@layerzerolabs/protocol-stellar-v2 0.2.34 → 0.2.36

package/contracts/endpoint-v2/src/tests/messaging_channel/inbound.rs

@@ -1,6 +1,6 @@
 use soroban_sdk::{testutils::Address as _, Address, BytesN};
 
-use crate::{endpoint_v2::EndpointV2, tests::endpoint_setup::setup};
+use crate::{endpoint_v2::EndpointV2, storage, tests::endpoint_setup::setup};
 
 // Internal inbound() stores payload hash per nonce and rejects empty payload hash
 #[test]
@@ -92,3 +92,96 @@ fn test_inbound_rejects_empty_payload_hash() {
         EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, nonce, &empty_hash)
     });
 }
+
+#[test]
+fn test_inbound_out_of_order_populates_pending_and_drains_when_gap_closed() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
+
+    let receiver = Address::generate(env);
+    let src_eid = 2;
+    let sender = BytesN::from_array(env, &[1u8; 32]);
+
+    let hash_2 = BytesN::from_array(env, &[0x22u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 2, &hash_2)
+    });
+
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 0);
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender), soroban_sdk::vec![env, 2u64]);
+
+    let hash_1 = BytesN::from_array(env, &[0x11u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 1, &hash_1)
+    });
+
+    // Gap is closed, so pending drains and inbound nonce advances to 2.
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 2);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
+    assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &1u64), Some(hash_1));
+    assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &2u64), Some(hash_2));
+}
+
+#[test]
+#[should_panic(expected = "Error(Contract, #11)")] // EndpointError::InvalidNonce
+fn test_inbound_rejects_nonce_beyond_pending_window() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
+
+    let receiver = Address::generate(env);
+    let src_eid = 2;
+    let sender = BytesN::from_array(env, &[1u8; 32]);
+    let hash = BytesN::from_array(env, &[0xabu8; 32]);
+
+    // inbound_nonce is 0, so nonce 257 is out of range (max is 256).
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 257, &hash)
+    });
+}
+
+#[test]
+#[should_panic(expected = "Error(Contract, #11)")] // EndpointError::InvalidNonce
+fn test_inbound_rejects_reverify_when_nonce_leq_inbound_and_payload_missing() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
+
+    let receiver = Address::generate(env);
+    let src_eid = 2;
+    let sender = BytesN::from_array(env, &[1u8; 32]);
+
+    // Force inbound_nonce to 1 without storing any payload hashes.
+    context.set_inbound_nonce(&receiver, src_eid, &sender, 1);
+
+    let hash = BytesN::from_array(env, &[0xabu8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 1, &hash)
+    });
+}
+
+#[test]
+fn test_inbound_allows_reverify_when_nonce_leq_inbound_and_payload_exists() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
+
+    let receiver = Address::generate(env);
+    let src_eid = 2;
+    let sender = BytesN::from_array(env, &[1u8; 32]);
+
+    let old_hash = BytesN::from_array(env, &[0xabu8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        storage::EndpointStorage::set_inbound_payload_hash(env, &receiver, src_eid, &sender, 1u64, &old_hash);
+        storage::EndpointStorage::set_inbound_nonce(env, &receiver, src_eid, &sender, &1u64);
+    });
+    assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &1u64), Some(old_hash));
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 1);
+
+    let new_hash = BytesN::from_array(env, &[0xcdu8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 1u64, &new_hash)
+    });
+    assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &1u64), Some(new_hash));
+}

package/contracts/endpoint-v2/src/tests/messaging_channel/inbound_nonce.rs

@@ -1,4 +1,4 @@
-use soroban_sdk::{testutils::Address as _, Address, BytesN};
+use soroban_sdk::{testutils::Address as _, vec, Address, BytesN};
 
 use crate::tests::endpoint_setup::{setup, TestSetup};
 
@@ -25,13 +25,13 @@ fn test_inbound_nonce_initially_zero() {
     let src_eid = 2;
     let sender = BytesN::from_array(env, &[1u8; 32]);
 
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 0);
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 0);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
-// Lazy nonce is the baseline when there are no consecutive payload hashes
+// Stored inbound nonce is the baseline when there are no pending nonces
 #[test]
-fn test_inbound_nonce_equals_lazy_nonce_when_no_payload_hashes() {
+fn test_inbound_nonce_equals_stored_value_when_no_pending_nonces() {
     let context = setup();
     let env = &context.env;
     let endpoint_client = &context.endpoint_client;
@@ -40,9 +40,9 @@ fn test_inbound_nonce_equals_lazy_nonce_when_no_payload_hashes() {
     let src_eid = 2;
     let sender = BytesN::from_array(env, &[1u8; 32]);
 
-    context.set_lazy_inbound_nonce(&receiver, src_eid, &sender, 5);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 5);
+    context.set_inbound_nonce(&receiver, src_eid, &sender, 5);
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 5);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
 // The inbound_nonce advances through the longest gapless consecutive sequence
@@ -56,13 +56,14 @@ fn test_inbound_nonce_advances_through_consecutive_verified_payload_hashes() {
     let src_eid = 2;
     let sender = BytesN::from_array(env, &[1u8; 32]);
 
-    // Start from lazy_nonce = 2 and add payloads at 3,4,5.
-    context.set_lazy_inbound_nonce(&receiver, src_eid, &sender, 2);
+    // Start from inbound_nonce = 2 and add payloads at 3,4,5.
+    context.set_inbound_nonce(&receiver, src_eid, &sender, 2);
     inbound_as_verified_with_fixed_hash(&context, &receiver, src_eid, &sender, 3);
     inbound_as_verified_with_fixed_hash(&context, &receiver, src_eid, &sender, 4);
     inbound_as_verified_with_fixed_hash(&context, &receiver, src_eid, &sender, 5);
 
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 5);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
 #[test]
@@ -75,12 +76,13 @@ fn test_inbound_nonce_stops_at_first_gap() {
     let src_eid = 2;
     let sender = BytesN::from_array(env, &[1u8; 32]);
 
-    // Start from lazy_nonce = 2 and add payloads at 3 and 5 (gap at 4).
-    context.set_lazy_inbound_nonce(&receiver, src_eid, &sender, 2);
+    // Start from inbound_nonce = 2 and add payloads at 3 and 5 (gap at 4).
+    context.set_inbound_nonce(&receiver, src_eid, &sender, 2);
     inbound_as_verified_with_fixed_hash(&context, &receiver, src_eid, &sender, 3);
     inbound_as_verified_with_fixed_hash(&context, &receiver, src_eid, &sender, 5);
 
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 3);
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender), vec![env, 5u64]);
 }
 
 // Path isolation (receiver/src_eid/sender are isolated)
@@ -97,22 +99,22 @@ fn test_inbound_nonce_isolated_by_path() {
     let sender_a = BytesN::from_array(env, &[1u8; 32]);
     let sender_b = BytesN::from_array(env, &[2u8; 32]);
 
-    // Path A: lazy 10 + payload at 11 => inbound_nonce 11.
-    context.set_lazy_inbound_nonce(&receiver_a, src_eid_a, &sender_a, 10);
+    // Path A: inbound 10 + payload at 11 => inbound_nonce 11.
+    context.set_inbound_nonce(&receiver_a, src_eid_a, &sender_a, 10);
     inbound_as_verified_with_fixed_hash(&context, &receiver_a, src_eid_a, &sender_a, 11);
     assert_eq!(endpoint_client.inbound_nonce(&receiver_a, &src_eid_a, &sender_a), 11);
 
     // Path B: different receiver => independent.
-    context.set_lazy_inbound_nonce(&receiver_b, src_eid_a, &sender_a, 20);
+    context.set_inbound_nonce(&receiver_b, src_eid_a, &sender_a, 20);
     assert_eq!(endpoint_client.inbound_nonce(&receiver_b, &src_eid_a, &sender_a), 20);
 
     // Path C: different src_eid => independent (two consecutive payloads).
-    context.set_lazy_inbound_nonce(&receiver_a, src_eid_b, &sender_a, 30);
+    context.set_inbound_nonce(&receiver_a, src_eid_b, &sender_a, 30);
     inbound_as_verified_with_fixed_hash(&context, &receiver_a, src_eid_b, &sender_a, 31);
     inbound_as_verified_with_fixed_hash(&context, &receiver_a, src_eid_b, &sender_a, 32);
     assert_eq!(endpoint_client.inbound_nonce(&receiver_a, &src_eid_b, &sender_a), 32);
 
     // Path D: different sender => independent.
-    context.set_lazy_inbound_nonce(&receiver_a, src_eid_a, &sender_b, 40);
+    context.set_inbound_nonce(&receiver_a, src_eid_a, &sender_b, 40);
     assert_eq!(endpoint_client.inbound_nonce(&receiver_a, &src_eid_a, &sender_b), 40);
 }

package/contracts/endpoint-v2/src/tests/messaging_channel/mod.rs

@@ -3,7 +3,7 @@ mod clear_payload;
 mod inbound;
 mod inbound_nonce;
 mod inbound_payload_hash;
-mod lazy_inbound_nonce;
+mod pending_inbound_nonces;
 mod next_guid;
 mod nilify;
 mod outbound;

package/contracts/endpoint-v2/src/tests/messaging_channel/nilify.rs

@@ -128,9 +128,9 @@ fn test_nilify_success_with_empty_payload() {
     let sender = BytesN::from_array(env, &[1u8; 32]);
     let nonce = 2;
 
-    // Set lazy nonce to 1 so nonce 2 is greater than lazy nonce.
+    // Set inbound nonce to 1 so nonce 2 is the next expected nonce.
     env.as_contract(&endpoint_client.address, || {
-        storage::EndpointStorage::set_lazy_inbound_nonce(env, &receiver, src_eid, &sender, &1)
+        storage::EndpointStorage::set_inbound_nonce(env, &receiver, src_eid, &sender, &1)
     });
 
     // Nilify with None.
@@ -147,6 +147,7 @@ fn test_nilify_success_with_empty_payload() {
     let nilified_hash = endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &nonce);
     let expected_nil_hash = nil_hash(&context);
     assert_eq!(nilified_hash, Some(expected_nil_hash));
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 2);
 }
 
 // Nilify with None counts as "verified" for inbound_nonce (but does not change lazy nonce)
@@ -161,17 +162,53 @@ fn test_nilify_with_none_advances_inbound_nonce_without_changing_lazy_nonce() {
     let sender = BytesN::from_array(env, &[1u8; 32]);
 
     // Initial state.
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 0);
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 0);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 
     // Nilify nonce 1 with None (non-verified nonce).
     nilify_with_auth(&context, &receiver, &receiver, src_eid, &sender, 1, &None);
 
     // Nilify writes a payload hash, so inbound_nonce can now advance to 1.
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 1);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
+}
+
+#[test]
+fn test_nilify_closes_gap_and_drains_pending_nonces() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
 
-    // But nilify does not update lazy_inbound_nonce.
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 0);
+    let receiver = Address::generate(env);
+    let src_eid = 2;
+    let sender = BytesN::from_array(env, &[1u8; 32]);
+
+    // Force inbound nonce to 1 and create a gap by verifying nonce 3 first.
+    context.set_inbound_nonce(&receiver, src_eid, &sender, 1);
+    let payload_hash_3 = BytesN::from_array(env, &[0x33u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 3u64, &payload_hash_3)
+    });
+
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 1);
+    assert_eq!(
+        endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender),
+        soroban_sdk::vec![env, 3u64]
+    );
+
+    // Nilify nonce 2 with None closes the gap and should drain pending to advance inbound nonce to 3.
+    nilify_with_auth(&context, &receiver, &receiver, src_eid, &sender, 2u64, &None);
+
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 3);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
+    assert_eq!(
+        endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &2u64),
+        Some(nil_hash(&context))
+    );
+    assert_eq!(
+        endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &3u64),
+        Some(payload_hash_3)
+    );
 }
 
 // Nilify is allowed when nonce <= lazy nonce if a payload hash exists
@@ -187,14 +224,12 @@ fn test_nilify_allows_when_nonce_is_checkpointed_if_payload_exists() {
     let nonce = 5u64;
     let payload_hash = BytesN::from_array(env, &[0xabu8; 32]);
 
-    // Checkpoint past the target nonce.
+    // Advance inbound nonce past the target nonce and store a payload hash at nonce 5.
     env.as_contract(&endpoint_client.address, || {
-        storage::EndpointStorage::set_lazy_inbound_nonce(env, &receiver, src_eid, &sender, &10)
+        storage::EndpointStorage::set_inbound_nonce(env, &receiver, src_eid, &sender, &10);
+        storage::EndpointStorage::set_inbound_payload_hash(env, &receiver, src_eid, &sender, nonce, &payload_hash);
     });
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 10);
-
-    // Store a verified payload hash at nonce 5.
-    context.inbound_as_verified(&receiver, src_eid, &sender, nonce, &payload_hash);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 10);
     assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &nonce), Some(payload_hash.clone()));
 
     // Even though nonce <= lazy_nonce, this should succeed because a payload hash exists.
@@ -430,9 +465,9 @@ fn test_nilify_invalid_nonce_when_already_checkpointed_without_payload() {
     let sender = BytesN::from_array(env, &[1u8; 32]);
     let nonce = 1u64;
 
-    // Set lazy nonce to 1 and ensure there is NO payload for nonce 1.
+    // Set inbound nonce to 1 and ensure there is NO payload for nonce 1.
     env.as_contract(&endpoint_client.address, || {
-        storage::EndpointStorage::set_lazy_inbound_nonce(env, &receiver, src_eid, &sender, &1)
+        storage::EndpointStorage::set_inbound_nonce(env, &receiver, src_eid, &sender, &1)
     });
 
     let result = try_nilify_with_auth(&context, &receiver, &receiver, src_eid, &sender, nonce, &None);

package/contracts/endpoint-v2/src/tests/messaging_channel/pending_inbound_nonces.rs

@@ -0,0 +1,111 @@
+use soroban_sdk::{testutils::Address as _, vec, Address, BytesN};
+
+use crate::{endpoint_v2::EndpointV2, tests::endpoint_setup::setup};
+
+#[test]
+fn test_pending_inbound_nonces_initially_empty() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
+
+    let receiver = Address::generate(env);
+    let src_eid = 2u32;
+    let sender = BytesN::from_array(env, &[1u8; 32]);
+
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 0);
+}
+
+#[test]
+fn test_pending_inbound_nonces_sorted_and_no_duplicates() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
+
+    let receiver = Address::generate(env);
+    let src_eid = 2u32;
+    let sender = BytesN::from_array(env, &[1u8; 32]);
+
+    let hash_5 = BytesN::from_array(env, &[0x05u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 5u64, &hash_5)
+    });
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender), vec![env, 5u64]);
+
+    let hash_2 = BytesN::from_array(env, &[0x02u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 2u64, &hash_2)
+    });
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender), vec![env, 2u64, 5u64]);
+
+    let hash_4 = BytesN::from_array(env, &[0x04u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 4u64, &hash_4)
+    });
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender), vec![env, 2u64, 4u64, 5u64]);
+
+    // Re-verify the same nonce should not duplicate it in the pending list.
+    let hash_4b = BytesN::from_array(env, &[0x44u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 4u64, &hash_4b)
+    });
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender), vec![env, 2u64, 4u64, 5u64]);
+}
+
+#[test]
+fn test_pending_inbound_nonces_drains_when_consecutive_sequence_completed() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
+
+    let receiver = Address::generate(env);
+    let src_eid = 2u32;
+    let sender = BytesN::from_array(env, &[1u8; 32]);
+
+    let hash_2 = BytesN::from_array(env, &[0x02u8; 32]);
+    let hash_3 = BytesN::from_array(env, &[0x03u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 2u64, &hash_2);
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 3u64, &hash_3);
+    });
+
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 0);
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender), vec![env, 2u64, 3u64]);
+
+    // Inserting nonce 1 closes the gap, so pending drains and inbound nonce advances to 3.
+    let hash_1 = BytesN::from_array(env, &[0x01u8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver, src_eid, &sender, 1u64, &hash_1)
+    });
+
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 3);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
+}
+
+#[test]
+fn test_pending_inbound_nonces_isolated_by_path() {
+    let context = setup();
+    let env = &context.env;
+    let endpoint_client = &context.endpoint_client;
+
+    let receiver_a = Address::generate(env);
+    let receiver_b = Address::generate(env);
+    let src_eid_a = 2u32;
+    let src_eid_b = 3u32;
+    let sender_a = BytesN::from_array(env, &[1u8; 32]);
+    let sender_b = BytesN::from_array(env, &[2u8; 32]);
+
+    let hash = BytesN::from_array(env, &[0xabu8; 32]);
+    env.as_contract(&endpoint_client.address, || {
+        EndpointV2::inbound_for_test(env, &receiver_a, src_eid_a, &sender_a, 2u64, &hash);
+        EndpointV2::inbound_for_test(env, &receiver_b, src_eid_a, &sender_a, 2u64, &hash);
+        EndpointV2::inbound_for_test(env, &receiver_a, src_eid_b, &sender_a, 2u64, &hash);
+        EndpointV2::inbound_for_test(env, &receiver_a, src_eid_a, &sender_b, 2u64, &hash);
+    });
+
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver_a, &src_eid_a, &sender_a), vec![env, 2u64]);
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver_b, &src_eid_a, &sender_a), vec![env, 2u64]);
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver_a, &src_eid_b, &sender_a), vec![env, 2u64]);
+    assert_eq!(endpoint_client.pending_inbound_nonces(&receiver_a, &src_eid_a, &sender_b), vec![env, 2u64]);
+}
+

package/contracts/endpoint-v2/src/tests/messaging_channel/skip.rs

@@ -53,7 +53,7 @@ fn test_skip_requires_auth_even_when_caller_is_receiver() {
     endpoint_client.skip(&receiver, &receiver, &src_eid, &sender, &nonce);
 }
 
-// Successful skip updates inbound/lazy nonces and emits InboundNonceSkipped
+// Successful skip updates inbound nonce and emits InboundNonceSkipped
 #[test]
 fn test_skip_success() {
     let context = setup();
@@ -65,13 +65,10 @@ fn test_skip_success() {
     let sender = BytesN::from_array(env, &[1u8; 32]);
     let nonce = 1;
 
-    // Verify initial state: lazy inbound nonce should be 0.
-    let initial_lazy_nonce = endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender);
-    assert_eq!(initial_lazy_nonce, 0, "Initial lazy inbound nonce should be 0");
-
     // Initially, inbound nonce should be 0.
     let initial_nonce = endpoint_client.inbound_nonce(&receiver, &src_eid, &sender);
     assert_eq!(initial_nonce, 0);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 
     // Skip nonce 1 (expected nonce is initial_nonce + 1 = 1).
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, nonce);
@@ -86,10 +83,7 @@ fn test_skip_success() {
     // Verify inbound nonce reflects the skip via public interface.
     let updated_nonce = endpoint_client.inbound_nonce(&receiver, &src_eid, &sender);
     assert_eq!(updated_nonce, nonce);
-
-    // Verify lazy inbound nonce was updated.
-    let lazy_nonce = endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender);
-    assert_eq!(lazy_nonce, nonce);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
 // Multiple sequential skips update to the latest nonce
@@ -111,13 +105,10 @@ fn test_skip_multiple_nonces() {
     let nonce2 = 2;
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, nonce2);
 
-    // Verify lazy inbound nonce was updated to nonce2.
-    let lazy_nonce = endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender);
-    assert_eq!(lazy_nonce, nonce2);
-
     // Verify inbound nonce reflects the latest skip.
     let updated_nonce = endpoint_client.inbound_nonce(&receiver, &src_eid, &sender);
     assert_eq!(updated_nonce, nonce2);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
 // Delegate authorization (delegate(receiver) is allowed)
@@ -146,9 +137,8 @@ fn test_skip_with_delegate() {
         InboundNonceSkipped { src_eid, sender: sender.clone(), receiver: receiver.clone(), nonce },
     );
 
-    // Verify lazy inbound nonce was updated.
-    let lazy_nonce = endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender);
-    assert_eq!(lazy_nonce, nonce);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), nonce);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 }
 
 // Path isolation (receiver/src_eid/sender are isolated)
@@ -176,11 +166,11 @@ fn test_skip_different_paths() {
     // Skip for different senders.
     skip_with_auth(&context, &receiver1, &receiver1, src_eid1, &sender2, nonce);
 
-    // Verify all paths have independent lazy nonces.
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver1, &src_eid1, &sender1), nonce);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver2, &src_eid1, &sender1), nonce);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver1, &src_eid2, &sender1), nonce);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver1, &src_eid1, &sender2), nonce);
+    // Verify all paths have independent inbound nonces.
+    assert_eq!(endpoint_client.inbound_nonce(&receiver1, &src_eid1, &sender1), nonce);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver2, &src_eid1, &sender1), nonce);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver1, &src_eid2, &sender1), nonce);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver1, &src_eid1, &sender2), nonce);
 }
 
 // Invalid nonce rejection (must match expected nonce)
@@ -224,10 +214,10 @@ fn test_skip_next_nonce_accounts_for_verified_payload_hashes() {
     let result = endpoint_client.try_skip(&receiver, &receiver, &src_eid, &sender, &1);
     assert_eq!(result.err().unwrap().ok().unwrap(), EndpointError::InvalidNonce.into());
 
-    // Skipping 2 should succeed and advance lazy inbound nonce to 2.
+    // Skipping 2 should succeed and advance inbound nonce to 2.
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, 2);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 2);
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 2);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 
     // skip() does not clear any existing payload hashes.
     assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &1), Some(payload_hash_1));
@@ -251,8 +241,8 @@ fn test_skip_closes_gap_and_advances_inbound_nonce() {
 
     // Skip nonce 1 to close the gap. This should allow inbound_nonce to advance to 2.
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, 1);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 1);
     assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 2);
+    assert!(endpoint_client.pending_inbound_nonces(&receiver, &src_eid, &sender).is_empty());
 
     // Payload hash at nonce 2 remains intact.
     assert_eq!(endpoint_client.inbound_payload_hash(&receiver, &src_eid, &sender, &2), Some(payload_hash_2));
@@ -271,7 +261,7 @@ fn test_skip_rejects_repeated_same_nonce() {
 
     // Skip nonce 1 successfully.
     skip_with_auth(&context, &receiver, &receiver, src_eid, &sender, 1);
-    assert_eq!(endpoint_client.lazy_inbound_nonce(&receiver, &src_eid, &sender), 1);
+    assert_eq!(endpoint_client.inbound_nonce(&receiver, &src_eid, &sender), 1);
 
     // Skipping nonce 1 again should fail since the next expected nonce is now 2.
     context.mock_auth(&receiver, "skip", (&receiver, &receiver, &src_eid, &sender, &1u64));

package/contracts/layerzero-views/src/layerzero_view.rs

@@ -104,9 +104,9 @@ impl LayerZeroView {
         let empty_hash = empty_payload_hash(env);
         let nil_hash = nil_payload_hash(env);
 
-        // Executed: payload hash has been cleared (None) and nonce <= lazy_inbound_nonce
+        // Executed: payload hash has been cleared (None) and nonce <= inbound_nonce
         if payload_hash.is_none()
-            && origin.nonce <= messaging_channel.lazy_inbound_nonce(receiver, &origin.src_eid, &origin.sender)
+            && origin.nonce <= messaging_channel.inbound_nonce(receiver, &origin.src_eid, &origin.sender)
         {
             return ExecutionState::Executed;
         }

package/contracts/layerzero-views/src/tests/layerzero_view_tests.rs

@@ -206,9 +206,9 @@ fn test_executable_state_executed() {
     let receiver = test_setup.register_oapp();
     let sender = soroban_sdk::Address::generate(&test_setup.env);
 
-    // Clear payload hash (None) and set lazy_inbound_nonce >= nonce = Executed
+    // Clear payload hash (None) and set inbound_nonce >= nonce = Executed
     test_setup.set_payload_hash(&receiver, REMOTE_EID, &sender, 1, &None);
-    test_setup.set_lazy_inbound_nonce(&receiver, REMOTE_EID, &sender, 1);
+    test_setup.set_inbound_nonce(&receiver, REMOTE_EID, &sender, 1);
 
     let origin = Origin { src_eid: REMOTE_EID, sender: address_to_bytes32(&sender), nonce: 1 };
 
@@ -262,9 +262,8 @@ fn test_executable_multiple_nonces_in_sequence() {
     assert_eq!(test_setup.view_client.executable(&origin_2, &receiver), ExecutionState::VerifiedButNotExecutable);
     assert_eq!(test_setup.view_client.executable(&origin_3, &receiver), ExecutionState::VerifiedButNotExecutable);
 
-    // Now execute nonce 1 (set lazy_inbound_nonce)
+    // Now execute nonce 1 (clear payload hash, advance inbound_nonce)
     test_setup.set_payload_hash(&receiver, REMOTE_EID, &sender, 1, &None);
-    test_setup.set_lazy_inbound_nonce(&receiver, REMOTE_EID, &sender, 1);
     test_setup.set_inbound_nonce(&receiver, REMOTE_EID, &sender, 2);
 
     assert_eq!(test_setup.view_client.executable(&origin_1, &receiver), ExecutionState::Executed);

package/contracts/layerzero-views/src/tests/setup.rs

@@ -30,7 +30,6 @@ mod endpoint_storage {
         Initializable(Address, u32, BytesN<32>),
         Verifiable(Address, u32, BytesN<32>),
         // State for executable tests
-        LazyInboundNonce(Address, u32, BytesN<32>),
         InboundNonce(Address, u32, BytesN<32>),
         InboundPayloadHash(Address, u32, BytesN<32>, u64),
         ReceiveLibrary(Address, u32),
@@ -91,13 +90,6 @@ impl MockEndpoint {
             .set(&endpoint_storage::MockEndpointStorage::Verifiable(receiver.clone(), *src_eid, sender.clone()), value);
     }
 
-    pub fn set_lazy_inbound_nonce(env: &Env, receiver: &Address, src_eid: &u32, sender: &BytesN<32>, nonce: &u64) {
-        env.storage().persistent().set(
-            &endpoint_storage::MockEndpointStorage::LazyInboundNonce(receiver.clone(), *src_eid, sender.clone()),
-            nonce,
-        );
-    }
-
     pub fn set_inbound_nonce(env: &Env, receiver: &Address, src_eid: &u32, sender: &BytesN<32>, nonce: &u64) {
         env.storage().persistent().set(
             &endpoint_storage::MockEndpointStorage::InboundNonce(receiver.clone(), *src_eid, sender.clone()),
@@ -135,13 +127,6 @@ impl MockEndpoint {
     // Getters required by LayerZeroView
     // =========================================================================
 
-    pub fn lazy_inbound_nonce(env: &Env, receiver: &Address, src_eid: &u32, sender: &BytesN<32>) -> u64 {
-        env.storage()
-            .persistent()
-            .get(&endpoint_storage::MockEndpointStorage::LazyInboundNonce(receiver.clone(), *src_eid, sender.clone()))
-            .unwrap_or(0)
-    }
-
     pub fn inbound_nonce(env: &Env, receiver: &Address, src_eid: &u32, sender: &BytesN<32>) -> u64 {
         env.storage()
             .persistent()
@@ -282,12 +267,6 @@ impl<'a> TestSetup<'a> {
         self.endpoint_client.set_verifiable(receiver, &src_eid, &sender_bytes32, &value);
     }
 
-    /// Set lazy inbound nonce (marks messages up to this nonce as processed).
-    pub fn set_lazy_inbound_nonce(&self, receiver: &Address, src_eid: u32, sender: &Address, nonce: u64) {
-        let sender_bytes32 = address_to_bytes32(sender);
-        self.endpoint_client.set_lazy_inbound_nonce(receiver, &src_eid, &sender_bytes32, &nonce);
-    }
-
     /// Set inbound nonce (marks messages up to this nonce as verified and executable).
     pub fn set_inbound_nonce(&self, receiver: &Address, src_eid: u32, sender: &Address, nonce: u64) {
         let sender_bytes32 = address_to_bytes32(sender);

package/contracts/macro-integration-tests/tests/runtime/lz_contract/wrapper_default.rs

@@ -27,7 +27,7 @@ fn exposes_ttl_and_ownable_features() {
     // Ownable helper works.
     let owner = Address::generate(&env);
     client.init(&owner);
-    assert_eq!(client.authorizer(), owner);
+    assert_eq!(client.authorizer(), Some(owner));
 
     // TTL-configurable read methods exist.
     let _cfg = client.ttl_configs();

package/contracts/macro-integration-tests/tests/runtime/lz_contract/wrapper_multisig.rs

@@ -16,7 +16,7 @@ fn uses_self_owning_auth_and_exposes_ttl() {
 
     // MultiSig auth => authorizer should be the contract address, without any init.
     let expected = env.as_contract(&contract_id, || env.current_contract_address());
-    assert_eq!(client.authorizer(), expected);
+    assert_eq!(client.authorizer(), Some(expected));
 
     // TTL-configurable read methods exist.
     let _cfg = client.ttl_configs();

package/contracts/macro-integration-tests/tests/runtime/lz_contract/wrapper_multisig_upgradeable.rs

@@ -30,7 +30,7 @@ fn self_auth_can_migrate_when_flag_set() {
 
     // MultiSig auth => authorizer should be the contract address, without any init.
     let expected = env.as_contract(&contract_id, || env.current_contract_address());
-    assert_eq!(client.authorizer(), expected);
+    assert_eq!(client.authorizer(), Some(expected));
 
     // Unauthorized migrate should fail.
     let unauthorized = client.try_migrate(&migration_data);