npm - @layerzerolabs/lz-evm-oapp-v2 - Versions diffs - 2.1.21 → 2.1.23 - Mend

@layerzerolabs/lz-evm-oapp-v2 2.1.21 → 2.1.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/contracts/oapp/interfaces/IOAppReceiver.sol CHANGED Viewed

@@ -5,11 +5,21 @@ import { ILayerZeroReceiver, Origin } from "@layerzerolabs/lz-evm-protocol-v2/co
 interface IOAppReceiver is ILayerZeroReceiver {
     /**
-     * @notice Retrieves the address responsible for 'sending' composeMsg's to the Endpoint.
-     * @return sender The address responsible for 'sending' composeMsg's to the Endpoint.
+     * @notice Indicates whether an address is an approved composeMsg sender to the Endpoint.
+     * @param _origin The origin information containing the source endpoint and sender address.
+     *  - srcEid: The source chain endpoint ID.
+     *  - sender: The sender address on the src chain.
+     *  - nonce: The nonce of the message.
+     * @param _message The lzReceive payload.
+     * @param _sender The sender address.
+     * @return isSender Is a valid sender.
      *
      * @dev Applications can optionally choose to implement a separate composeMsg sender that is NOT the bridging layer.
-     * @dev The default sender IS the OApp implementer.
+     * @dev The default sender IS the OAppReceiver implementer.
      */
-    function composeMsgSender() external view returns (address sender);
+    function isComposeMsgSender(
+        Origin calldata _origin,
+        bytes calldata _message,
+        address _sender
+    ) external view returns (bool isSender);
 }

package/contracts/oapp/utils/RateLimiter.sol ADDED Viewed

@@ -0,0 +1,229 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+/**
+ * @title RateLimiter
+ * @dev Abstract contract for implementing rate limiting functionality. This contract provides a basic framework for
+ * rate limiting how often a function can be executed. It is designed to be inherited by other contracts requiring rate
+ * limiting capabilities to protect resources or services from excessive use.
+ *
+ * Example 1: Max rate limit reached at beginning of window. As time continues the amount of in flights comes down.
+ *
+ * Rate Limit Config:
+ *   limit: 100 units
+ *   window: 60 seconds
+ *
+ *                              Amount in Flight (units) vs. Time Graph (seconds)
+ *
+ *      100 | * - (Max limit reached at beginning of window)
+ *          |   *
+ *          |     *
+ *          |       *
+ *       50 |         * (After 30 seconds only 50 units in flight)
+ *          |           *
+ *          |             *
+ *          |               *
+ *       0  +--|---|---|---|---|-->(After 60 seconds 0 units are in flight)
+ *             0  15  30  45  60 (seconds)
+ *
+ * Example 2: Max rate limit reached at beginning of window. As time continues the amount of in flights comes down
+ * allowing for more to be sent. At the 90 second mark, more in flights come in.
+ *
+ * Rate Limit Config:
+ *   limit: 100 units
+ *   window: 60 seconds
+ *
+ *                              Amount in Flight (units) vs. Time Graph (seconds)
+ *
+ *      100 | * - (Max limit reached at beginning of window)
+ *          |   *
+ *          |     *
+ *          |       *
+ *       50 |         *          * (50 inflight)
+ *          |           *          *
+ *          |             *          *
+ *          |               *          *
+ *        0  +--|--|--|--|--|--|--|--|--|--> Time
+ *              0 15 30 45 60 75 90 105 120  (seconds)
+ *
+ * Example 3: Max rate limit reached at beginning of window. At the 15 second mark, the window gets updated to 60
+ * seconds and the limit gets updated to 50 units. This scenario shows the direct depiction of "in flight" from the
+ * previous window affecting the current window.
+ *
+ * Initial Rate Limit Config: For first 15 seconds
+ *   limit: 100 units
+ *   window: 30 seconds
+ *
+ * Updated Rate Limit Config: Updated at 15 second mark
+ *   limit: 50 units
+ *   window: 60 seconds
+ *
+ *                              Amount in Flight (units) vs. Time Graph (seconds)
+ *      100 - *
+ *            |*
+ *            | *
+ *            |  *
+ *            |   *
+ *            |    *
+ *            |     *
+ *       75 - |      *
+ *            |       *
+ *            |        *
+ *            |         *
+ *            |          *
+ *            |           *
+ *            |            *
+ *            |             *
+ *       50 - |              𐫰 <--(Slope changes at the 15 second mark because of the update.
+ *            |               ✧ *      Window extended to 60 seconds and limit reduced to 50 units.
+ *            |                ✧ ︎   *      Because amountInFlight/lastUpdated do not reset, 50 units are
+ *            |                 ✧       *      considered in flight from the previous window and the corresponding
+ *            |                  ✧ ︎          *     decay from the previous rate.)
+ *            |                   ✧              *
+ *       25 - |                    ✧                 *
+ *            |                     ✧                    *
+ *            |                      ✧                        *
+ *            |                       ✧                           *
+ *            |                        ✧                              *
+ *            |                         ✧                                  *
+ *            |                          ✧                                     *
+ *            |                           ✧                                        *
+ *        0 - +---|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----> Time
+ *            0   5    10   15   20   25   30   35   40   45   50   55   60   65   70   75   80   85   90 (seconds)
+ *            [  Initial 30 Second Window  ]
+ *                          [ --------------- Extended 60 Second Window --------------- ]
+ */
+abstract contract RateLimiter {
+    /**
+     * @notice Rate Limit struct.
+     * @param amountInFlight The amount in the current window.
+     * @param lastUpdated Timestamp representing the last time the rate limit was checked or updated.
+     * @param limit This represents the maximum allowed amount within a given window.
+     * @param window Defines the duration of the rate limiting window.
+     */
+    struct RateLimit {
+        uint256 amountInFlight;
+        uint256 lastUpdated;
+        uint256 limit;
+        uint256 window;
+    }
+    /**
+     * @notice Rate Limit Configuration struct.
+     * @param dstEid The destination endpoint id.
+     * @param limit This represents the maximum allowed amount within a given window.
+     * @param window Defines the duration of the rate limiting window.
+     */
+    struct RateLimitConfig {
+        uint32 dstEid;
+        uint256 limit;
+        uint256 window;
+    }
+    /**
+     * @dev Mapping from destination endpoint id to RateLimit Configurations.
+     */
+    mapping(uint32 dstEid => RateLimit limit) public rateLimits;
+    /**
+     * @notice Emitted when _setRateLimits occurs.
+     * @param rateLimitConfigs An array of `RateLimitConfig` structs representing the rate limit configurations set.
+     * - `dstEid`: The destination endpoint id.
+     * - `limit`: This represents the maximum allowed amount within a given window.
+     * - `window`: Defines the duration of the rate limiting window.
+     */
+    event RateLimitsChanged(RateLimitConfig[] rateLimitConfigs);
+    /**
+     * @notice Error that is thrown when an amount exceeds the rate_limit.
+     */
+    error RateLimitExceeded();
+    /**
+     * @notice Get the current amount that can be sent to this destination endpoint id for the given rate limit window.
+     * @param _dstEid The destination endpoint id.
+     * @return currentAmountInFlight The current amount that was sent.
+     * @return amountCanBeSent The amount that can be sent.
+     */
+    function getAmountCanBeSent(
+        uint32 _dstEid
+    ) external view virtual returns (uint256 currentAmountInFlight, uint256 amountCanBeSent) {
+        RateLimit memory rl = rateLimits[_dstEid];
+        return _amountCanBeSent(rl.amountInFlight, rl.lastUpdated, rl.limit, rl.window);
+    }
+    /**
+     * @notice Sets the Rate Limit.
+     * @param _rateLimitConfigs A `RateLimitConfig` struct representing the rate limit configuration.
+     * - `dstEid`: The destination endpoint id.
+     * - `limit`: This represents the maximum allowed amount within a given window.
+     * - `window`: Defines the duration of the rate limiting window.
+     */
+    function _setRateLimits(RateLimitConfig[] memory _rateLimitConfigs) internal virtual {
+        unchecked {
+            for (uint256 i = 0; i < _rateLimitConfigs.length; i++) {
+                RateLimit storage rl = rateLimits[_rateLimitConfigs[i].dstEid];
+                // @dev Ensure we checkpoint the existing rate limit as to not retroactively apply the new decay rate.
+                _checkAndUpdateRateLimit(_rateLimitConfigs[i].dstEid, 0);
+                // @dev Does NOT reset the amountInFlight/lastUpdated of an existing rate limit.
+                rl.limit = _rateLimitConfigs[i].limit;
+                rl.window = _rateLimitConfigs[i].window;
+            }
+        }
+        emit RateLimitsChanged(_rateLimitConfigs);
+    }
+    /**
+     * @notice Checks current amount in flight and amount that can be sent for a given rate limit window.
+     * @param _amountInFlight The amount in the current window.
+     * @param _lastUpdated Timestamp representing the last time the rate limit was checked or updated.
+     * @param _limit This represents the maximum allowed amount within a given window.
+     * @param _window Defines the duration of the rate limiting window.
+     * @return currentAmountInFlight The amount in the current window.
+     * @return amountCanBeSent The amount that can be sent.
+     */
+    function _amountCanBeSent(
+        uint256 _amountInFlight,
+        uint256 _lastUpdated,
+        uint256 _limit,
+        uint256 _window
+    ) internal view virtual returns (uint256 currentAmountInFlight, uint256 amountCanBeSent) {
+        uint256 timeSinceLastDeposit = block.timestamp - _lastUpdated;
+        if (timeSinceLastDeposit >= _window) {
+            currentAmountInFlight = 0;
+            amountCanBeSent = _limit;
+        } else {
+            // @dev Presumes linear decay.
+            uint256 decay = (_limit * timeSinceLastDeposit) / _window;
+            currentAmountInFlight = _amountInFlight <= decay ? 0 : _amountInFlight - decay;
+            // @dev In the event the _limit is lowered, and the 'in-flight' amount is higher than the _limit, set to 0.
+            amountCanBeSent = _limit <= currentAmountInFlight ? 0 : _limit - currentAmountInFlight;
+        }
+    }
+    /**
+     * @notice Verifies whether the specified amount falls within the rate limit constraints for the targeted
+     * endpoint ID. On successful verification, it updates amountInFlight and lastUpdated. If the amount exceeds
+     * the rate limit, the operation reverts.
+     * @param _dstEid The destination endpoint id.
+     * @param _amount The amount to check for rate limit constraints.
+     */
+    function _checkAndUpdateRateLimit(uint32 _dstEid, uint256 _amount) internal virtual {
+        // @dev By default dstEid that have not been explicitly set will return amountCanBeSent == 0.
+        RateLimit storage rl = rateLimits[_dstEid];
+        (uint256 currentAmountInFlight, uint256 amountCanBeSent) = _amountCanBeSent(
+            rl.amountInFlight,
+            rl.lastUpdated,
+            rl.limit,
+            rl.window
+        );
+        if (_amount > amountCanBeSent) revert RateLimitExceeded();
+        // @dev Update the storage to contain the new amount and current timestamp.
+        rl.amountInFlight = currentAmountInFlight + _amount;
+        rl.lastUpdated = block.timestamp;
+    }
+}

package/contracts/oft/OFT.sol CHANGED Viewed

@@ -30,7 +30,7 @@ abstract contract OFT is OFTCore, ERC20 {
      *
      * @dev In the case of OFT, address(this) and erc20 are the same contract.
      */
-    function token() external view returns (address) {
+    function token() public view returns (address) {
         return address(this);
     }
@@ -46,6 +46,7 @@ abstract contract OFT is OFTCore, ERC20 {
     /**
      * @dev Burns tokens from the sender's specified balance.
+     * @param _from The address to debit the tokens from.
      * @param _amountLD The amount of tokens to send in local decimals.
      * @param _minAmountLD The minimum amount to send in local decimals.
      * @param _dstEid The destination chain ID.
@@ -53,6 +54,7 @@ abstract contract OFT is OFTCore, ERC20 {
      * @return amountReceivedLD The amount received in local decimals on the remote.
      */
     function _debit(
+        address _from,
         uint256 _amountLD,
         uint256 _minAmountLD,
         uint32 _dstEid
@@ -63,7 +65,7 @@ abstract contract OFT is OFTCore, ERC20 {
         // therefore amountSentLD CAN differ from amountReceivedLD.
         // @dev Default OFT burns on src.
-        _burn(msg.sender, amountSentLD);
+        _burn(_from, amountSentLD);
     }
     /**

package/contracts/oft/OFTAdapter.sol CHANGED Viewed

@@ -42,7 +42,7 @@ abstract contract OFTAdapter is OFTCore {
      *
      * @dev In the case of OFTAdapter, address(this) and erc20 are NOT the same contract.
      */
-    function token() external view returns (address) {
+    function token() public view returns (address) {
         return address(innerToken);
     }
@@ -59,6 +59,7 @@ abstract contract OFTAdapter is OFTCore {
     /**
      * @dev Burns tokens from the sender's specified balance, ie. pull method.
+     * @param _from The address to debit from.
      * @param _amountLD The amount of tokens to send in local decimals.
      * @param _minAmountLD The minimum amount to send in local decimals.
      * @param _dstEid The destination chain ID.
@@ -71,13 +72,14 @@ abstract contract OFTAdapter is OFTCore {
      * a pre/post balance check will need to be done to calculate the amountReceivedLD.
      */
     function _debit(
+        address _from,
         uint256 _amountLD,
         uint256 _minAmountLD,
         uint32 _dstEid
     ) internal virtual override returns (uint256 amountSentLD, uint256 amountReceivedLD) {
         (amountSentLD, amountReceivedLD) = _debitView(_amountLD, _minAmountLD, _dstEid);
         // @dev Lock tokens by moving them into this contract from the caller.
-        innerToken.safeTransferFrom(msg.sender, address(this), amountSentLD);
+        innerToken.safeTransferFrom(_from, address(this), amountSentLD);
     }
     /**

package/contracts/oft/OFTCore.sol CHANGED Viewed

@@ -179,6 +179,7 @@ abstract contract OFTCore is IOFT, OApp, OAppPreCrimeSimulator, OAppOptionsType3
         // - amountSentLD is the amount in local decimals that was ACTUALLY sent/debited from the sender.
         // - amountReceivedLD is the amount in local decimals that will be received/credited to the recipient on the remote OFT instance.
         (uint256 amountSentLD, uint256 amountReceivedLD) = _debit(
+            msg.sender,
             _sendParam.amountLD,
             _sendParam.minAmountLD,
             _sendParam.dstEid
@@ -363,6 +364,7 @@ abstract contract OFTCore is IOFT, OApp, OAppPreCrimeSimulator, OAppOptionsType3
     /**
      * @dev Internal function to perform a debit operation.
+     * @param _from The address to debit.
      * @param _amountLD The amount to send in local decimals.
      * @param _minAmountLD The minimum amount to send in local decimals.
      * @param _dstEid The destination endpoint ID.
@@ -373,6 +375,7 @@ abstract contract OFTCore is IOFT, OApp, OAppPreCrimeSimulator, OAppOptionsType3
      * @dev Depending on OFT implementation the _amountLD could differ from the amountReceivedLD.
      */
     function _debit(
+        address _from,
         uint256 _amountLD,
         uint256 _minAmountLD,
         uint32 _dstEid

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@layerzerolabs/lz-evm-oapp-v2",
-  "version": "2.1.21",
+  "version": "2.1.23",
   "license": "MIT",
   "files": [
     "artifacts/contracts/**/!(*.dbg).json",
@@ -11,9 +11,9 @@
   },
   "dependencies": {},
   "devDependencies": {
-    "@layerzerolabs/lz-evm-messagelib-v2": "^2.1.21",
-    "@layerzerolabs/lz-evm-protocol-v2": "^2.1.21",
-    "@layerzerolabs/lz-evm-v1-0.7": "^2.1.21",
+    "@layerzerolabs/lz-evm-messagelib-v2": "^2.1.23",
+    "@layerzerolabs/lz-evm-protocol-v2": "^2.1.23",
+    "@layerzerolabs/lz-evm-v1-0.7": "^2.1.23",
     "@openzeppelin/contracts": "^4.8.1",
     "@openzeppelin/contracts-upgradeable": "^4.8.1",
     "hardhat-deploy": "^0.11.44",
@@ -21,9 +21,9 @@
     "solidity-bytes-utils": "^0.8.0"
   },
   "peerDependencies": {
-    "@layerzerolabs/lz-evm-messagelib-v2": "^2.1.21",
-    "@layerzerolabs/lz-evm-protocol-v2": "^2.1.21",
-    "@layerzerolabs/lz-evm-v1-0.7": "^2.1.21",
+    "@layerzerolabs/lz-evm-messagelib-v2": "^2.1.23",
+    "@layerzerolabs/lz-evm-protocol-v2": "^2.1.23",
+    "@layerzerolabs/lz-evm-v1-0.7": "^2.1.23",
     "@openzeppelin/contracts": "^4.8.1 || ^5.0.0",
     "@openzeppelin/contracts-upgradeable": "^4.8.1 || ^5.0.0",
     "hardhat-deploy": "^0.11.44",