@layerzerolabs/protocol-stellar-v2 0.2.48 → 0.2.49

package/contracts/oapps/oft/integration-tests/setup.rs

@@ -10,13 +10,12 @@ use crate::{
     oft_types::OftType,
 };
 use endpoint_v2::{EndpointV2, EndpointV2Client};
-use oapp::oapp_core::OAPP_MANAGER_ROLE;
 use simple_message_lib::{SimpleMessageLib, SimpleMessageLibClient};
 use soroban_sdk::{
     contract, contractimpl, contracttype, log,
     testutils::{Address as _, MockAuth, MockAuthInvoke},
     token::{StellarAssetClient, TokenClient},
-    Address, BytesN, Env, IntoVal, Symbol,
+    Address, BytesN, Env, IntoVal,
 };
 
 // ============================================================================
@@ -214,22 +213,7 @@ pub fn wire_oft(env: &Env, chains: &[&ChainSetup<'_>]) {
     }
 }
 
-fn grant_oapp_admin(env: &Env, contract: &Address, owner: &Address) {
-    let role = Symbol::new(env, OAPP_MANAGER_ROLE);
-    env.mock_auths(&[MockAuth {
-        address: owner,
-        invoke: &MockAuthInvoke {
-            contract,
-            fn_name: "grant_role",
-            args: (owner, &role, owner).into_val(env),
-            sub_invokes: &[],
-        },
-    }]);
-    utils::rbac::RoleBasedAccessControlClient::new(env, contract).grant_role(owner, &role, owner);
-}
-
 pub fn set_peer(env: &Env, owner: &Address, oft: &OFTClient<'_>, dst_eid: u32, peer: &BytesN<32>) {
-    grant_oapp_admin(env, &oft.address, owner);
 
     let peer_option = Some(peer.clone());
     env.mock_auths(&[MockAuth {

package/contracts/oapps/oft/integration-tests/utils.rs

@@ -1,7 +1,7 @@
 //! Utility functions for OFT-STD integration tests.
 
 use crate::extensions::rate_limiter::{Direction, Mode, RateLimitConfig, RATE_LIMITER_MANAGER_ROLE};
-use crate::extensions::oft_fee::FEE_MANAGER_ROLE;
+use crate::extensions::oft_fee::FEE_CONFIG_MANAGER_ROLE;
 use crate::extensions::pausable::{PAUSER_ROLE, UNPAUSER_ROLE};
 use crate::integration_tests::setup::{decode_packet, ChainSetup};
 use crate::MintableClient;
@@ -406,19 +406,6 @@ pub fn is_paused(chain: &ChainSetup<'_>) -> bool {
 // ============================================================================
 
 pub fn set_fee_deposit_address(env: &Env, chain: &ChainSetup<'_>, deposit_address: &Address) {
-    // `set_fee_deposit_address` is protected by RBAC (`FEE_MANAGER_ROLE`). Grant it to owner for tests.
-    let role = Symbol::new(env, FEE_MANAGER_ROLE);
-    env.mock_auths(&[MockAuth {
-        address: &chain.owner,
-        invoke: &MockAuthInvoke {
-            contract: &chain.oft.address,
-            fn_name: "grant_role",
-            args: (&chain.owner, &role, &chain.owner).into_val(env),
-            sub_invokes: &[],
-        },
-    }]);
-    chain.oft.grant_role(&chain.owner, &role, &chain.owner);
-
     let deposit_address_opt = Some(deposit_address.clone());
     env.mock_auths(&[MockAuth {
         address: &chain.owner,
@@ -433,8 +420,8 @@ pub fn set_fee_deposit_address(env: &Env, chain: &ChainSetup<'_>, deposit_addres
 }
 
 pub fn set_default_fee_bps(env: &Env, chain: &ChainSetup<'_>, fee_bps: u32) {
-    // `set_default_fee_bps` is protected by RBAC (`FEE_MANAGER_ROLE`). Grant it to owner for tests.
-    let role = Symbol::new(env, FEE_MANAGER_ROLE);
+    // `set_default_fee_bps` is protected by RBAC (`FEE_CONFIG_MANAGER_ROLE`). Grant it to owner for tests.
+    let role = Symbol::new(env, FEE_CONFIG_MANAGER_ROLE);
     env.mock_auths(&[MockAuth {
         address: &chain.owner,
         invoke: &MockAuthInvoke {
@@ -460,8 +447,8 @@ pub fn set_default_fee_bps(env: &Env, chain: &ChainSetup<'_>, fee_bps: u32) {
 }
 
 pub fn set_fee_bps(env: &Env, chain: &ChainSetup<'_>, dst_eid: u32, fee_bps: u32) {
-    // `set_fee_bps` is protected by RBAC (`FEE_MANAGER_ROLE`). Grant it to owner for tests.
-    let role = Symbol::new(env, FEE_MANAGER_ROLE);
+    // `set_fee_bps` is protected by RBAC (`FEE_CONFIG_MANAGER_ROLE`). Grant it to owner for tests.
+    let role = Symbol::new(env, FEE_CONFIG_MANAGER_ROLE);
     env.mock_auths(&[MockAuth {
         address: &chain.owner,
         invoke: &MockAuthInvoke {

package/contracts/oapps/oft/src/extensions/oft_fee.rs

@@ -1,9 +1,9 @@
 use common_macros::{contract_error, contract_trait, only_role, storage};
 use soroban_sdk::{assert_with_error, contractevent, token::TokenClient, Address, Env};
-use utils::{option_ext::OptionExt, rbac::RoleBasedAccessControl};
+use utils::{option_ext::OptionExt, rbac::{RoleBasedAccessControl, AUTHORIZER}};
 
 /// Role for fee configuration (set_default_fee_bps, set_fee_bps, set_fee_deposit_address).
-pub const FEE_MANAGER_ROLE: &str = "FEE_MANAGER_ROLE";
+pub const FEE_CONFIG_MANAGER_ROLE: &str = "FEE_CONFIG_MANAGER_ROLE";
 
 /// Base fee in basis points (10,000 BPS = 100%)
 /// Used as denominator in fee calculations
@@ -82,8 +82,8 @@ pub trait OFTFee: OFTFeeInternal + RoleBasedAccessControl {
     /// - `Some(n)`: sets the default fee to `n` basis points (must be >0 and <=10,000).
     /// - `Some(0)`: rejected — use `None` to remove the default fee instead.
     /// - `None`: removes the default fee (effective rate becomes 0).
-    /// * `operator` - The address that must have FEE_MANAGER_ROLE
-    #[only_role(operator, FEE_MANAGER_ROLE)]
+    /// * `operator` - The address that must have FEE_CONFIG_MANAGER_ROLE
+    #[only_role(operator, FEE_CONFIG_MANAGER_ROLE)]
     fn set_default_fee_bps(env: &soroban_sdk::Env, default_fee_bps: &Option<u32>, operator: &soroban_sdk::Address) {
         Self::__set_default_fee_bps(env, default_fee_bps);
     }
@@ -96,8 +96,8 @@ pub trait OFTFee: OFTFeeInternal + RoleBasedAccessControl {
     /// # Arguments
     /// * `dst_eid` - The destination endpoint ID
     /// * `fee_bps` - The fee rate (0-10,000), or None to remove the fee configuration
-    /// * `operator` - The address that must have FEE_MANAGER_ROLE
-    #[only_role(operator, FEE_MANAGER_ROLE)]
+    /// * `operator` - The address that must have FEE_CONFIG_MANAGER_ROLE
+    #[only_role(operator, FEE_CONFIG_MANAGER_ROLE)]
     fn set_fee_bps(env: &soroban_sdk::Env, dst_eid: u32, fee_bps: &Option<u32>, operator: &soroban_sdk::Address) {
         Self::__set_fee_bps(env, dst_eid, fee_bps);
     }
@@ -106,8 +106,8 @@ pub trait OFTFee: OFTFeeInternal + RoleBasedAccessControl {
     ///
     /// # Arguments
     /// * `fee_deposit_address` - The address to deposit fees to, or None to remove the fee deposit address
-    /// * `operator` - The address that must have FEE_MANAGER_ROLE
-    #[only_role(operator, FEE_MANAGER_ROLE)]
+    /// * `operator` - The authorizer address
+    #[only_role(operator, AUTHORIZER)]
     fn set_fee_deposit_address(
         env: &soroban_sdk::Env,
         fee_deposit_address: &Option<soroban_sdk::Address>,

package/contracts/oapps/oft/src/tests/extensions/oft_fee.rs

@@ -1,7 +1,7 @@
 extern crate std;
 
 use crate::extensions::oft_fee::{OFTFee, OFTFeeError, OFTFeeInternal};
-use crate::extensions::oft_fee::FEE_MANAGER_ROLE;
+use crate::extensions::oft_fee::FEE_CONFIG_MANAGER_ROLE;
 use soroban_sdk::{
     contract, contractimpl,
     testutils::{Address as _, MockAuth, MockAuthInvoke},
@@ -34,10 +34,10 @@ impl RoleBasedAccessControl for FeeTestContract {}
 
 #[contractimpl]
 impl FeeTestContract {
-    /// Test-only: grants FEE_MANAGER_ROLE to the contract.
+    /// Test-only: grants FEE_CONFIG_MANAGER_ROLE to the contract.
     pub fn init_roles(env: Env) {
         let contract_id = env.current_contract_address();
-        grant_role_no_auth(&env, &contract_id, &Symbol::new(&env, FEE_MANAGER_ROLE), &contract_id);
+        grant_role_no_auth(&env, &contract_id, &Symbol::new(&env, FEE_CONFIG_MANAGER_ROLE), &contract_id);
     }
 
     pub fn fee_view(env: Env, dst_eid: u32, amount_ld: i128) -> i128 {

package/contracts/oapps/oft-core/integration-tests/setup.rs

@@ -18,10 +18,8 @@ use soroban_sdk::{
     contract, contractimpl, contracttype, log, symbol_short,
     testutils::{Address as _, MockAuth, MockAuthInvoke},
     token::{StellarAssetClient, TokenClient},
-    Address, Bytes, BytesN, Env, IntoVal, Symbol,
+    Address, Bytes, BytesN, Env, IntoVal,
 };
-use oapp::oapp_core::OAPP_MANAGER_ROLE;
-use utils::rbac::grant_role_no_auth;
 
 // ============================================================================
 // Test OFT Contract
@@ -182,10 +180,6 @@ fn setup_chain<'a>(env: &Env) -> ChainSetup<'a> {
     let shared_decimals: u32 = 6; // Default shared decimals
     let oft_address = env.register(TestOFT, (&oft_token, &owner, &endpoint_address, &delegate, &shared_decimals));
 
-    // Grant OAPP_MANAGER_ROLE to owner so they can call set_peer, set_delegate, set_msg_inspector, etc.
-    env.as_contract(&oft_address, || {
-        grant_role_no_auth(env, &owner, &Symbol::new(env, OAPP_MANAGER_ROLE), &owner);
-    });
     let composer_address = env.register(DummyComposer, (&endpoint_address,));
 
     let endpoint = EndpointV2Client::new(env, &endpoint_address);
@@ -263,22 +257,7 @@ pub fn wire_oft(env: &Env, chains: &[&ChainSetup<'_>]) {
     }
 }
 
-fn grant_oapp_admin(env: &Env, contract: &Address, owner: &Address) {
-    let role = soroban_sdk::Symbol::new(env, oapp::oapp_core::OAPP_MANAGER_ROLE);
-    env.mock_auths(&[MockAuth {
-        address: owner,
-        invoke: &MockAuthInvoke {
-            contract,
-            fn_name: "grant_role",
-            args: (owner, &role, owner).into_val(env),
-            sub_invokes: &[],
-        },
-    }]);
-    utils::rbac::RoleBasedAccessControlClient::new(env, contract).grant_role(owner, &role, owner);
-}
-
 pub fn set_peer(env: &Env, owner: &Address, oft: &OFTClient<'_>, dst_eid: u32, peer: &BytesN<32>) {
-    grant_oapp_admin(env, &oft.address, owner);
 
     let peer_option = Some(peer.clone());
     env.mock_auths(&[MockAuth {

package/contracts/oapps/oft-core/src/oft_core.rs

@@ -58,14 +58,14 @@ use crate::{
 use common_macros::{contract_trait, only_role};
 use endpoint_v2::{MessagingComposerClient, MessagingFee, MessagingReceipt};
 use oapp::{
-    oapp_core::{init_ownable_oapp, OAPP_MANAGER_ROLE},
+    oapp_core::init_ownable_oapp,
     oapp_options_type3::OAppOptionsType3,
     oapp_receiver::OAppReceiver,
     oapp_sender::{FeePayer, OAppSenderInternal},
     OAppMsgInspectorClient,
 };
 use soroban_sdk::{assert_with_error, token::TokenClient, vec, Address, Bytes, Env, Vec};
-use utils::{option_ext::OptionExt, ownable::OwnableInitializer};
+use utils::{option_ext::OptionExt, ownable::OwnableInitializer, rbac::AUTHORIZER};
 
 // ===========================================================================
 // OFTInternal Trait (NOT exposed as contract entrypoints)
@@ -448,12 +448,12 @@ pub trait OFTCore: OFTInternal {
     /// Pass `None` to remove the inspector and disable outbound validation.
     ///
     /// # Authorization
-    /// Requires the caller to have `OAPP_MANAGER_ROLE`.
+    /// Requires the caller to be the authorizer.
     ///
     /// # Arguments
     /// * `inspector` - Address of the inspector contract, or `None` to remove it
-    /// * `operator` - The address that must have OAPP_MANAGER_ROLE
-    #[only_role(operator, OAPP_MANAGER_ROLE)]
+    /// * `operator` - The authorizer address
+    #[only_role(operator, AUTHORIZER)]
     fn set_msg_inspector(
         env: &soroban_sdk::Env,
         inspector: &Option<soroban_sdk::Address>,

package/contracts/oapps/oft-core/src/tests/test_msg_inspector.rs

@@ -60,7 +60,7 @@ fn test_set_msg_inspector() {
     // Deploy a passing inspector
     let inspector_address = env.register(PassingInspector, ());
 
-    // Owner (with OAPP_MANAGER_ROLE) sets the inspector
+    // Owner (authorizer) sets the inspector
     env.mock_auths(&[MockAuth {
         address: &setup.owner,
         invoke: &MockAuthInvoke {
@@ -127,7 +127,7 @@ fn test_set_msg_inspector_requires_owner() {
     // Deploy a passing inspector
     let inspector_address = env.register(PassingInspector, ());
 
-    // Non-owner (without OAPP_MANAGER_ROLE) tries to set the inspector
+    // Non-owner (not the authorizer) tries to set the inspector
     let non_owner = Address::generate(&env);
     env.mock_auths(&[MockAuth {
         address: &non_owner,
@@ -139,7 +139,7 @@ fn test_set_msg_inspector_requires_owner() {
         },
     }]);
 
-    // This should panic because non_owner does not have OAPP_MANAGER_ROLE
+    // This should panic because non_owner is not the authorizer
     setup.oft.set_msg_inspector(&Some(inspector_address), &non_owner);
 }
 

package/contracts/oapps/oft-core/src/tests/test_utils.rs

@@ -8,7 +8,7 @@ use crate::{
     types::{OFTReceipt, SendParam},
 };
 use endpoint_v2::{LayerZeroReceiverClient, MessagingFee, MessagingParams, MessagingReceipt, Origin};
-use oapp::oapp_core::{OAppCoreClient, OAPP_MANAGER_ROLE};
+use oapp::oapp_core::OAppCoreClient;
 use soroban_sdk::{
     address_payload::AddressPayload,
     bytes, contract, contractimpl, log, symbol_short,
@@ -16,7 +16,6 @@ use soroban_sdk::{
     token::{StellarAssetClient, TokenClient},
     Address, Bytes, BytesN, Env, IntoVal, String, Symbol,
 };
-use utils::rbac::grant_role_no_auth;
 
 // ==================== Constants ====================
 
@@ -100,20 +99,6 @@ pub fn create_origin(src_eid: u32, sender: &BytesN<32>, nonce: u64) -> Origin {
     Origin { src_eid, sender: sender.clone(), nonce }
 }
 
-fn grant_oapp_admin(env: &Env, contract: &Address, owner: &Address) {
-    let role = Symbol::new(env, oapp::oapp_core::OAPP_MANAGER_ROLE);
-    env.mock_auths(&[MockAuth {
-        address: owner,
-        invoke: &MockAuthInvoke {
-            contract,
-            fn_name: "grant_role",
-            args: (owner, &role, owner).into_val(env),
-            sub_invokes: &[],
-        },
-    }]);
-    utils::rbac::RoleBasedAccessControlClient::new(env, contract).grant_role(owner, &role, owner);
-}
-
 // ==================== Test OFT Contracts ====================
 
 mod test_mint_burn_oft {
@@ -613,16 +598,6 @@ impl<'a> OFTTestSetupBuilder<'a> {
         OFTTestSetup::mint_to(env, &owner, &native_token, &owner, INITIAL_MINT_AMOUNT);
         OFTTestSetup::mint_to(env, &owner, &zro_token, &owner, INITIAL_MINT_AMOUNT);
 
-        // Grant OAPP_MANAGER_ROLE to owner so they can call set_peer, set_delegate, set_msg_inspector, etc.
-        env.as_contract(&oft_address, || {
-            grant_role_no_auth(
-                env,
-                &owner,
-                &Symbol::new(env, OAPP_MANAGER_ROLE),
-                &owner,
-            );
-        });
-
         // Setup based on OFT type
         match oft_type {
             OFTType::MintBurn => {
@@ -676,8 +651,6 @@ impl<'a> OFTTestSetup<'a> {
     }
 
     pub fn set_peer(&self, eid: u32, peer: &BytesN<32>) {
-        grant_oapp_admin(self.env, &self.oft.address, &self.owner);
-
         let peer_option = Some(peer.clone());
         self.env.mock_auths(&[MockAuth {
             address: &self.owner,

package/contracts/utils/src/rbac.rs

@@ -14,6 +14,9 @@ use soroban_sdk::{assert_with_error, contractevent, Address, Env, Symbol, Vec};
 /// Maximum number of roles that can exist simultaneously.
 pub const MAX_ROLES: u32 = 256;
 
+/// Role representing the contract's authorizer.
+pub const AUTHORIZER: &str = "AUTHORIZER";
+
 // ===========================================================================
 // Events
 // ===========================================================================
@@ -225,14 +228,21 @@ pub trait RoleBasedAccessControl: Auth {
 
 /// Ensures the caller has the specified role.
 ///
+/// When `role` matches [`AUTHORIZER`], verifies that `caller` is the contract's
+/// authorizer (via [`Auth::authorizer`]) instead of checking RBAC storage.
+///
 /// # Arguments
 /// * `role` - The role to check the caller for.
 /// * `caller` - The account that is being checked. Must have the role.
 ///
 /// # Errors
-/// * `Unauthorized` - If the caller does not have the role.
-pub fn ensure_role(env: &Env, role: &Symbol, caller: &Address) {
-    assert_with_error!(env, RbacStorage::has_role_account_to_index(env, role, caller), RbacError::Unauthorized);
+/// * `Unauthorized` - If the caller does not have the role (or is not the authorizer).
+pub fn ensure_role<T: RoleBasedAccessControl>(env: &Env, role: &Symbol, caller: &Address) {
+    if *role == Symbol::new(env, AUTHORIZER) {
+        assert_with_error!(env, T::authorizer(env).as_ref() == Some(caller), RbacError::Unauthorized);
+    } else {
+        assert_with_error!(env, T::has_role(env, caller, role).is_some(), RbacError::Unauthorized);
+    }
 }
 
 /// Grants a role to an account without auth check.

package/contracts/utils/src/tests/rbac.rs

@@ -37,7 +37,7 @@ impl RbacTestContract {
     // ----------------------------
 
     pub fn rbac_ensure_role(env: &Env, role: Symbol, caller: Address) {
-        ensure_role(env, &role, &caller);
+        ensure_role::<Self>(env, &role, &caller);
     }
 
     pub fn rbac_rm_role_admin_no_auth(env: &Env, role: Symbol) {

package/package.json

@@ -1,15 +1,15 @@
 {
   "name": "@layerzerolabs/protocol-stellar-v2",
-  "version": "0.2.48",
+  "version": "0.2.49",
   "private": false,
   "license": "LZBL-1.2",
   "devDependencies": {
     "@types/node": "^22.18.6",
     "tsx": "^4.19.3",
     "typescript": "^5.8.2",
-    "@layerzerolabs/stellar-ts-bindings-gen": "0.2.48",
-    "@layerzerolabs/common-node-utils": "0.2.48",
-    "@layerzerolabs/vm-tooling-stellar": "0.2.48"
+    "@layerzerolabs/stellar-ts-bindings-gen": "0.2.49",
+    "@layerzerolabs/common-node-utils": "0.2.49",
+    "@layerzerolabs/vm-tooling-stellar": "0.2.49"
   },
   "publishConfig": {
     "access": "restricted",