npm - @layerzerolabs/protocol-stellar-v2 - Versions diffs - 0.2.10 → 0.2.12 - Mend

@layerzerolabs/protocol-stellar-v2 0.2.10 → 0.2.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (129) hide show

package/contracts/oapps/oft/src/tests/mod.rs CHANGED Viewed

@@ -11,3 +11,5 @@ pub mod test_quote_send;
 pub mod test_resolve_address;
 pub mod test_send;
 pub mod test_token;
+pub mod extensions;

package/contracts/oapps/oft/src/tests/test_utils.rs CHANGED Viewed

@@ -110,8 +110,15 @@ pub struct TestMintBurnOFT;
 #[contractimpl]
 impl TestMintBurnOFT {
-    pub fn __constructor(env: &Env, token: &Address, owner: &Address, endpoint: &Address, delegate: &Option<Address>) {
-        oft_initialize::<Self>(env, owner, token, endpoint, delegate)
+    pub fn __constructor(
+        env: &Env,
+        token: &Address,
+        owner: &Address,
+        endpoint: &Address,
+        delegate: &Option<Address>,
+        shared_decimals: u32,
+    ) {
+        oft_initialize::<Self>(env, owner, token, endpoint, delegate, shared_decimals)
     }
 }
@@ -134,8 +141,15 @@ pub struct TestLockUnlockOFT;
 #[contractimpl]
 impl TestLockUnlockOFT {
-    pub fn __constructor(env: &Env, token: &Address, owner: &Address, endpoint: &Address, delegate: &Option<Address>) {
-        oft_initialize::<Self>(env, owner, token, endpoint, delegate)
+    pub fn __constructor(
+        env: &Env,
+        token: &Address,
+        owner: &Address,
+        endpoint: &Address,
+        delegate: &Option<Address>,
+        shared_decimals: u32,
+    ) {
+        oft_initialize::<Self>(env, owner, token, endpoint, delegate, shared_decimals)
     }
 }
@@ -477,8 +491,12 @@ impl<'a> OFTTestSetupBuilder<'a> {
         // Register OFT based on type
         let delegate: Option<Address> = Some(owner.clone());
         let oft_address = match oft_type {
-            OFTType::MintBurn => env.register(TestMintBurnOFT, (&token, &owner, &endpoint_address, &delegate)),
-            OFTType::LockUnlock => env.register(TestLockUnlockOFT, (&token, &owner, &endpoint_address, &delegate)),
+            OFTType::MintBurn => {
+                env.register(TestMintBurnOFT, (&token, &owner, &endpoint_address, &delegate, &self.shared_decimals))
+            }
+            OFTType::LockUnlock => {
+                env.register(TestLockUnlockOFT, (&token, &owner, &endpoint_address, &delegate, &self.shared_decimals))
+            }
         };
         let oft = OFTClient::new(env, &oft_address);

package/contracts/oapps/{oft-mint-burn → oft-std}/Cargo.toml RENAMED Viewed

@@ -1,5 +1,5 @@
 [package]
-name = "oft-mint-burn"
+name = "oft-std"
 version.workspace = true
 edition.workspace = true
 license.workspace = true
@@ -17,10 +17,3 @@ common-macros = { workspace = true }
 oapp-macros = { workspace = true }
 oft = { workspace = true }
-[dev-dependencies]
-soroban-sdk = { workspace = true, features = ["testutils"] }
-assert_unordered = "0.3.5"
-simple-message-lib = { workspace = true }
-message-lib-common = { workspace = true, features = ["testutils"] }
-endpoint-v2 = { workspace = true, features = ["testutils"] }
-executor = { workspace = true, features = ["testutils"] }

package/contracts/oapps/oft-std/src/lib.rs ADDED Viewed

@@ -0,0 +1,5 @@
+#![no_std]
+mod oft;
+pub use oft::*;

package/contracts/oapps/oft-std/src/oft.rs ADDED Viewed

@@ -0,0 +1,59 @@
+use common_macros::{contract_impl, storage};
+use oapp_macros::oapp;
+use oft::oft::{oft_initialize, OFTInner, OFT};
+use oft::oft_types::{lock_unlock, mint_burn};
+use oft::types::OFTReceipt;
+use soroban_sdk::{Address, Env};
+#[storage]
+enum OFTStdStorage {
+    #[instance(bool)]
+    IsLockUnlock,
+}
+#[oapp]
+pub struct OFTStd;
+#[contract_impl]
+impl OFTStd {
+    pub fn __constructor(
+        env: &Env,
+        token: &Address,
+        owner: &Address,
+        endpoint: &Address,
+        delegate: &Option<Address>,
+        shared_decimals: u32,
+        is_lock_unlock: bool,
+    ) {
+        oft_initialize::<Self>(env, owner, token, endpoint, delegate, shared_decimals);
+        OFTStdStorage::set_is_lock_unlock(env, &is_lock_unlock);
+    }
+    /// Whether this OFT uses lock/unlock mode (true) or mint/burn mode (false)
+    pub fn is_lock_unlock(env: &Env) -> bool {
+        OFTStdStorage::is_lock_unlock(env).unwrap()
+    }
+}
+/// OFT trait implementation for standard OFT
+#[contract_impl(contracttrait)]
+impl OFT for OFTStd {}
+/// OFT behavior for standard OFT
+impl OFTInner for OFTStd {
+    fn __debit(env: &Env, sender: &Address, amount_ld: i128, min_amount_ld: i128, dst_eid: u32) -> OFTReceipt {
+        if Self::is_lock_unlock(env) {
+            lock_unlock::debit::<Self>(env, sender, amount_ld, min_amount_ld, dst_eid)
+        } else {
+            mint_burn::debit::<Self>(env, sender, amount_ld, min_amount_ld, dst_eid)
+        }
+    }
+    fn __credit(env: &Env, to: &Address, amount_ld: i128, src_eid: u32) -> i128 {
+        if Self::is_lock_unlock(env) {
+            lock_unlock::credit::<Self>(env, to, amount_ld, src_eid)
+        } else {
+            mint_burn::credit::<Self>(env, to, amount_ld, src_eid)
+        }
+    }
+}

package/contracts/utils/src/ownable.rs CHANGED Viewed

@@ -1,7 +1,7 @@
 use crate::errors::OwnableError;
 use crate::option_ext::OptionExt;
-use common_macros::{event, storage};
-use soroban_sdk::{assert_with_error, contractclient, Address, Env};
+use common_macros::storage;
+use soroban_sdk::{assert_with_error, contractclient, contractevent, Address, Env};
 // ============================================
 // Ownable Initializer Interface
@@ -44,14 +44,16 @@ pub fn require_owner_auth<T: Ownable>(env: &Env) {
 }
 /// Event emitted when ownership is transferred.
-#[event]
+#[contractevent]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub struct OwnershipTransferred {
     pub old_owner: Address,
     pub new_owner: Address,
 }
 /// Event emitted when ownership is renounced.
-#[event]
+#[contractevent]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub struct OwnershipRenounced {
     pub old_owner: Address,
 }
@@ -76,13 +78,13 @@ impl Ownable for DefaultOwnable {
     }
     fn transfer_ownership(env: &Env, new_owner: &Address) {
-        let old_owner = enforce_owner_auth::<Self>(env);
+        let old_owner = Self::owner(env).unwrap_or_panic(env, OwnableError::OwnerNotSet);
         DefaultOwnableStorage::set_owner(env, new_owner);
         OwnershipTransferred { old_owner, new_owner: new_owner.clone() }.publish(env);
     }
     fn renounce_ownership(env: &Env) {
-        let old_owner = enforce_owner_auth::<Self>(env);
+        let old_owner = Self::owner(env).unwrap_or_panic(env, OwnableError::OwnerNotSet);
         DefaultOwnableStorage::remove_owner(env);
         OwnershipRenounced { old_owner }.publish(env);
     }

package/contracts/utils/src/tests/ownable.rs CHANGED Viewed

@@ -186,20 +186,6 @@ fn transfer_ownership_to_same_owner() {
     assert_eq!(client.owner(), Some(owner));
 }
-#[test]
-#[should_panic(expected = "Error(Auth, InvalidAction)")]
-fn transfer_ownership_requires_auth() {
-    let env = Env::default();
-    let owner = Address::generate(&env);
-    let new_owner = Address::generate(&env);
-    let contract = env.register(Contract, (&owner,));
-    let client = ContractClient::new(&env, &contract);
-    // Try to transfer without auth should fail
-    client.transfer_ownership(&new_owner);
-}
 #[test]
 #[should_panic(expected = "Error(Contract, #1301)")]
 fn transfer_after_renounce_fails() {
@@ -264,19 +250,6 @@ fn renounce_ownership_with_event() {
     assert_eq!(client.owner(), None);
 }
-#[test]
-#[should_panic(expected = "Error(Auth, InvalidAction)")]
-fn renounce_ownership_requires_auth() {
-    let env = Env::default();
-    let owner = Address::generate(&env);
-    let contract = env.register(Contract, (&owner,));
-    let client = ContractClient::new(&env, &contract);
-    // Try to renounce without auth should fail
-    client.renounce_ownership();
-}
 #[test]
 #[should_panic(expected = "Error(Contract, #1301)")]
 fn renounce_after_renounce_fails() {
@@ -352,42 +325,6 @@ fn chain_new_owner_can_transfer() {
     assert_eq!(client.owner(), Some(third_owner));
 }
-#[test]
-#[should_panic(expected = "Error(Auth, InvalidAction)")]
-fn chain_old_owner_cannot_transfer_after_transfer() {
-    let env = Env::default();
-    let owner = Address::generate(&env);
-    let new_owner = Address::generate(&env);
-    let third_owner = Address::generate(&env);
-    let contract = env.register(Contract, (&owner,));
-    let client = ContractClient::new(&env, &contract);
-    // Transfer to new_owner
-    env.mock_auths(&[MockAuth {
-        address: &owner,
-        invoke: &MockAuthInvoke {
-            contract: &contract,
-            args: (&new_owner,).into_val(&env),
-            fn_name: "transfer_ownership",
-            sub_invokes: &[],
-        },
-    }]);
-    client.transfer_ownership(&new_owner);
-    // Old owner tries to transfer again - should fail
-    env.mock_auths(&[MockAuth {
-        address: &owner,
-        invoke: &MockAuthInvoke {
-            contract: &contract,
-            args: (&third_owner,).into_val(&env),
-            fn_name: "transfer_ownership",
-            sub_invokes: &[],
-        },
-    }]);
-    client.transfer_ownership(&third_owner);
-}
 // ============================================
 // init: DefaultOwnable::init_owner tests
 // ============================================

package/contracts/utils/src/tests/testing_utils.rs CHANGED Viewed

@@ -1,23 +1,25 @@
 use crate::testing_utils::{assert_event, assert_events, ExpectedEvent, IntoExpectedEvent};
-use common_macros::event;
-use soroban_sdk::{contract, contractimpl, testutils::Address as _, Address, Env, IntoVal, Val, Vec};
+use soroban_sdk::{contract, contractevent, contractimpl, testutils::Address as _, Address, Env, IntoVal, Val, Vec};
 // ============================================
 // Test Fixtures
 // ============================================
-#[event]
+#[contractevent]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub struct TestEvent1 {
     pub value: u32,
 }
-#[event]
+#[contractevent]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub struct TestEvent2 {
     pub name: u32,
     pub count: u64,
 }
-#[event]
+#[contractevent]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub struct TestEvent3 {
     pub address: Address,
 }

package/contracts/utils/src/ttl.rs CHANGED Viewed

@@ -1,5 +1,5 @@
 use crate::errors::TtlError;
-use soroban_sdk::{assert_with_error, contractclient, contracttype, Env};
+use soroban_sdk::{assert_with_error, contractclient, contractevent, contracttype, Env};
 /// Number of ledgers per day (~5 second ledger close time).
 pub const LEDGERS_PER_DAY: u32 = (24 * 3600) / 5;
@@ -85,6 +85,8 @@ impl TtlConfigurable for DefaultTtlConfigurable {
         TtlConfigStorage::set_or_remove_instance(env, instance);
         TtlConfigStorage::set_or_remove_persistent(env, persistent);
+        TtlConfigsSet { instance: *instance, persistent: *persistent }.publish(env);
     }
     fn ttl_configs(env: &Env) -> (Option<TtlConfig>, Option<TtlConfig>) {
@@ -94,6 +96,8 @@ impl TtlConfigurable for DefaultTtlConfigurable {
     fn freeze_ttl_configs(env: &Env) {
         assert_with_error!(env, !Self::is_ttl_configs_frozen(env), TtlError::TtlConfigAlreadyFrozen);
         TtlConfigStorage::set_frozen(env, &true);
+        TtlConfigsFrozen {}.publish(env);
     }
     fn is_ttl_configs_frozen(env: &Env) -> bool {
@@ -101,4 +105,19 @@ impl TtlConfigurable for DefaultTtlConfigurable {
     }
 }
-// TODO: add events
+// ============================================
+// Events
+// ============================================
+/// Event emitted when TTL configs are set.
+#[contractevent]
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub struct TtlConfigsSet {
+    pub instance: Option<TtlConfig>,
+    pub persistent: Option<TtlConfig>,
+}
+/// Event emitted when TTL configs are frozen.
+#[contractevent]
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub struct TtlConfigsFrozen {}

package/contracts/workers/dvn/src/auth.rs CHANGED Viewed

@@ -1,66 +1,144 @@
-use crate::TransactionAuthData;
+use super::*;
 use soroban_sdk::{
     address_payload::AddressPayload,
     auth::{Context, CustomAccountInterface},
+    contractimpl, contracttype,
+    crypto::Hash,
+    vec, Symbol,
 };
+// ============================================================================
+// Authentication Data Types
+// ============================================================================
+#[contracttype]
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub enum Sender {
+    /// No explicit sender (permissionless execution).
+    None,
+    /// A registered admin (ed25519) submitting the transaction.
+    /// The tuple is `(public_key, signature)` where the signature covers the Soroban payload.
+    Admin(BytesN<32>, BytesN<64>),
+}
+/// Authentication data for DVN contract transactions.
+///
+/// This struct is used with Soroban's custom account interface to authorize
+/// transactions through a combination of admin signature and multisig quorum.
+#[contracttype]
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub struct TransactionAuthData {
+    /// Verifier ID - must match the DVN's configured VID.
+    pub vid: u32,
+    /// Expiration timestamp (ledger time) after which this auth is invalid.
+    pub expiration: u64,
+    /// Signatures from multisig signers (secp256k1, 65 bytes each).
+    pub signatures: Vec<BytesN<65>>,
+    /// Entity submitting the transaction (admin, or permissionless).
+    pub sender: Sender,
+}
+// ============================================================================
+// Custom Account Interface Implementation
+// ============================================================================
 #[contractimpl]
-impl CustomAccountInterface for Dvn {
+impl CustomAccountInterface for LzDVN {
     type Signature = TransactionAuthData;
     type Error = DvnError;
-    #[allow(non_snake_case)]
+    /// Validates authorization for DVN contract operations.
     fn __check_auth(
         env: Env,
         signature_payload: Hash<32>,
         auth_data: Self::Signature,
         auth_contexts: Vec<Context>,
     ) -> Result<(), Self::Error> {
-        let TransactionAuthData { vid, expiration, signatures, admin, admin_signature } = auth_data;
-        verify_admin(&env, &admin, &admin_signature, &signature_payload)?;
+        let TransactionAuthData { vid, expiration, signatures, sender } = auth_data;
-        let stored_vid = DvnStorage::vid(&env).unwrap();
-        if vid != stored_vid {
+        // 1. Check VID and expiration
+        if vid != Self::vid(&env) {
             return Err(DvnError::InvalidVid);
         }
         if expiration <= env.ledger().timestamp() {
             return Err(DvnError::AuthDataExpired);
         }
-        let hash = hash_auth_data(&env, vid, expiration, &auth_contexts);
+        // 2. Admin verification (skip for quorum_change_admin)
+        if !Self::is_invoking_quorum_change_admin(&env, &auth_contexts) {
+            let Sender::Admin(public_key, signature) = sender else {
+                return Err(DvnError::OnlyAdmin);
+            };
+            Self::verify_admin_signature(&env, &public_key, &signature, &signature_payload)?;
+        }
+        // 3. Replay protection
+        let calls = Self::extract_execution_calls(&env, &auth_contexts)?;
+        let hash = Self::hash_call_data(&env, vid, expiration, &calls);
         if DvnStorage::used_hash(&env, &hash) {
             return Err(DvnError::HashAlreadyUsed);
         }
-        Dvn::verify_signatures(&env, &hash, &signatures);
         DvnStorage::set_used_hash(&env, &hash, &true);
+        // 4. Multisig verification (most expensive - do last)
+        Self::verify_signatures(&env, &hash, &signatures);
         Ok(())
     }
 }
-fn verify_admin(
-    env: &Env,
-    admin: &BytesN<32>,
-    admin_signature: &BytesN<64>,
-    signature_payload: &Hash<32>,
-) -> Result<(), DvnError> {
-    let admin_address = Address::from_payload(env, AddressPayload::AccountIdPublicKeyEd25519(admin.clone()));
-    if !Dvn::is_admin(env, &admin_address) {
-        return Err(DvnError::OnlyAdmin);
-    }
+// ============================================================================
+// Internal Helper Functions
+// ============================================================================
-    env.crypto().ed25519_verify(admin, &signature_payload.clone().into(), admin_signature);
+impl LzDVN {
+    /// Verifies that the admin signature is valid and from a registered admin.
+    ///
+    /// # Arguments
+    /// * `public_key` - The admin's Ed25519 public key (32 bytes)
+    /// * `signature` - The admin's signature over the signature payload (64 bytes)
+    /// * `signature_payload` - The payload that was signed
+    ///
+    /// # Errors
+    /// Returns `DvnError::OnlyAdmin` if the signer is not a registered admin.
+    fn verify_admin_signature(
+        env: &Env,
+        public_key: &BytesN<32>,
+        signature: &BytesN<64>,
+        signature_payload: &Hash<32>,
+    ) -> Result<(), DvnError> {
+        let admin_address = Address::from_payload(env, AddressPayload::AccountIdPublicKeyEd25519(public_key.clone()));
+        if !Self::is_admin(env, &admin_address) {
+            return Err(DvnError::OnlyAdmin);
+        }
-    Ok(())
-}
+        env.crypto().ed25519_verify(public_key, &signature_payload.clone().into(), signature);
-fn hash_auth_data(env: &Env, vid: u32, expiration: u64, auth_contexts: &Vec<Context>) -> BytesN<32> {
-    let mut writer = BufferWriter::new(env);
-    let data = writer.write_u32(vid).write_u64(expiration).write_bytes(&auth_contexts.to_xdr(env)).to_bytes();
-    env.crypto().keccak256(&data).into()
+        Ok(())
+    }
+    /// Extracts the execution calls from the auth contexts.
+    fn extract_execution_calls(env: &Env, auth_contexts: &Vec<Context>) -> Result<Vec<Call>, DvnError> {
+        auth_contexts.iter().try_fold(vec![env], |mut calls, context| {
+            let Context::Contract(ctx) = context else {
+                return Err(DvnError::NonContractInvoke);
+            };
+            calls.push_back(Call { to: ctx.contract, func: ctx.fn_name, args: ctx.args });
+            Ok(calls)
+        })
+    }
+    /// Checks if the auth context is for `quorum_change_admin` on this contract.
+    /// This function doesn't require admin verification (quorum-only).
+    fn is_invoking_quorum_change_admin(env: &Env, auth_contexts: &Vec<Context>) -> bool {
+        // Must be exactly one call (no bundling with other operations)
+        if auth_contexts.len() != 1 {
+            return false;
+        }
+        let Context::Contract(ctx) = auth_contexts.first().unwrap() else {
+            return false;
+        };
+        ctx.contract == env.current_contract_address() && ctx.fn_name == Symbol::new(env, "quorum_change_admin")
+    }
 }