npm - @layerzerolabs/protocol-stellar-v2 - Versions diffs - 0.2.33 → 0.2.35 - Mend

@layerzerolabs/protocol-stellar-v2 0.2.33 → 0.2.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

package/contracts/oapps/sac-manager/src/tests/sac_manager/test_helper.rs ADDED Viewed

@@ -0,0 +1,18 @@
+use crate::tests::test_helper::{mock_auth, TestSetup};
+use soroban_sdk::Address;
+pub fn mock_clawback_auth(setup: &TestSetup, sender: &Address, from: &Address, amount: i128) {
+    mock_auth(&setup.env, &setup.sac_manager, sender, "clawback", (from, amount));
+}
+pub fn mock_set_authorized_auth(setup: &TestSetup, user: &Address, authorize: bool) {
+    mock_auth(&setup.env, &setup.sac_manager, &setup.owner, "set_authorized", (user, authorize));
+}
+pub fn mock_release_sac_admin_auth(setup: &TestSetup, new_admin: &Address) {
+    mock_auth(&setup.env, &setup.sac_manager, &setup.owner, "release_sac_admin", (new_admin,));
+}
+pub fn mock_set_minter_auth(setup: &TestSetup, minter: &Address, active: bool) {
+    mock_auth(&setup.env, &setup.sac_manager, &setup.owner, "set_minter", (minter, active));
+}

package/contracts/oapps/sac-manager/src/tests/sac_manager/view_functions.rs ADDED Viewed

@@ -0,0 +1,28 @@
+//! View Functions Integration Tests
+use crate::tests::test_helper::TestSetup;
+// =========================================================================
+// Core View Functions
+// =========================================================================
+#[test]
+fn test_underlying_sac() {
+    let setup = TestSetup::new().build();
+    assert_eq!(setup.sac_manager_client.underlying_sac(), setup.sac);
+}
+#[test]
+fn test_minters() {
+    let setup = TestSetup::new().build();
+    let minters = setup.sac_manager_client.minters();
+    assert_eq!(minters.len(), 1);
+    assert_eq!(minters.get(0), Some(setup.minter.clone()));
+}
+#[test]
+fn test_minters_empty_when_not_set() {
+    let setup = TestSetup::new().with_empty_minters().build();
+    let minters = setup.sac_manager_client.minters();
+    assert_eq!(minters.len(), 0);
+}

package/contracts/{sac-manager → oapps/sac-manager}/src/tests/test_helper.rs RENAMED Viewed

@@ -25,19 +25,12 @@ use soroban_sdk::{
 /// ```
 pub struct TestSetupBuilder {
     manager_as_sac_admin: bool,
-    redistribution_enabled: bool,
-    supply_control_enabled: bool,
-    skip_oft_setup: bool,
+    skip_minters_setup: bool,
 }
 impl TestSetupBuilder {
     fn new() -> Self {
-        Self {
-            manager_as_sac_admin: false,
-            redistribution_enabled: false,
-            supply_control_enabled: false,
-            skip_oft_setup: false,
-        }
+        Self { manager_as_sac_admin: false, skip_minters_setup: false }
     }
     /// Set the SacManager as SAC admin during setup.
@@ -46,22 +39,10 @@ impl TestSetupBuilder {
         self
     }
-    /// Enable redistribution at construction time.
-    pub fn with_redistribution_enabled(mut self) -> Self {
-        self.redistribution_enabled = true;
-        self
-    }
-    /// Enable supply control at construction time.
-    pub fn with_supply_control_enabled(mut self) -> Self {
-        self.supply_control_enabled = true;
-        self
-    }
-    /// Skip setting the OFT address during setup.
-    /// Use this to test `set_oft_address` auth or the once-only guard.
-    pub fn without_oft(mut self) -> Self {
-        self.skip_oft_setup = true;
+    /// Skip setting minters during setup.
+    /// Use this to test `set_minter` auth or mint when no minter is set.
+    pub fn with_empty_minters(mut self) -> Self {
+        self.skip_minters_setup = true;
         self
     }
@@ -71,26 +52,24 @@ impl TestSetupBuilder {
         let owner = Address::generate(&env);
         let oft = Address::generate(&env);
-        let sc_manager = Address::generate(&env);
         let sac_contract = env.register_stellar_asset_contract_v2(owner.clone());
         let sac = sac_contract.address();
-        let sac_manager =
-            env.register(SacManager, (&sac, &owner, self.redistribution_enabled, self.supply_control_enabled));
+        let sac_manager = env.register(SacManager, (&sac, &owner));
         let sac_manager_client = SacManagerClient::new(&env, &sac_manager);
         let sac_client = StellarAssetClient::new(&env, &sac);
-        if !self.skip_oft_setup {
+        if !self.skip_minters_setup {
             env.mock_auths(&[MockAuth {
                 address: &owner,
                 invoke: &MockAuthInvoke {
                     contract: &sac_manager,
-                    fn_name: "set_oft_address",
-                    args: (&oft,).into_val(&env),
+                    fn_name: "set_minter",
+                    args: (oft.clone(), true).into_val(&env),
                     sub_invokes: &[],
                 },
             }]);
-            sac_manager_client.set_oft_address(&oft);
+            sac_manager_client.set_minter(&oft, &true);
         }
         if self.manager_as_sac_admin {
@@ -106,22 +85,10 @@ impl TestSetupBuilder {
             sac_client.set_admin(&sac_manager);
         }
-        // Set up supply controller manager (owner grants the role)
-        env.mock_auths(&[MockAuth {
-            address: &owner,
-            invoke: &MockAuthInvoke {
-                contract: &sac_manager,
-                fn_name: "set_supply_controller_manager",
-                args: (&sc_manager, true).into_val(&env),
-                sub_invokes: &[],
-            },
-        }]);
-        sac_manager_client.set_supply_controller_manager(&sc_manager, &true);
         // Clear mock auths so test starts with clean auth state
         env.mock_auths(&[]);
-        TestSetup { env, owner, oft, sc_manager, sac, sac_contract, sac_manager, sac_manager_client, sac_client }
+        TestSetup { env, owner, minter: oft, sac, sac_contract, sac_manager, sac_manager_client, sac_client }
     }
 }
@@ -133,8 +100,8 @@ impl TestSetupBuilder {
 pub struct TestSetup<'a> {
     pub env: Env,
     pub owner: Address,
-    pub oft: Address,
-    pub sc_manager: Address,
+    /// Address used as a minter in default setup (in minters list).
+    pub minter: Address,
     pub sac: Address,
     pub sac_contract: StellarAssetContract,
     pub sac_manager: Address,
@@ -174,17 +141,7 @@ pub fn mock_auth<A: IntoVal<Env, soroban_sdk::Vec<Val>>>(
     }]);
 }
-/// Mock auth for `set_supply_controller`.
-pub fn mock_set_supply_controller_auth(
-    setup: &TestSetup,
-    sender: &Address,
-    controller: &Address,
-    config: &Option<crate::extensions::supply_control::SupplyControllerConfig>,
-) {
-    mock_auth(&setup.env, &setup.sac_manager, sender, "set_supply_controller", (sender, controller, config.clone()));
-}
-/// Mock auth for OFT-originated `mint`.
+/// Mock auth for minter-originated `mint(to, amount, operation)`.
 pub fn mock_oft_mint_auth(setup: &TestSetup, recipient: &Address, amount: i128) {
-    mock_auth(&setup.env, &setup.sac_manager, &setup.oft, "mint", (recipient, amount));
+    mock_auth(&setup.env, &setup.sac_manager, &setup.minter, "mint", (recipient, amount, &setup.minter));
 }

package/docs/layerzero-v2-on-stellar.md CHANGED Viewed

@@ -221,12 +221,16 @@ sequenceDiagram
 ## Stellar-specific considerations
-Two core differences between Soroban and EVM require protocol-level adaptations:
+Several differences between Soroban and EVM require protocol-level adaptations:
 1. Stellar's variable-length address model differs from LayerZero's fixed
    bytes32 address abstraction
 2. Soroban's Time-To-Live (TTL)-based storage model requires active state
    maintenance, unlike EVM's persistent storage
+3. Soroban's 200-read-per-transaction storage limit makes the lazy inbound
+   nonce model susceptible to denial-of-service for certain OApps
+4. Soroban prohibits reentrancy, requiring alternative patterns for cross-contract
+   call flows
 ### Constraint 1: bytes32 address format mismatch
@@ -296,7 +300,47 @@ constraints may evolve.
 - Hard upper cap on extension targets (e.g., 1 year) to prevent excessive fees
 - TTL parameters can be permanently frozen once the ecosystem stabilizes
-### Constraint 3: Reentrancy prohibition
+### Constraint 3: Storage read limits
+Soroban enforces a hard limit of 200 persistent/temporary storage reads per
+transaction. Under the lazy inbound nonce model used in EVM, the `inbound_nonce`
+is not stored directly — it is computed on the fly by iterating forward from the
+last checkpoint (`lazy_inbound_nonce`) and probing storage for each consecutive
+payload hash. The same iterative check occurs during `clear`, which must verify
+that all nonces between the checkpoint and the target nonce have been verified.
+For certain OApps, failed `lz_receive` executions can create nonce gaps that
+grow over time. Under the lazy model, clearing subsequent messages requires
+iterating across these gaps, and the accumulated storage reads can exceed the
+200-read limit, making the messaging path susceptible to denial-of-service.
+**Solution: Eager inbound nonce with pending nonce list (Solana model)**
+Stellar adopts the same inbound nonce model used by LayerZero V2 on Solana.
+Instead of lazily computing the inbound nonce via storage probing, the
+`inbound_nonce` is stored directly and updated eagerly during verification:
+1. **`PendingInboundNonces`**: A sorted list of out-of-order verified nonces is
+   maintained in a single storage entry per path. When a message is verified
+   (or skipped/nilified), its nonce is inserted into this list.
+2. **Drain on insert**: After each insertion, consecutive nonces at the front of
+   the list are drained to advance the `inbound_nonce`. For example, if
+   `inbound_nonce = 3` and the pending list becomes `[4, 5, 7]`, nonces 4 and 5
+   are drained, advancing `inbound_nonce` to 5.
+3. **O(1) clear**: The `clear_payload` operation becomes a simple comparison
+   (`nonce <= inbound_nonce`) with no iteration or storage probing.
+4. **Bounded list size**: The pending list is capped at 256 entries
+   (`PENDING_INBOUND_NONCE_MAX_LEN`). Nonces beyond `inbound_nonce + 256`
+   cannot be verified, preventing unbounded memory growth and limiting the
+   maximum storage reads per verify operation.
+This eliminates the iterative storage reads that could cause DoS under the lazy
+model, keeping all operations within Soroban's transaction resource limits.
+### Constraint 4: Reentrancy prohibition
 Soroban prohibits reentrancy—a contract cannot call itself, directly or
 indirectly, within the same transaction. This fundamental difference from EVM

package/package.json CHANGED Viewed

@@ -1,18 +1,23 @@
 {
   "name": "@layerzerolabs/protocol-stellar-v2",
-  "version": "0.2.33",
+  "version": "0.2.35",
   "private": false,
   "devDependencies": {
     "@types/node": "^22.18.6",
     "tsx": "^4.19.3",
     "typescript": "^5.8.2",
-    "@layerzerolabs/common-node-utils": "0.2.33",
-    "@layerzerolabs/vm-tooling-stellar": "0.2.33"
+    "@layerzerolabs/common-node-utils": "0.2.35",
+    "@layerzerolabs/vm-tooling-stellar": "0.2.35"
   },
   "publishConfig": {
     "access": "restricted",
     "registry": "https://registry.npmjs.org/"
   },
+  "externalRepoConfig": {
+    "targets": [
+      "audit-external"
+    ]
+  },
   "scripts": {
     "build": "pnpm build:contracts && pnpm generate:sdk",
     "build:contracts": "pnpm exec lz-tool stellar contract build",