@inco/lightning 0.8.0-devnet-13 → 0.8.0-devnet-20

package/src/lightning-parts/test/Elist.t.sol

@@ -3,11 +3,12 @@ pragma solidity ^0.8;
 
 import {IncoTest} from "../../test/IncoTest.sol";
 import {ElistTester} from "../../test/EListTester.sol";
-import {inco, e} from "../../Lib.sol";
-import {ETypes, elist} from "../../Types.sol";
-import {FEE, Fee} from "../Fee.sol";
-import {EList} from "../EList.sol";
+import {ETypes, ListTooLong, elist, typeBitSize} from "../../Types.sol";
+import {inco} from "../../Lib.sol";
+import {FEE, BIT_FEE, Fee} from "../Fee.sol";
+import {EList, MAX_LIST_LENGTH} from "../EList.sol";
 import {VerifierAddressGetter} from "../primitives/VerifierAddressGetter.sol";
+import {stdError} from "forge-std/StdError.sol";
 
 contract ElistFeeTester is EList {
 
@@ -23,8 +24,38 @@ contract TestEList is IncoTest {
     function setUp() public virtual override {
         super.setUp();
         tester = new ElistTester(inco);
-        vm.deal(address(tester), 1 ether);
+        vm.deal(address(tester), 100 ether);
+        vm.deal(address(this), 100 ether);
         feeTester = new ElistFeeTester();
+        vm.deal(address(feeTester), 100 ether);
+    }
+
+    function _listRange(uint16 start, uint16 end) internal returns (elist) {
+        return inco.listRange{value: uint256(end - start) * typeBitSize(ETypes.Uint256) * BIT_FEE}(start, end);
+    }
+
+    function _listAppend(elist list, bytes32 value) internal returns (elist) {
+        uint256 typeBits = typeBitSize(ETypes.Uint256);
+        return inco.listAppend{value: (uint256(inco.lengthOf(elist.unwrap(list))) * typeBits + typeBits) * BIT_FEE}(
+            list, value
+        );
+    }
+
+    function _listInsert(elist list, bytes32 idx, bytes32 val) internal returns (elist) {
+        uint256 typeBits = typeBitSize(ETypes.Uint256);
+        return inco.listInsert{value: (uint256(inco.lengthOf(elist.unwrap(list))) * typeBits + typeBits) * BIT_FEE}(
+            list, idx, val
+        );
+    }
+
+    function _listConcat(elist a, elist b) internal returns (elist) {
+        uint256 bitsA = uint256(inco.lengthOf(elist.unwrap(a))) * typeBitSize(ETypes.Uint256);
+        uint256 bitsB = uint256(inco.lengthOf(elist.unwrap(b))) * typeBitSize(ETypes.Uint256);
+        return inco.listConcat{value: (bitsA + bitsB) * BIT_FEE}(a, b);
+    }
+
+    function _newEList(bytes32[] memory handles, ETypes listType) internal returns (elist) {
+        return inco.newEList{value: uint256(handles.length) * typeBitSize(listType) * BIT_FEE}(handles, listType);
     }
 
     function testNewElistFromInputs() public {
@@ -47,21 +78,141 @@ contract TestEList is IncoTest {
     }
 
     function testRevertsOnBadFeeAmount() public {
+        // Construct a handle with length=1, type=Uint256 so fee = 1 * 256 * BIT_FEE
+        elist nonZeroList = elist.wrap(bytes32((uint256(1) << 24) | (uint256(uint8(ETypes.Uint256)) << 16)));
+        uint256 correctFee = 256 * BIT_FEE;
+
         // should fail if no fee
         vm.expectRevert(Fee.FeeNotPaid.selector);
-        feeTester.listShuffle(elist.wrap(bytes32(0)));
+        feeTester.listShuffle(nonZeroList);
 
         // should fail if not enough fee
         vm.expectRevert(Fee.FeeNotPaid.selector);
-        feeTester.listShuffle{value: FEE - 1}(elist.wrap(bytes32(0)));
+        feeTester.listShuffle{value: correctFee - 1}(nonZeroList);
 
         // should fail if too much fee
         vm.expectRevert(Fee.FeeNotPaid.selector);
-        feeTester.listShuffle{value: FEE + 1}(elist.wrap(bytes32(0)));
+        feeTester.listShuffle{value: correctFee + 1}(nonZeroList);
 
+        // newEList(inputs): uses payingElistFee, so 3 * 256 * BIT_FEE needed, sending less
         vm.expectRevert(Fee.FeeNotPaid.selector);
         bytes[] memory inputs = new bytes[](3);
-        feeTester.newEList{value: FEE * 2}(inputs, ETypes.Uint256, address(this));
+        feeTester.newEList{value: 3 * 256 * BIT_FEE - 1}(inputs, ETypes.Uint256, address(this));
+    }
+
+    function testListAppend_SucceedsAtMaxLength() public {
+        elist almostMaxList = _listRange(0, MAX_LIST_LENGTH - 1);
+
+        bytes32 validHandle = inco.listGet(almostMaxList, 0);
+
+        elist result = _listAppend(almostMaxList, validHandle);
+        assert(elist.unwrap(result) != bytes32(0));
+    }
+
+    function testListInsert_SucceedsAtMaxLength() public {
+        elist almostMaxList = _listRange(0, MAX_LIST_LENGTH - 1);
+
+        // Get valid handles from the list (listGet returns handles with transient permissions)
+        bytes32 validIndex = inco.listGet(almostMaxList, 0);
+        bytes32 validValue = inco.listGet(almostMaxList, 1);
+
+        elist result = _listInsert(almostMaxList, validIndex, validValue);
+        assert(elist.unwrap(result) != bytes32(0));
+    }
+
+    function testListConcat_SucceedsAtMaxLength() public {
+        uint16 half = MAX_LIST_LENGTH / 2;
+        uint16 otherHalf = MAX_LIST_LENGTH - half;
+        elist list1 = _listRange(0, half);
+        elist list2 = _listRange(0, otherHalf);
+
+        // Should succeed
+        elist combined = _listConcat(list1, list2);
+        assert(elist.unwrap(combined) != bytes32(0));
+    }
+
+    function testListRange_SucceedsAtMaxLength() public {
+        elist maxList = _listRange(0, MAX_LIST_LENGTH);
+        assert(elist.unwrap(maxList) != bytes32(0));
+    }
+
+    // ==================== Overflow Tests ====================
+    // These tests verify that exceeding MAX_LIST_LENGTH reverts appropriately.
+    // Operations use uint16 arithmetic which auto-reverts on overflow in Solidity 0.8+.
+
+    function testListAppend_RevertsOnOverflow() public {
+        elist maxList = _listRange(0, MAX_LIST_LENGTH);
+
+        bytes32 validHandle = inco.listGet(maxList, 0);
+
+        // Appending to a max-length list should revert with arithmetic overflow
+        // Fee: (65535*256 + 256) * BIT_FEE = 65536*32*FEE
+        uint256 typeBits = typeBitSize(ETypes.Uint256);
+        vm.expectRevert(stdError.arithmeticError);
+        inco.listAppend{value: (uint256(MAX_LIST_LENGTH) * typeBits + typeBits) * BIT_FEE}(maxList, validHandle);
+    }
+
+    function testListInsert_RevertsOnOverflow() public {
+        elist maxList = _listRange(0, MAX_LIST_LENGTH);
+
+        bytes32 validIndex = inco.listGet(maxList, 0);
+        bytes32 validValue = inco.listGet(maxList, 1);
+
+        // Inserting into a max-length list should revert with arithmetic overflow
+        uint256 typeBits = typeBitSize(ETypes.Uint256);
+        vm.expectRevert(stdError.arithmeticError);
+        inco.listInsert{value: (uint256(MAX_LIST_LENGTH) * typeBits + typeBits) * BIT_FEE}(
+            maxList, validIndex, validValue
+        );
+    }
+
+    function testListConcat_RevertsOnOverflow() public {
+        uint16 half = MAX_LIST_LENGTH / 2 + 1;
+        elist list1 = _listRange(0, half);
+        elist list2 = _listRange(0, half);
+
+        // Concatenating should revert with arithmetic overflow
+        uint256 bitsPerList = uint256(half) * typeBitSize(ETypes.Uint256);
+        vm.expectRevert(stdError.arithmeticError);
+        inco.listConcat{value: (bitsPerList + bitsPerList) * BIT_FEE}(list1, list2);
+    }
+
+    function testNewEList_RevertsOnTooManyHandles() public {
+        uint256 tooMany = uint256(MAX_LIST_LENGTH) + 1;
+        bytes32[] memory handles = new bytes32[](tooMany);
+
+        // Fee check runs before length check, so we must pay the required fee
+        uint256 requiredFee = tooMany * typeBitSize(ETypes.Uint256) * BIT_FEE;
+
+        // Should revert with ListTooLong error
+        vm.expectRevert(abi.encodeWithSelector(ListTooLong.selector, uint32(tooMany), MAX_LIST_LENGTH));
+        inco.newEList{value: requiredFee}(handles, ETypes.Uint256);
+    }
+
+    function testNewEList_RevertsOnTooManyInputs() public {
+        uint256 tooMany = uint256(MAX_LIST_LENGTH) + 1;
+        bytes[] memory inputs = new bytes[](tooMany);
+
+        // Fee check runs before length check, so we must pay the required fee
+        uint256 requiredFee = tooMany * typeBitSize(ETypes.Uint256) * BIT_FEE;
+
+        // Should revert with ListTooLong error
+        vm.expectRevert(abi.encodeWithSelector(ListTooLong.selector, uint32(tooMany), MAX_LIST_LENGTH));
+        inco.newEList{value: requiredFee}(inputs, ETypes.Uint256, address(this));
+    }
+
+    function testNewEListFromHandles() public {
+        elist sourceList = _listRange(0, 3);
+
+        // Extract handles from the source list
+        bytes32[] memory handles = new bytes32[](3);
+        handles[0] = inco.listGet(sourceList, 0);
+        handles[1] = inco.listGet(sourceList, 1);
+        handles[2] = inco.listGet(sourceList, 2);
+
+        // Create a new list from these handles
+        elist newList = _newEList(handles, ETypes.Uint256);
+        assert(elist.unwrap(newList) != bytes32(0));
     }
 
 }

package/src/lightning-parts/test/TestDecryptionAttestationInSynchronousFlow.t.sol

@@ -2,21 +2,44 @@
 pragma solidity ^0.8;
 
 import {IncoTest} from "../../test/IncoTest.sol";
-import {DemoToken} from "@inco/confidential-token-demo/src/DemoToken.sol";
+import {ERC7984DemoToken} from "@inco/incoERC7984/src/ERC7984DemoToken.sol";
 import {DecryptionAttestation} from "../DecryptionAttester.types.sol";
 import {GWEI} from "../../shared/TypeUtils.sol";
-import {euint256} from "@inco/lightning/src/Lib.sol"; // import via remapping or compiler fails
+import {inco, e, euint256} from "@inco/lightning/src/Lib.sol"; // import via remapping or compiler fails
 import {AllowanceProof} from "../AccessControl/AdvancedAccessControl.sol";
-import {inco} from "../../Lib.sol";
 import {euint256 as remappedEuint256} from "@inco/lightning/src/Lib.sol";
+import {
+    DecryptionAttestation as remappedDecryptionAttestation
+} from "@inco/lightning/src/lightning-parts/DecryptionAttester.types.sol";
 
-contract TokenBurnCurrentBalance is DemoToken {
+/// @notice This test demonstrates how a decryption attestation can be used in a synchronous flow, where the result of the operation is known at the time of requesting the attestation.
+/// In this example, we simulate a token burn operation where the user proves that they have enough balance to burn before actually performing the burn.
+contract TokenBurnCurrentBalance is ERC7984DemoToken {
 
-    function burnFullCurrentBalance(DecryptionAttestation memory decryption, bytes[] memory signatures) public {
+    using e for uint256;
+    using e for euint256;
+
+    /// @notice Deploys the token with specified name, symbol, and initial supply
+    /// @param name_ The token name
+    /// @param symbol_ The token symbol
+    /// @param initialSupply The initial supply to mint to the deployer (in base units)
+    constructor(string memory name_, string memory symbol_, uint256 initialSupply)
+        ERC7984DemoToken(name_, symbol_, initialSupply)
+    {
+        if (initialSupply > 0) {
+            _mint(msg.sender, initialSupply.asEuint256());
+        }
+    }
+
+    /// @dev In this burn function, the user provides a decryption attestation that proves they have enough balance to burn the specified amount.
+    /// The burn operation is performed synchronously, and the success of the burn is verified using the attestation.
+    function burnFullCurrentBalance(remappedDecryptionAttestation memory attestation, bytes[] memory signatures)
+        public
+    {
         euint256 currentBalance = confidentialBalanceOf(msg.sender);
-        require(inco.incoVerifier().isValidDecryptionAttestation(decryption, signatures), "Invalid Signature");
-        require(euint256.unwrap(currentBalance) == decryption.handle, "Handle mismatch");
-        publicBurn(msg.sender, uint256(decryption.value));
+        require(inco.incoVerifier().isValidDecryptionAttestation(attestation, signatures), "Invalid Signature");
+        require(euint256.unwrap(currentBalance) == attestation.handle, "Handle mismatch");
+        publicBurn(msg.sender, uint256(attestation.value));
     }
 
 }
@@ -26,19 +49,24 @@ contract TestDecryptionAttestationInSynchronousFlow is IncoTest {
     AllowanceProof emptyProof; // no proof needed when requester has the handle in persisted allowed pairs
 
     function testSynchronousBurning() public {
-        TokenBurnCurrentBalance token = new TokenBurnCurrentBalance();
+        TokenBurnCurrentBalance token = new TokenBurnCurrentBalance("DemoToken", "DMT", 100 ether);
         vm.deal(address(token), 100 ether);
-        token.confidentialTransfer(alice, fakePrepareEuint256Ciphertext(10 * GWEI, address(this), address(token)), "");
+        token.confidentialTransfer(alice, fakePrepareEuint256Ciphertext(10 * GWEI, address(this), address(token)));
         processAllOperations(); // saves Alice's balance
+
         bytes32 aliceCurrentBalanceHandle = euint256.unwrap(token.confidentialBalanceOf(alice));
         // simulates Alice requesting for a decryption attestation of Ge op on her balance and the amount
         // she intends to burn, therefore proving to the token contract that the operation will succeed
-        (DecryptionAttestation memory decryption, bytes[] memory signatures) =
+        (DecryptionAttestation memory attestation, bytes[] memory signatures) =
             getDecryptionAttestation(alice, HandleWithProof({handle: aliceCurrentBalanceHandle, proof: emptyProof}));
-        vm.prank(alice);
 
+        // Convert attestation to remapped type for cross-project compatibility
+        remappedDecryptionAttestation memory remappedAttestation =
+            remappedDecryptionAttestation({handle: attestation.handle, value: attestation.value});
+
+        vm.prank(alice);
         // the decryption attestation is passed to the token burn method
-        token.burnFullCurrentBalance(decryption, signatures);
+        token.burnFullCurrentBalance(remappedAttestation, signatures);
 
         processAllOperations();
 

package/src/periphery/IncoUtils.sol

@@ -5,7 +5,7 @@ import {StorageSlot} from "@openzeppelin/contracts/utils/StorageSlot.sol";
 
 // Re-export FEE constant for convenience - consumers can import both IncoUtils and FEE from this file
 // forge-lint: disable-next-line(unused-import)
-import {FEE} from "../lightning-parts/Fee.sol";
+import {FEE, BIT_FEE} from "../lightning-parts/Fee.sol";
 
 contract IncoUtils {
 

package/src/test/EListTester.sol

@@ -3,9 +3,9 @@ pragma solidity ^0.8;
 
 import {IIncoLightning} from "../interfaces/IIncoLightning.sol";
 /// forge-lint: disable-next-line(unused-import)
-import {ETypes, elist} from "../Types.sol";
+import {ETypes, elist, typeBitSize} from "../Types.sol";
 import {euint256} from "../Types.sol";
-import {IncoUtils, FEE} from "../periphery/IncoUtils.sol";
+import {IncoUtils, FEE, BIT_FEE} from "../periphery/IncoUtils.sol";
 
 contract ElistTester is IncoUtils {
 
@@ -35,7 +35,10 @@ contract ElistTester is IncoUtils {
         euint256 handle = inco.newEuint256{value: FEE}(ctValue, msg.sender);
         inco.allow(euint256.unwrap(handle), address(this));
         inco.allow(euint256.unwrap(handle), address(msg.sender));
-        list = inco.listAppend(list, euint256.unwrap(handle));
+        uint256 typeBits = typeBitSize(ETypes(uint8(uint256(elist.unwrap(list)) >> 16)));
+        list = inco.listAppend{value: (uint256(inco.lengthOf(elist.unwrap(list))) * typeBits + typeBits) * BIT_FEE}(
+            list, euint256.unwrap(handle)
+        );
         inco.allow(elist.unwrap(list), address(this));
         inco.allow(elist.unwrap(list), address(msg.sender));
         return list;
@@ -48,7 +51,7 @@ contract ElistTester is IncoUtils {
     }
 
     function newEList(bytes32[] memory handles, ETypes listType) public payable refundUnspent returns (elist) {
-        list = inco.newEList(handles, listType);
+        list = inco.newEList{value: FEE * handles.length}(handles, listType);
         inco.allow(elist.unwrap(list), address(this));
         inco.allow(elist.unwrap(list), address(msg.sender));
         return list;
@@ -70,7 +73,10 @@ contract ElistTester is IncoUtils {
     function listSet(bytes memory ctIndex, bytes memory ctValue) public payable refundUnspent returns (elist) {
         euint256 index = inco.newEuint256{value: FEE}(ctIndex, msg.sender);
         euint256 value = inco.newEuint256{value: FEE}(ctValue, msg.sender);
-        list = inco.listSet(list, euint256.unwrap(index), euint256.unwrap(value));
+        uint256 typeBits = typeBitSize(ETypes(uint8(uint256(elist.unwrap(list)) >> 16)));
+        list = inco.listSet{value: uint256(inco.lengthOf(elist.unwrap(list))) * typeBits * BIT_FEE}(
+            list, euint256.unwrap(index), euint256.unwrap(value)
+        );
         inco.allow(elist.unwrap(list), address(this));
         inco.allow(elist.unwrap(list), address(msg.sender));
         return list;
@@ -79,7 +85,10 @@ contract ElistTester is IncoUtils {
     function listInsert(bytes memory ctIndex, bytes memory ctValue) public payable refundUnspent returns (elist) {
         euint256 index = inco.newEuint256{value: FEE}(ctIndex, msg.sender);
         euint256 value = inco.newEuint256{value: FEE}(ctValue, msg.sender);
-        list = inco.listInsert(list, euint256.unwrap(index), euint256.unwrap(value));
+        uint256 typeBits = typeBitSize(ETypes(uint8(uint256(elist.unwrap(list)) >> 16)));
+        list = inco.listInsert{value: (uint256(inco.lengthOf(elist.unwrap(list))) * typeBits + typeBits) * BIT_FEE}(
+            list, euint256.unwrap(index), euint256.unwrap(value)
+        );
         inco.allow(elist.unwrap(list), address(this));
         inco.allow(elist.unwrap(list), address(msg.sender));
         return list;
@@ -94,7 +103,11 @@ contract ElistTester is IncoUtils {
         elist rhs = inco.newEList{value: FEE * cts.length}(cts, listType, user);
         inco.allow(elist.unwrap(rhs), address(this));
         inco.allow(elist.unwrap(rhs), address(msg.sender));
-        list = inco.listConcat(list, rhs);
+        uint256 lhsBits =
+            uint256(inco.lengthOf(elist.unwrap(list))) * typeBitSize(ETypes(uint8(uint256(elist.unwrap(list)) >> 16)));
+        uint256 rhsBits =
+            uint256(inco.lengthOf(elist.unwrap(rhs))) * typeBitSize(ETypes(uint8(uint256(elist.unwrap(rhs)) >> 16)));
+        list = inco.listConcat{value: (lhsBits + rhsBits) * BIT_FEE}(list, rhs);
         inco.allow(elist.unwrap(list), address(this));
         inco.allow(elist.unwrap(list), address(msg.sender));
         return list;
@@ -108,14 +121,17 @@ contract ElistTester is IncoUtils {
     {
         euint256 start = inco.newEuint256{value: FEE}(ctStart, msg.sender);
         euint256 defaultValue = inco.newEuint256{value: FEE}(ctDefaultValue, msg.sender);
-        list = inco.listSlice(list, euint256.unwrap(start), len, euint256.unwrap(defaultValue));
+        uint256 typeBits = typeBitSize(ETypes(uint8(uint256(elist.unwrap(list)) >> 16)));
+        list = inco.listSlice{value: uint256(len) * typeBits * BIT_FEE}(
+            list, euint256.unwrap(start), len, euint256.unwrap(defaultValue)
+        );
         inco.allow(elist.unwrap(list), address(this));
         inco.allow(elist.unwrap(list), address(msg.sender));
         return list;
     }
 
-    function listRange(uint16 start, uint16 end) public returns (elist) {
-        newRangeList = inco.listRange(start, end);
+    function listRange(uint16 start, uint16 end) public payable returns (elist) {
+        newRangeList = inco.listRange{value: uint256(end - start) * typeBitSize(ETypes.Uint256) * BIT_FEE}(start, end);
         inco.allow(elist.unwrap(newRangeList), address(this));
         inco.allow(elist.unwrap(newRangeList), address(msg.sender));
         return newRangeList;
@@ -128,14 +144,16 @@ contract ElistTester is IncoUtils {
     }
 
     function listShuffle() public payable refundUnspent returns (elist) {
-        list = inco.listShuffle{value: FEE}(list);
+        uint256 typeBits = typeBitSize(ETypes(uint8(uint256(elist.unwrap(list)) >> 16)));
+        list = inco.listShuffle{value: uint256(inco.lengthOf(elist.unwrap(list))) * typeBits * BIT_FEE}(list);
         inco.allow(elist.unwrap(list), address(this));
         inco.allow(elist.unwrap(list), address(msg.sender));
         return list;
     }
 
-    function listReverse() public returns (elist) {
-        list = inco.listReverse(list);
+    function listReverse() public payable returns (elist) {
+        uint256 typeBits = typeBitSize(ETypes(uint8(uint256(elist.unwrap(list)) >> 16)));
+        list = inco.listReverse{value: uint256(inco.lengthOf(elist.unwrap(list))) * typeBits * BIT_FEE}(list);
         inco.allow(elist.unwrap(list), address(this));
         inco.allow(elist.unwrap(list), address(msg.sender));
         return list;

package/src/test/FakeIncoInfra/FakeComputeServer.sol

@@ -14,9 +14,9 @@ contract FakeComputeServer {
         } else if (op == EOps.Mul) {
             return lhs * rhs;
         } else if (op == EOps.Div) {
-            return lhs / rhs;
+            return rhs == 0 ? type(uint256).max : lhs / rhs;
         } else if (op == EOps.Rem) {
-            return lhs % rhs;
+            return rhs == 0 ? lhs : lhs % rhs;
         } else if (op == EOps.Min) {
             return lhs < rhs ? lhs : rhs;
         } else if (op == EOps.Max) {

package/src/test/TestDeploy.t.sol

@@ -1,13 +1,14 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {Test} from "forge-std/Test.sol";
+import {Test, Vm} from "forge-std/Test.sol";
 import {TrivialEncryption} from "../lightning-parts/TrivialEncryption.sol";
 import {ETypes} from "../Types.sol";
 import {UUPSUpgradeable} from "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
 import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
 import {inco} from "../Lib.sol";
 import {IncoTest} from "./IncoTest.sol";
+import {IEncryptedInput} from "../lightning-parts/interfaces/IEncryptedInput.sol";
 
 contract ReturnTwo is UUPSUpgradeable {
 
@@ -44,6 +45,26 @@ contract TestDeploy is Test, IncoTest {
         assertTrue(inco.isAcceptedVersion(42));
     }
 
+    function testAddAcceptedVersion_EmitsVersionAccepted() public {
+        vm.recordLogs();
+        vm.prank(owner);
+        inco.addAcceptedVersion(42);
+
+        Vm.Log[] memory logs = vm.getRecordedLogs();
+        bytes32 expectedTopic0 = keccak256("VersionAccepted(uint16)");
+        bool found = false;
+        for (uint256 i = 0; i < logs.length; i++) {
+            if (logs[i].topics[0] == expectedTopic0) {
+                found = true;
+                // version is indexed: must appear in topics[1], not in data
+                assertEq(logs[i].topics[1], bytes32(uint256(42)), "version should be an indexed topic");
+                assertEq(logs[i].data.length, 0, "data should be empty since version is indexed");
+                break;
+            }
+        }
+        assertTrue(found, "VersionAccepted event was not emitted");
+    }
+
     function testAddAcceptedVersionNotOwner() public {
         vm.expectRevert(abi.encodeWithSelector(OwnableUpgradeable.OwnableUnauthorizedAccount.selector, alice));
         vm.prank(alice);
@@ -57,6 +78,29 @@ contract TestDeploy is Test, IncoTest {
         assertFalse(inco.isAcceptedVersion(42));
     }
 
+    function testRemoveAcceptedVersion_EmitsVersionRemoved() public {
+        vm.prank(owner);
+        inco.addAcceptedVersion(42);
+
+        vm.recordLogs();
+        vm.prank(owner);
+        inco.removeAcceptedVersion(42);
+
+        Vm.Log[] memory logs = vm.getRecordedLogs();
+        bytes32 expectedTopic0 = keccak256("VersionRemoved(uint16)");
+        bool found = false;
+        for (uint256 i = 0; i < logs.length; i++) {
+            if (logs[i].topics[0] == expectedTopic0) {
+                found = true;
+                // version is indexed: must appear in topics[1], not in data
+                assertEq(logs[i].topics[1], bytes32(uint256(42)), "version should be an indexed topic");
+                assertEq(logs[i].data.length, 0, "data should be empty since version is indexed");
+                break;
+            }
+        }
+        assertTrue(found, "VersionRemoved event was not emitted");
+    }
+
     function testRemoveAcceptedVersionNotOwner() public {
         vm.expectRevert(abi.encodeWithSelector(OwnableUpgradeable.OwnableUnauthorizedAccount.selector, alice));
         vm.prank(alice);

package/src/test/TestFakeInfra.t.sol

@@ -3,7 +3,7 @@ pragma solidity ^0.8;
 
 import {IncoTest} from "./IncoTest.sol";
 import {e, euint256, ebool, eaddress, inco} from "../Lib.sol";
-import {SenderNotAllowedForHandle} from "../Types.sol";
+import {SenderNotAllowedForHandle, UnsupportedType, ETypes, UnexpectedType, typeToBitMask} from "../Types.sol";
 import {TEELifecycle} from "../lightning-parts/TEELifecycle.sol";
 import {Td10ReportBody, MINIMUM_QUOTE_LENGTH} from "../interfaces/automata-interfaces/Types.sol";
 
@@ -96,6 +96,14 @@ contract TestFakeInfra is IncoTest {
         assertEq(getUint256Value(c), 2);
     }
 
+    function testEDiv_DivisionByZeroReturnsMaxUint256() public {
+        euint256 a = e.asEuint256(10);
+        euint256 zero = e.asEuint256(0);
+        euint256 c = a.div(zero);
+        processAllOperations();
+        assertEq(getUint256Value(c), type(uint256).max);
+    }
+
     function testERem() public {
         euint256 a = e.asEuint256(10);
         euint256 b = e.asEuint256(4);
@@ -104,6 +112,14 @@ contract TestFakeInfra is IncoTest {
         assertEq(getUint256Value(c), 2);
     }
 
+    function testERem_RemainderByZeroReturnsLhs() public {
+        euint256 a = e.asEuint256(10);
+        euint256 zero = e.asEuint256(0);
+        euint256 c = a.rem(zero);
+        processAllOperations();
+        assertEq(getUint256Value(c), 10);
+    }
+
     function testEAnd() public {
         euint256 a = e.asEuint256(10);
         euint256 b = e.asEuint256(4);
@@ -514,11 +530,10 @@ contract TestFakeInfra is IncoTest {
         assertEq(getUint256Value(resB), 4);
     }
 
-    function testECastToEBool() public {
+    function testECastToEBoolRevert() public {
         euint256 a = e.asEuint256(1);
-        ebool b = a.asEbool();
-        processAllOperations();
-        assertEq(getBoolValue(b), true);
+        vm.expectRevert(abi.encodeWithSelector(UnsupportedType.selector, ETypes.Bool));
+        inco.eCast(euint256.unwrap(a), ETypes.Bool);
     }
 
     function testECastToFromEBool() public {
@@ -557,7 +572,7 @@ contract TestFakeInfra is IncoTest {
     function testECastAllowed() public {
         bytes32 invalidHandle = keccak256("invalid handle");
         vm.expectRevert(abi.encodeWithSelector(SenderNotAllowedForHandle.selector, invalidHandle, address(this)));
-        euint256.wrap(invalidHandle).asEbool();
+        ebool.wrap(invalidHandle).asEuint256();
     }
 
     function testUninitializedHandleIsDisallowed_Add_Lhs() public {
@@ -1104,4 +1119,15 @@ contract TestFakeInfra is IncoTest {
         assertEq(quote.length, MINIMUM_QUOTE_LENGTH);
     }
 
+    function testRandBoundedUpperBoundLargerThanRandType() public {
+        euint256 upperBound = e.asEuint256(type(uint256).max);
+        uint256 fee = inco.getFee();
+        vm.expectRevert(
+            abi.encodeWithSelector(
+                UnexpectedType.selector, ETypes.Uint256, typeToBitMask(ETypes.AddressOrUint160OrBytes20)
+            )
+        );
+        inco.eRandBounded{value: fee}(euint256.unwrap(upperBound), ETypes.AddressOrUint160OrBytes20);
+    }
+
 }