@layerzerolabs/protocol-stellar-v2 0.2.33 → 0.2.35

package/contracts/endpoint-v2/src/tests/messaging_channel/skip.rs

@@ -53,7 +53,7 @@ fn test_skip_requires_auth_even_when_caller_is_receiver() {
     endpoint_client.skip(&receiver, &receiver, &src_eid, &sender, &nonce);
 }
 
-// Successful skip updates inbound/lazy nonces and emits InboundNonceSkipped
+// Successful skip updates inbound nonce and emits InboundNonceSkipped
 #[test]
 fn test_skip_success() {
     let context = setup();
@@ -65,13 +65,10 @@ fn test_skip_success() {
     let sender = BytesN::from_array(env, &[1u8; 32]);
     let nonce = 1;
 
-    // Verify initial state: lazy inbound nonce should be 0.
-    let initial_lazy_nonce = endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender);
-    assert_eq!(initial_lazy_nonce, 0, "Initial lazy inbound nonce should be 0");
-
     // Initially, inbound nonce should be 0.
     let initial_nonce = endpoint_client.inbound_nonce(&receiver, &src_eid, &sender);
     assert_eq!(initial_nonce, 0);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 
     // Skip nonce 1 (expected nonce is initial_nonce + 1 = 1).
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, nonce);
@@ -86,10 +83,7 @@ fn test_skip_success() {
     // Verify inbound nonce reflects the skip via public interface.
     let updated_nonce = endpoint_client.inbound_nonce(&receiver, &src_eid, &sender);
     assert_eq!(updated_nonce, nonce);
-
-    // Verify lazy inbound nonce was updated.
-    let lazy_nonce = endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender);
-    assert_eq!(lazy_nonce, nonce);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
 // Multiple sequential skips update to the latest nonce
@@ -111,13 +105,10 @@ fn test_skip_multiple_nonces() {
     let nonce2 = 2;
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, nonce2);
 
-    // Verify lazy inbound nonce was updated to nonce2.
-    let lazy_nonce = endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender);
-    assert_eq!(lazy_nonce, nonce2);
-
     // Verify inbound nonce reflects the latest skip.
     let updated_nonce = endpoint_client.inbound_nonce(&receiver, &src_eid, &sender);
     assert_eq!(updated_nonce, nonce2);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
 // Delegate authorization (delegate(receiver) is allowed)
@@ -146,9 +137,8 @@ fn test_skip_with_delegate() {
         InboundNonceSkipped { src_eid, sender: sender.clone(), receiver: receiver.clone(), nonce },
     );
 
-    // Verify lazy inbound nonce was updated.
-    let lazy_nonce = endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender);
-    assert_eq!(lazy_nonce, nonce);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), nonce);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
 // Path isolation (receiver/src_eid/sender are isolated)
@@ -176,11 +166,11 @@ fn test_skip_different_paths() {
     // Skip for different senders.
     skip_with_auth(&context, &receiver1, &receiver1, src_eid1, &sender2, nonce);
 
-    // Verify all paths have independent lazy nonces.
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver1, &src_eid1, &sender1), nonce);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver2, &src_eid1, &sender1), nonce);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver1, &src_eid2, &sender1), nonce);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver1, &src_eid1, &sender2), nonce);
+    // Verify all paths have independent inbound nonces.
+    assert_eq!(endpoint_client.inbound_nonce(&receiver1, &src_eid1, &sender1), nonce);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver2, &src_eid1, &sender1), nonce);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver1, &src_eid2, &sender1), nonce);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver1, &src_eid1, &sender2), nonce);
 }
 
 // Invalid nonce rejection (must match expected nonce)
@@ -224,10 +214,10 @@ fn test_skip_next_nonce_accounts_for_verified_payload_hashes() {
     let result = endpoint_client.try_skip(&receiver, &receiver, &src_eid, &sender, &1);
     assert_eq!(result.err().unwrap().ok().unwrap(), EndpointError::InvalidNonce.into());
 
-    // Skipping 2 should succeed and advance lazy inbound nonce to 2.
+    // Skipping 2 should succeed and advance inbound nonce to 2.
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, 2);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 2);
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 2);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 
     // skip() does not clear any existing payload hashes.
     assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &1), Some(payload_hash_1));
@@ -251,8 +241,8 @@ fn test_skip_closes_gap_and_advances_inbound_nonce() {
 
     // Skip nonce 1 to close the gap. This should allow inbound_nonce to advance to 2.
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, 1);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 1);
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 2);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 
     // Payload hash at nonce 2 remains intact.
     assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &2), Some(payload_hash_2));
@@ -271,7 +261,7 @@ fn test_skip_rejects_repeated_same_nonce() {
 
     // Skip nonce 1 successfully.
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, 1);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 1);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 1);
 
     // Skipping nonce 1 again should fail since the next expected nonce is now 2.
     context.mock_auth(&receiver, "skip", (&receiver, &receiver, &src_eid, &sender, &1u64));

package/contracts/layerzero-views/src/layerzero_view.rs

@@ -104,9 +104,9 @@ impl LayerZeroView {
         let empty_hash = empty_payload_hash(env);
         let nil_hash = nil_payload_hash(env);
 
-        // Executed: payload hash has been cleared (None) and nonce <= lazy_inbound_nonce
+        // Executed: payload hash has been cleared (None) and nonce <= inbound_nonce
         if payload_hash.is_none()
-            && origin.nonce <= messaging_channel.lazy_inbound_nonce(receiver, &origin.src_eid, &origin.sender)
+            && origin.nonce <= messaging_channel.inbound_nonce(receiver, &origin.src_eid, &origin.sender)
         {
             return ExecutionState::Executed;
         }

package/contracts/layerzero-views/src/tests/layerzero_view_tests.rs

@@ -206,9 +206,9 @@ fn test_executable_state_executed() {
     let receiver = test_setup.register_oapp();
     let sender = soroban_sdk::Address::generate(&test_setup.env);
 
-    // Clear payload hash (None) and set lazy_inbound_nonce >= nonce = Executed
+    // Clear payload hash (None) and set inbound_nonce >= nonce = Executed
     test_setup.set_payload_hash(&receiver, REMOTE_EID, &sender, 1, &None);
-    test_setup.set_lazy_inbound_nonce(&receiver, REMOTE_EID, &sender, 1);
+    test_setup.set_inbound_nonce(&receiver, REMOTE_EID, &sender, 1);
 
     let origin = Origin { src_eid: REMOTE_EID, sender: address_to_bytes32(&sender), nonce: 1 };
 
@@ -262,9 +262,8 @@ fn test_executable_multiple_nonces_in_sequence() {
     assert_eq!(test_setup.view_client.executable(&origin_2, &receiver), ExecutionState::VerifiedButNotExecutable);
     assert_eq!(test_setup.view_client.executable(&origin_3, &receiver), ExecutionState::VerifiedButNotExecutable);
 
-    // Now execute nonce 1 (set lazy_inbound_nonce)
+    // Now execute nonce 1 (clear payload hash, advance inbound_nonce)
     test_setup.set_payload_hash(&receiver, REMOTE_EID, &sender, 1, &None);
-    test_setup.set_lazy_inbound_nonce(&receiver, REMOTE_EID, &sender, 1);
     test_setup.set_inbound_nonce(&receiver, REMOTE_EID, &sender, 2);
 
     assert_eq!(test_setup.view_client.executable(&origin_1, &receiver), ExecutionState::Executed);

package/contracts/layerzero-views/src/tests/setup.rs

@@ -30,7 +30,6 @@ mod endpoint_storage {
         Initializable(Address, u32, BytesN<32>),
         Verifiable(Address, u32, BytesN<32>),
         // State for executable tests
-        LazyInboundNonce(Address, u32, BytesN<32>),
         InboundNonce(Address, u32, BytesN<32>),
         InboundPayloadHash(Address, u32, BytesN<32>, u64),
         ReceiveLibrary(Address, u32),
@@ -91,13 +90,6 @@ impl MockEndpoint {
             .set(&endpoint_storage::MockEndpointStorage::Verifiable(receiver.clone(), *src_eid, sender.clone()), value);
     }
 
-    pub fn set_lazy_inbound_nonce(env: &Env, receiver: &Address, src_eid: &u32, sender: &BytesN<32>, nonce: &u64) {
-        env.storage().persistent().set(
-            &endpoint_storage::MockEndpointStorage::LazyInboundNonce(receiver.clone(), *src_eid, sender.clone()),
-            nonce,
-        );
-    }
-
     pub fn set_inbound_nonce(env: &Env, receiver: &Address, src_eid: &u32, sender: &BytesN<32>, nonce: &u64) {
         env.storage().persistent().set(
             &endpoint_storage::MockEndpointStorage::InboundNonce(receiver.clone(), *src_eid, sender.clone()),
@@ -135,13 +127,6 @@ impl MockEndpoint {
     // Getters required by LayerZeroView
     // =========================================================================
 
-    pub fn lazy_inbound_nonce(env: &Env, receiver: &Address, src_eid: &u32, sender: &BytesN<32>) -> u64 {
-        env.storage()
-            .persistent()
-            .get(&endpoint_storage::MockEndpointStorage::LazyInboundNonce(receiver.clone(), *src_eid, sender.clone()))
-            .unwrap_or(0)
-    }
-
     pub fn inbound_nonce(env: &Env, receiver: &Address, src_eid: &u32, sender: &BytesN<32>) -> u64 {
         env.storage()
             .persistent()
@@ -282,12 +267,6 @@ impl<'a> TestSetup<'a> {
         self.endpoint_client.set_verifiable(receiver, &src_eid, &sender_bytes32, &value);
     }
 
-    /// Set lazy inbound nonce (marks messages up to this nonce as processed).
-    pub fn set_lazy_inbound_nonce(&self, receiver: &Address, src_eid: u32, sender: &Address, nonce: u64) {
-        let sender_bytes32 = address_to_bytes32(sender);
-        self.endpoint_client.set_lazy_inbound_nonce(receiver, &src_eid, &sender_bytes32, &nonce);
-    }
-
     /// Set inbound nonce (marks messages up to this nonce as verified and executable).
     pub fn set_inbound_nonce(&self, receiver: &Address, src_eid: u32, sender: &Address, nonce: u64) {
         let sender_bytes32 = address_to_bytes32(sender);

package/contracts/message-libs/blocked-message-lib/src/lib.rs

@@ -15,12 +15,12 @@
 #[cfg(test)]
 mod tests;
 
-use common_macros::{contract_error, contract_impl};
+use common_macros::contract_error;
 use endpoint_v2::{
     FeesAndPacket, IMessageLib, ISendLib, MessageLibType, MessageLibVersion, MessagingFee, OutboundPacket,
     SetConfigParam,
 };
-use soroban_sdk::{contract, panic_with_error, Address, Bytes, Env, Vec};
+use soroban_sdk::{contract, contractimpl, panic_with_error, Address, Bytes, Env, Vec};
 
 #[contract_error]
 pub enum BlockedMessageLibError {
@@ -31,7 +31,7 @@ pub enum BlockedMessageLibError {
 #[contract]
 pub struct BlockedMessageLib;
 
-#[contract_impl]
+#[contractimpl]
 impl IMessageLib for BlockedMessageLib {
     /// Always panics - config modification is not supported.
     fn set_config(env: &Env, _oapp: &Address, _param: &Vec<SetConfigParam>) {
@@ -59,7 +59,7 @@ impl IMessageLib for BlockedMessageLib {
     }
 }
 
-#[contract_impl]
+#[contractimpl]
 impl ISendLib for BlockedMessageLib {
     /// Always panics - quoting is blocked.
     fn quote(env: &Env, _packet: &OutboundPacket, _options: &Bytes, _pay_in_zro: bool) -> MessagingFee {

package/contracts/message-libs/uln-302/src/send_uln.rs

@@ -45,7 +45,7 @@ impl ISendLib for Uln302 {
 
         // Treasury fee
         let workers_fee = executor_fee + dvns_fee;
-        let (_, treasury_fee) = Self::quote_treasury(env, &packet.sender, packet.dst_eid, &workers_fee, &pay_in_zro);
+        let (_, treasury_fee) = Self::quote_treasury(env, &packet.sender, packet.dst_eid, workers_fee, pay_in_zro);
 
         if pay_in_zro {
             MessagingFee { native_fee: workers_fee, zro_fee: treasury_fee }
@@ -91,7 +91,7 @@ impl ISendLib for Uln302 {
         // Treasury fee
         let total_worker_fee = native_fee_recipients.iter().map(|fee| fee.amount).sum();
         let (treasury_addr, treasury_fee) =
-            Self::quote_treasury(env, &packet.sender, packet.dst_eid, &total_worker_fee, &pay_in_zro);
+            Self::quote_treasury(env, &packet.sender, packet.dst_eid, total_worker_fee, pay_in_zro);
 
         // Handle ZRO fee recipients
         let mut zro_fee_recipients = vec![env];
@@ -280,12 +280,12 @@ impl Uln302 {
         env: &Env,
         sender: &Address,
         dst_eid: u32,
-        workers_fee: &i128,
-        pay_in_zro: &bool,
+        workers_fee: i128,
+        pay_in_zro: bool,
     ) -> (Address, i128) {
         let treasury_addr = Self::treasury(env);
         let treasury_fee =
-            LayerZeroTreasuryClient::new(env, &treasury_addr).get_fee(sender, &dst_eid, workers_fee, pay_in_zro);
+            LayerZeroTreasuryClient::new(env, &treasury_addr).get_fee(sender, &dst_eid, &workers_fee, &pay_in_zro);
         assert_with_error!(env, treasury_fee >= 0, Uln302Error::InvalidFee);
         (treasury_addr, treasury_fee)
     }

package/contracts/oapps/counter/src/counter.rs

@@ -67,6 +67,12 @@ impl Counter {
         }
     }
 
+    #[only_auth]
+    pub fn withdraw(env: &Env, to: &Address, amount: i128) {
+        let native_token = LayerZeroEndpointV2Client::new(env, &Self::endpoint(env)).native_token();
+        TokenClient::new(env, &native_token).transfer(&env.current_contract_address(), to, &amount);
+    }
+
     // ============================================================================================
     // View functions
     // ============================================================================================

package/contracts/oapps/oapp/src/oapp_sender.rs

@@ -3,7 +3,7 @@ use crate::{
     oapp_core::{endpoint_client, get_peer_or_panic, OAppCore},
 };
 use endpoint_v2::{MessagingFee, MessagingParams, MessagingReceipt};
-use soroban_sdk::{token::TokenClient, Address, Bytes, Env};
+use soroban_sdk::{contracttype, token::TokenClient, Address, Bytes, Env};
 use utils::option_ext::OptionExt;
 
 /// The version of the OAppSender implementation.
@@ -22,7 +22,8 @@ pub const SENDER_VERSION: u64 = 1;
 /// - `Verified` — Caller asserts that `require_auth()` has already been called.
 ///   Use this to avoid a duplicate `require_auth()` node in the Soroban auth tree
 ///   (e.g., when the same address was already authorized as the message sender).
-#[derive(Clone)]
+#[contracttype]
+#[derive(Clone, Debug, Eq, PartialEq)]
 pub enum FeePayer {
     /// The fee payer has **not** been authorized yet.
     /// `__lz_send` will call `fee_payer.require_auth()` before transferring fees.

package/contracts/oapps/oft/integration-tests/extensions/test_oft_fee.rs

@@ -8,9 +8,9 @@
 use crate::integration_tests::{
     setup::{create_recipient_address, decode_packet, setup, wire_endpoint, wire_oft, TestSetup},
     utils::{
-        address_to_peer_bytes32, create_send_param, lz_receive, mint_to, quote_oft, quote_send,
+        address_to_peer_bytes32, create_send_param, lz_receive, mint_oft_token_to, mint_to, quote_oft, quote_send,
         scan_packet_sent_event, send, send_with_fee, set_default_fee_bps, set_fee_bps, set_fee_deposit_address,
-        token_balance, transfer_sac_admin, validate_packet,
+        token_balance, validate_packet,
     },
 };
 use soroban_sdk::{testutils::Address as _, token::TokenClient, Address};
@@ -26,10 +26,8 @@ fn test_cross_chain_with_zero_fee() {
     let receiver = create_recipient_address(&env);
     let executor = Address::generate(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 10_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 10_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     let to = address_to_peer_bytes32(&receiver);
     let send_param = create_send_param(&env, chain_b.eid, 1_000_000, 0, &to);
@@ -63,10 +61,8 @@ fn test_cross_chain_with_fee() {
     let receiver = create_recipient_address(&env);
     let executor = Address::generate(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 10_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 10_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Enable 1% fee (100 bps)
     set_fee_deposit_address(&env, &chain_a, &chain_a.fee_collector);
@@ -116,10 +112,8 @@ fn test_cross_chain_with_destination_specific_fee() {
     let receiver = create_recipient_address(&env);
     let executor = Address::generate(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 10_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 10_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Set default fee 1% and destination-specific fee 2% for chain_b
     set_fee_deposit_address(&env, &chain_a, &chain_a.fee_collector);

package/contracts/oapps/oft/integration-tests/extensions/test_pausable.rs

@@ -6,8 +6,8 @@
 use crate::integration_tests::{
     setup::{create_recipient_address, decode_packet, setup, wire_endpoint, wire_oft, TestSetup},
     utils::{
-        address_to_peer_bytes32, create_send_param, is_paused, lz_receive, mint_to, quote_oft, quote_send,
-        scan_packet_sent_event, send, set_paused, transfer_sac_admin, try_lz_receive, try_send, validate_packet,
+        address_to_peer_bytes32, create_send_param, is_paused, lz_receive, mint_oft_token_to, mint_to, quote_oft,
+        quote_send, scan_packet_sent_event, send, set_paused, try_lz_receive, try_send, validate_packet,
     },
 };
 use soroban_sdk::{testutils::Address as _, token::TokenClient, Address};
@@ -22,11 +22,9 @@ fn test_send_succeeds_when_unpaused() {
     let sender = Address::generate(&env);
     let receiver = create_recipient_address(&env);
 
-    // Mint tokens and transfer admin rights
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 10_000_000);
+    // Mint tokens (SAC admin is already the mock wrapper from setup)
+    mint_oft_token_to(&env, &chain_a, &sender, 10_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Default state should be unpaused
     assert!(!is_paused(&chain_a));
@@ -63,9 +61,8 @@ fn test_send_fails_when_paused() {
     let sender = Address::generate(&env);
     let receiver = create_recipient_address(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 10_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 10_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
 
     let to = address_to_peer_bytes32(&receiver);
     let send_param = create_send_param(&env, chain_b.eid, 1_000_000, 0, &to);
@@ -94,10 +91,8 @@ fn test_receive_fails_when_paused() {
     let receiver = create_recipient_address(&env);
     let executor = Address::generate(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 10_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 10_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Send from chain_a to chain_b
     let to = address_to_peer_bytes32(&receiver);
@@ -130,10 +125,8 @@ fn test_cross_chain_succeeds_after_unpause() {
     let receiver = create_recipient_address(&env);
     let executor = Address::generate(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 10_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 10_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Pause and then unpause
     set_paused(&env, &chain_a, true);

package/contracts/oapps/oft/integration-tests/extensions/test_rate_limiter.rs

@@ -7,9 +7,9 @@ use crate::extensions::rate_limiter::{Direction, Mode};
 use crate::integration_tests::{
     setup::{create_recipient_address, decode_packet, setup, wire_endpoint, wire_oft, TestSetup},
     utils::{
-        address_to_peer_bytes32, advance_time, create_send_param, lz_receive, mint_to, quote_oft, quote_send,
-        rate_limit_capacity, rate_limit_in_flight, scan_packet_sent_event, send, set_rate_limit, set_rate_limit_with_mode,
-        transfer_sac_admin, try_send, validate_packet,
+        address_to_peer_bytes32, advance_time, create_send_param, lz_receive, mint_oft_token_to, mint_to, quote_oft,
+        quote_send, rate_limit_capacity, rate_limit_in_flight, scan_packet_sent_event, send, set_rate_limit,
+        set_rate_limit_with_mode, try_send, validate_packet,
     },
 };
 use soroban_sdk::{testutils::Address as _, token::TokenClient, Address};
@@ -25,10 +25,8 @@ fn test_send_without_rate_limit() {
     let receiver = create_recipient_address(&env);
     let executor = Address::generate(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 100_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 100_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Default capacity should be i128::MAX (unlimited)
     let capacity = rate_limit_capacity(&chain_a, &Direction::Outbound, chain_b.eid);
@@ -62,10 +60,8 @@ fn test_send_within_rate_limit() {
     let receiver = create_recipient_address(&env);
     let executor = Address::generate(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 100_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 100_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Set rate limit: 10M per 3600 seconds (1 hour)
     set_rate_limit(&env, &chain_a, &Direction::Outbound, chain_b.eid, 10_000_000, 3600);
@@ -112,9 +108,8 @@ fn test_send_exceeds_rate_limit() {
     let sender = Address::generate(&env);
     let receiver = create_recipient_address(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 100_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 100_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
 
     // Set rate limit: 1M per 3600 seconds
     set_rate_limit(&env, &chain_a, &Direction::Outbound, chain_b.eid, 1_000_000, 3600);
@@ -140,10 +135,8 @@ fn test_rate_limit_decay() {
     let receiver = create_recipient_address(&env);
     let executor = Address::generate(&env);
 
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender, 100_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender, 100_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Set rate limit: 10M per 1000 seconds
     set_rate_limit(&env, &chain_a, &Direction::Outbound, chain_b.eid, 10_000_000, 1000);
@@ -199,12 +192,10 @@ fn test_gross_mode_does_not_release() {
     let executor = Address::generate(&env);
 
     // Setup tokens for both chains
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender_a, 100_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender_a, 100_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender_a, 10_000_000_000);
-    mint_to(&env, &chain_b.owner, &chain_b.oft_token, &sender_b, 100_000_000);
+    mint_oft_token_to(&env, &chain_b, &sender_b, 100_000_000);
     mint_to(&env, &chain_b.owner, &chain_b.native_token, &sender_b, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Set Gross mode rate limit on chain_a outbound: 10M per 3600 seconds
     set_rate_limit_with_mode(&env, &chain_a, &Direction::Outbound, chain_b.eid, 10_000_000, 3600, Mode::Gross);
@@ -267,12 +258,10 @@ fn test_net_mode_does_release() {
     let executor = Address::generate(&env);
 
     // Setup tokens for both chains
-    mint_to(&env, &chain_a.owner, &chain_a.oft_token, &sender_a, 100_000_000);
+    mint_oft_token_to(&env, &chain_a, &sender_a, 100_000_000);
     mint_to(&env, &chain_a.owner, &chain_a.native_token, &sender_a, 10_000_000_000);
-    mint_to(&env, &chain_b.owner, &chain_b.oft_token, &sender_b, 100_000_000);
+    mint_oft_token_to(&env, &chain_b, &sender_b, 100_000_000);
     mint_to(&env, &chain_b.owner, &chain_b.native_token, &sender_b, 10_000_000_000);
-    transfer_sac_admin(&env, &chain_a.owner, &chain_a.oft_token, &chain_a.oft.address);
-    transfer_sac_admin(&env, &chain_b.owner, &chain_b.oft_token, &chain_b.oft.address);
 
     // Set Net mode rate limit on chain_a outbound: 10M per 3600 seconds
     set_rate_limit_with_mode(&env, &chain_a, &Direction::Outbound, chain_b.eid, 10_000_000, 3600, Mode::Net);

package/contracts/oapps/oft/integration-tests/setup.rs

@@ -12,12 +12,40 @@ use crate::{
 use endpoint_v2::{EndpointV2, EndpointV2Client};
 use simple_message_lib::{SimpleMessageLib, SimpleMessageLibClient};
 use soroban_sdk::{
-    contract, contractimpl, log,
+    contract, contractimpl, contracttype, log,
     testutils::{Address as _, MockAuth, MockAuthInvoke},
-    token::TokenClient,
+    token::{StellarAssetClient, TokenClient},
     Address, BytesN, Env, IntoVal,
 };
 
+// ============================================================================
+// Mock SAC Wrapper - implements Mintable for integration tests
+// ============================================================================
+// Wraps a Stellar Asset Contract (SAC). The wrapper is set as SAC admin and
+// implements mint(env, to, amount, operation) so the OFT uses it for credit (mint).
+// OFT burns on the token directly; this mock still has burn for completeness.
+
+#[contracttype]
+pub enum MockSacWrapperKey {
+    Sac,
+}
+
+#[contract]
+pub struct MockSacWrapper;
+
+#[contractimpl]
+impl MockSacWrapper {
+    pub fn __constructor(env: &Env, sac: Address) {
+        env.storage().instance().set(&MockSacWrapperKey::Sac, &sac);
+    }
+
+    /// Mintable::mint - mints on the underlying SAC (wrapper must be SAC admin).
+    pub fn mint(env: &Env, to: &Address, amount: i128, _operation: &Address) {
+        let sac: Address = env.storage().instance().get(&MockSacWrapperKey::Sac).unwrap();
+        StellarAssetClient::new(env, &sac).mint(to, &amount);
+    }
+}
+
 // ============================================================================
 // Dummy Recipient - used to create valid contract addresses for recipients
 // ============================================================================
@@ -45,7 +73,10 @@ pub struct ChainSetup<'a> {
     pub owner: Address,
     pub native_token: Address,
     pub zro_token: Address,
+    /// Underlying SAC for the OFT token (used for balance, transfer, mint_to).
     pub oft_token: Address,
+    /// Mock SAC wrapper implementing Mintable; OFT uses it for mint on credit.
+    pub sac_wrapper: Address,
     pub endpoint: EndpointV2Client<'a>,
     pub sml: SimpleMessageLibClient<'a>,
     pub oft: OFTClient<'a>,
@@ -72,9 +103,20 @@ fn setup_chain<'a>(env: &Env) -> ChainSetup<'a> {
     let zro_sac = env.register_stellar_asset_contract_v2(owner.clone());
     let zro_token = zro_sac.address();
 
-    // Create OFT token
+    // Create OFT token (SAC) and a mock SAC wrapper that implements Mintable.
     let oft_sac = env.register_stellar_asset_contract_v2(owner.clone());
     let oft_token = oft_sac.address();
+    let sac_wrapper_address = env.register(MockSacWrapper, (&oft_token,));
+    env.mock_auths(&[MockAuth {
+        address: &owner,
+        invoke: &MockAuthInvoke {
+            contract: &oft_token,
+            fn_name: "set_admin",
+            args: (&sac_wrapper_address,).into_val(env),
+            sub_invokes: &[],
+        },
+    }]);
+    StellarAssetClient::new(env, &oft_token).set_admin(&sac_wrapper_address);
 
     let eid: u32 = 30400; // Test EID
     let endpoint_address = env.register(EndpointV2, (&owner, eid, &native_token));
@@ -82,9 +124,8 @@ fn setup_chain<'a>(env: &Env) -> ChainSetup<'a> {
     let sml_address = env.register(SimpleMessageLib, (&owner, &endpoint_address, &fee_recipient));
     let delegate: Option<Address> = Some(owner.clone());
     let shared_decimals: u32 = 6; // Default shared decimals
-    // Both chains use MintBurn — the SAC itself implements mint/burn.
-    // This exercises the MintBurnableClient code path.
-    let mode = OftType::MintBurn(oft_token.clone());
+                                  // MintBurn with SAC wrapper: OFT uses wrapper for mint on credit; burn is on token directly.
+    let mode = OftType::MintBurn(sac_wrapper_address.clone());
     let oft_address = env.register(OFT, (&oft_token, &shared_decimals, &mode, &owner, &endpoint_address, &delegate));
 
     let endpoint = EndpointV2Client::new(env, &endpoint_address);
@@ -104,7 +145,18 @@ fn setup_chain<'a>(env: &Env) -> ChainSetup<'a> {
     endpoint.set_zro(&zro_token);
 
     register_library(env, &owner, &endpoint, &sml.address);
-    ChainSetup { eid, owner, native_token, zro_token, oft_token, endpoint, sml, oft, fee_collector }
+    ChainSetup {
+        eid,
+        owner,
+        native_token,
+        zro_token,
+        oft_token,
+        sac_wrapper: sac_wrapper_address,
+        endpoint,
+        sml,
+        oft,
+        fee_collector,
+    }
 }
 
 pub fn setup<'a>() -> TestSetup<'a> {