, balanceBefore);
+    }
+
+    function testRefundUnspentWithWeiPrecision() public {
+        uint256 msgValue = 1000 wei;
+        uint256 spendAmount = 333 wei;
+
+        vm.deal(address(this), msgValue);
+        uint256 balanceBefore = address(this).balance;
+
+        this.mockFunctionPartialSpend{value: msgValue}(spendAmount);
+
+        // Check exact wei-level precision
+        assertEq(address(this).balance, balanceBefore - spendAmount);
+    }
+
+    function testRefundUnspentWhenContractReceivesEthDuringExecution() public {
+        uint256 msgValue = 1 ether;
+        uint256 incomingEth = 0.5 ether;
+
+        // Fund the sender contract
+        vm.deal(address(sender), incomingEth);
+        vm.deal(address(this), msgValue);
+        uint256 balanceBefore = address(this).balance;
+
+        // During execution, sender will send us 0.5 ETH
+        // This means balanceAfter > balanceBefore, so spent = 0
+        // Refund should be capped at msg.value (1 ETH)
+        this.mockFunctionReceivesEthDuringExecution{value: msgValue}(payable(address(sender)), incomingEth);
+
+        // We sent 1 ETH, received 0.5 ETH during execution, and got 1 ETH refunded
+        // Final: balanceBefore - msgValue + incomingEth + msgValue = balanceBefore + incomingEth
+        assertEq(address(this).balance, balanceBefore + incomingEth);
+    }
+
+    function testRefundUnspentWhenSpendingExactlyMsgValue() public {
+        // Edge case: spend exactly msg.value (boundary condition)
+        // This is similar to testRefundUnspentWhenFullSpend but uses mockFunctionPartialSpend
+        uint256 msgValue = 1 ether;
+
+        vm.deal(address(this), msgValue);
+        uint256 balanceBefore = address(this).balance;
+
+        // Spend exactly msg.value using partial spend function
+        this.mockFunctionPartialSpend{value: msgValue}(msgValue);
+
+        // No refund should occur - spent exactly what was sent
+        assertEq(address(this).balance, balanceBefore - msgValue);
+    }
+
+    function testRefundUnspentReentrancyProtection() public {
+        ReentrantAttacker attacker = new ReentrantAttacker(this);
+        vm.deal(address(attacker), 2 ether);
+
+        // When the attacker tries to re-enter, ReentrantCall() is thrown inside the receive()
+        // This causes the receive() to revert, which fails the refund .call(), surfacing RefundFailed()
+        vm.prank(address(attacker));
+        vm.expectRevert(IncoUtils.RefundFailed.selector);
+        attacker.attack{value: 1 ether}();
+    }
+
+    function testFuzzRefundUnspent(uint256 msgValue, uint256 spendAmount) public {
+        // Bound to reasonable values
+        msgValue = bound(msgValue, 0, 10 ether);
+        spendAmount = bound(spendAmount, 0, msgValue);
+
+        vm.deal(address(this), msgValue);
+        uint256 balanceBefore = address(this).balance;
+
+        this.mockFunctionPartialSpend{value: msgValue}(spendAmount);
+
+        assertEq(address(this).balance, balanceBefore - spendAmount);
+    }
+
+}

package/src/version/IncoLightningConfig.sol

@@ -7,12 +7,12 @@ pragma solidity ^0.8;
 // UPDATE the CHANGELOG on new versions
 
 string constant CONTRACT_NAME = "incoLightning";
-uint8 constant MAJOR_VERSION = 2;
+uint8 constant MAJOR_VERSION = 3;
 uint8 constant MINOR_VERSION = 0;
 // whenever a new version is deployed, we need to pump this up
 // otherwise make test_upgrade will fail
 // consequently, when we do a patch release, we don't need to pump it as it's already pumped
 // when the previous release was done
-uint8 constant PATCH_VERSION = 1;
+uint8 constant PATCH_VERSION = 2;
 
 string constant VERIFIER_NAME = "incoVerifier";

package/src/IIncoLightning.sol

@@ -1,22 +0,0 @@
-// SPDX-License-Identifier: No License
-pragma solidity ^0.8;
-
-import {IEncryptedInput} from "./lightning-parts/interfaces/IEncryptedInput.sol";
-import {IEncryptedOperations} from "./lightning-parts/interfaces/IEncryptedOperations.sol";
-import {ITrivialEncryption} from "./lightning-parts/interfaces/ITrivialEncryption.sol";
-import {IBaseAccessControlList} from "./lightning-parts/AccessControl/interfaces/IBaseAccessControlList.sol";
-import {IHandleGeneration} from "./lightning-parts/primitives/interfaces/IHandleGeneration.sol";
-import {IVersion} from "./version/interfaces/IVersion.sol";
-
-interface IIncoLightning is
-    IEncryptedInput,
-    IEncryptedOperations,
-    ITrivialEncryption,
-    IBaseAccessControlList,
-    IHandleGeneration,
-    IVersion
-{
-
-    function initialize(address owner) external;
-
-}