@layerzerolabs/protocol-stellar-v2 0.2.51 → 0.2.52

package/contracts/oapps/console-oft/src/oft.rs

@@ -0,0 +1,208 @@
+//! Console OFT — Omnichain Fungible Token with RBAC, pausable, fee, and rate limiter extensions.
+//!
+//! Supports two operating modes:
+//!
+//! - **LockUnlock**: Locks tokens on send (transfer to contract), unlocks on receive.
+//! - **MintBurn**: Burns tokens on send, mints on receive via a configurable `Mintable` contract.
+//!
+//! ## Extension Hooks (applied in `__debit` / `__credit`)
+//!
+//! **Send path (`__debit`):**
+//!   1. Pause check (`__assert_not_paused`) — reverts if paused for the destination ID
+//!   2. Token debit (burn or lock `amount_received_ld`)
+//!   3. Rate limit outflow (`__outflow`) — consumes outbound capacity, releases inbound if net accounting
+//!   4. Fee charge (`__charge_fee`) — transfers fee to the fee deposit address
+//!
+//! **Receive path (`__credit`):**
+//!   1. Rate limit inflow (`__inflow`) — consumes inbound capacity, releases outbound if net accounting
+//!   2. Token credit (mint or unlock `amount_ld`)
+//!   3. No pause check, no fee
+
+use crate::{
+    self as oft,
+    extensions::{
+        oft_fee::{OFTFee, OFTFeeInternal},
+        pausable::{OFTPausable, OFTPausableInternal},
+        rate_limiter::{RateLimiter, RateLimiterInternal, UNLIMITED_AMOUNT},
+    },
+    oft_types::{lock_unlock, mint_burn, OftType},
+};
+use common_macros::{contract_impl, storage, ttl_configurable, ttl_extendable, upgradeable};
+use oapp_macros::oapp;
+use oft_core::{
+    assert_nonnegative_amount, impl_oft_lz_receive, utils as oft_utils, OFTCore, OFTError, OFTFeeDetail, OFTInternal,
+    OFTLimit, OFTReceipt, SendParam,
+};
+use soroban_sdk::{assert_with_error, contract, vec, Address, Bytes, Env, Vec};
+
+// =========================================================================
+// Storage
+// =========================================================================
+
+#[storage]
+enum OFTStorage {
+    #[instance(OftType)]
+    OftType,
+}
+
+// =========================================================================
+// OFT Contract
+// =========================================================================
+
+#[contract]
+#[ttl_configurable]
+#[ttl_extendable]
+#[upgradeable(no_migration, rbac)]
+#[oapp(custom = [core])]
+pub struct OFT;
+
+// LzReceiveInternal implementation using default OFT receive logic
+impl_oft_lz_receive!(OFT);
+
+#[contract_impl]
+impl OFT {
+    pub fn __constructor(
+        env: &Env,
+        token: &Address,
+        shared_decimals: u32,
+        oft_type: OftType,
+        endpoint: &Address,
+        delegate: &Address,
+        fee_deposit: &Address,
+    ) {
+        Self::__initialize_oft(env, token, shared_decimals, delegate, endpoint, delegate);
+        OFTStorage::set_oft_type(env, &oft_type);
+        Self::__set_fee_deposit(env, fee_deposit);
+    }
+
+    /// Returns the OFT type with its target address and configuration.
+    pub fn oft_type(env: &Env) -> OftType {
+        OFTStorage::oft_type(env).unwrap()
+    }
+}
+
+/// OFTCore trait implementation for console OFT with extensions
+#[contract_impl(contracttrait)]
+impl OFTCore for OFT {
+    fn quote_oft(env: &Env, _from: &Address, send_param: &SendParam) -> (OFTLimit, Vec<OFTFeeDetail>, OFTReceipt) {
+        assert_nonnegative_amount(env, send_param);
+
+        let dst_id = send_param.dst_eid as u128;
+
+        // 1. Rate limit capacity, accounting for pause
+        let mut max_amount_ld = if Self::is_paused(env, dst_id) {
+            0
+        } else {
+            Self::get_rate_limit_usages(env, dst_id).outbound_available_amount
+        };
+
+        // 2. Back-calculate max sendable amount accounting for fees.
+        // If the rate limit is unlimited, that means there is no rate limiting applied.
+        if max_amount_ld != UNLIMITED_AMOUNT {
+            max_amount_ld = Self::get_amount_before_fee(env, dst_id, max_amount_ld);
+        }
+
+        let oft_limit = OFTLimit { min_amount_ld: 0, max_amount_ld };
+
+        // 3. Compute receipt
+        let (amount_sent_ld, amount_received_ld) =
+            Self::__debit_view(env, send_param.amount_ld, send_param.min_amount_ld, send_param.dst_eid);
+        let oft_receipt = OFTReceipt { amount_sent_ld, amount_received_ld };
+
+        // 4. Fee details
+        let fee_details = if amount_sent_ld > amount_received_ld {
+            vec![
+                env,
+                OFTFeeDetail {
+                    fee_amount_ld: amount_sent_ld - amount_received_ld,
+                    description: Bytes::from_slice(env, b"Fee"),
+                },
+            ]
+        } else {
+            vec![env]
+        };
+
+        (oft_limit, fee_details, oft_receipt)
+    }
+}
+
+/// OFT behavior for Console OFT with extension hooks
+impl OFTInternal for OFT {
+    /// Calculates the amounts for a send without executing token operations.
+    ///
+    /// UI should ensure amounts are dust-free to avoid unintended fees.
+    fn __debit_view(env: &Env, amount_ld: i128, min_amount_ld: i128, dst_eid: u32) -> (i128, i128) {
+        let fee = Self::__get_fee(env, dst_eid as u128, amount_ld);
+        let conversion_rate = Self::__decimal_conversion_rate(env);
+        let amount_received_ld = oft_utils::remove_dust(amount_ld - fee, conversion_rate);
+
+        assert_with_error!(env, amount_received_ld >= min_amount_ld, OFTError::SlippageExceeded);
+
+        (amount_ld, amount_received_ld)
+    }
+
+    /// Executes the full send-side debit with all extension hooks.
+    ///
+    /// Flow: pause check → token debit → rate limit outflow → fee charge.
+    fn __debit(env: &Env, sender: &Address, amount_ld: i128, min_amount_ld: i128, dst_eid: u32) -> (i128, i128) {
+        Self::__assert_not_paused(env, dst_eid as u128);
+
+        let (amount_sent_ld, amount_received_ld) = match Self::oft_type(env) {
+            OftType::LockUnlock => {
+                lock_unlock::debit::<Self>(env, &Self::token(env), sender, amount_ld, min_amount_ld, dst_eid)
+            }
+            OftType::MintBurn(_mintable) => {
+                mint_burn::debit::<Self>(env, &Self::token(env), sender, amount_ld, min_amount_ld, dst_eid)
+            }
+        };
+
+        Self::__outflow(env, dst_eid as u128, sender, amount_received_ld);
+
+        let fee = amount_sent_ld - amount_received_ld;
+        Self::__charge_fee(env, &Self::token(env), sender, fee);
+
+        (amount_sent_ld, amount_received_ld)
+    }
+
+    /// Executes the full receive-side credit with extension hooks.
+    ///
+    /// Flow: rate limit inflow → token credit.
+    ///
+    /// No pause check on receive — this is intentional to prevent in-flight token lockups
+    /// when a chain is paused mid-transfer. Matches EVM where `whenNotPaused` is only on
+    /// `_debit`, not `_credit`.
+    fn __credit(env: &Env, to: &Address, amount_ld: i128, src_eid: u32) -> i128 {
+        Self::__inflow(env, src_eid as u128, to, amount_ld);
+
+        match Self::oft_type(env) {
+            OftType::LockUnlock => lock_unlock::credit::<Self>(env, &Self::token(env), to, amount_ld, src_eid),
+            OftType::MintBurn(mintable) => mint_burn::credit::<Self>(env, &mintable, to, amount_ld, src_eid),
+        }
+    }
+}
+
+// =========================================================================
+// Extension Trait Implementations
+// =========================================================================
+
+/// Pausable extension — per-Destination ID pause/unpause with separate PAUSER/UNPAUSER roles.
+/// Default state: unpaused. Only enforced on send path (`__debit`), not receive (`__credit`).
+#[contract_impl(contracttrait)]
+impl OFTPausable for OFT {}
+impl OFTPausableInternal for OFT {}
+
+/// Fee extension — proportional fee on outbound transfers.
+/// Default state: 0 BPS (no fee). Fees transferred to the fee deposit address.
+#[contract_impl(contracttrait)]
+impl OFTFee for OFT {}
+impl OFTFeeInternal for OFT {}
+
+/// Rate limiter extension — rolling window decay with net accounting.
+/// Default state: closed (limits=0, outbound+inbound enabled). Admin must set limits to open.
+#[contract_impl(contracttrait)]
+impl RateLimiter for OFT {}
+impl RateLimiterInternal for OFT {}
+
+// Console-specific access control (ownership, auth, RBAC)
+#[path = "oft_access_control.rs"]
+mod oft_access_control;

package/contracts/oapps/console-oft/src/oft_access_control.rs

@@ -0,0 +1,93 @@
+//! Console-specific access control: ownership, auth, and RBAC.
+//!
+//! - Delegate is permanently synced with the owner.
+//! - `transfer_ownership` (single-step) and `renounce_ownership` are disabled.
+//! - Only 2-step transfer via `begin_ownership_transfer` + `accept_ownership`.
+//! - `accept_ownership` auto-syncs the endpoint delegate to the new owner.
+
+use super::{OFTArgs, OFTClient, OFT};
+use crate::errors::OFTError;
+use common_macros::contract_impl;
+use endpoint_v2::LayerZeroEndpointV2Client;
+use oapp::oapp_core::OAppCore;
+use soroban_sdk::{panic_with_error, Address, Env};
+use utils::{
+    auth::Auth,
+    ownable::{Ownable, OwnableInitializer},
+    rbac::RoleBasedAccessControl,
+};
+
+// =========================================================================
+// Ownable & Auth implementation for OFT
+// =========================================================================
+
+impl OwnableInitializer for OFT {}
+
+#[contract_impl]
+impl Auth for OFT {
+    fn authorizer(env: &soroban_sdk::Env) -> Option<Address> {
+        Self::owner(env)
+    }
+}
+
+#[contract_impl(contracttrait)]
+impl Ownable for OFT {
+    /// Disabled one-step ownership transfer.
+    fn transfer_ownership(env: &soroban_sdk::Env, _new_owner: &soroban_sdk::Address) {
+        panic_with_error!(env, OFTError::Disabled);
+    }
+
+    /// Disabled renounce ownership.
+    fn renounce_ownership(env: &soroban_sdk::Env) {
+        panic_with_error!(env, OFTError::Disabled);
+    }
+
+    /// Accepts ownership and syncs the delegate on the endpoint to the new owner.
+    fn accept_ownership(env: &soroban_sdk::Env) {
+        OwnableDefault::accept_ownership(env);
+
+        let new_owner = Self::owner(env).unwrap();
+        LayerZeroEndpointV2Client::new(env, &Self::endpoint(env))
+            .set_delegate(&env.current_contract_address(), &Some(new_owner));
+    }
+}
+
+// =========================================================================
+// RoleBasedAccessControl implementation
+// =========================================================================
+
+#[contract_impl(contracttrait)]
+impl RoleBasedAccessControl for OFT {}
+
+// =========================================================================
+// OAppCore override — set_delegate disabled
+// =========================================================================
+
+#[contract_impl(contracttrait)]
+impl OAppCore for OFT {
+    /// Disabled set delegate.
+    fn set_delegate(
+        env: &soroban_sdk::Env,
+        _delegate: &Option<soroban_sdk::Address>,
+        _operator: &soroban_sdk::Address,
+    ) {
+        panic_with_error!(env, OFTError::Disabled);
+    }
+}
+
+// =========================================================================
+// Helper: access default Ownable implementation
+// =========================================================================
+
+/// Helper type to call the default `accept_ownership` logic before applying
+/// Console-specific post-acceptance hooks (delegate sync).
+/// Reads from the same `OwnableStorage` — no duplication of logic.
+struct OwnableDefault;
+
+impl Ownable for OwnableDefault {}
+
+impl Auth for OwnableDefault {
+    fn authorizer(env: &Env) -> Option<Address> {
+        <Self as Ownable>::owner(env)
+    }
+}

package/contracts/oapps/console-oft/src/oft_types/lock_unlock.rs

@@ -0,0 +1,50 @@
+//! LockUnlock type implementation for OFT.
+//!
+//! This OFT type locks tokens in the contract on debit (send) and unlocks
+//! tokens from the contract on credit (receive).
+//! Operates directly on the token via standard SEP-41 `transfer`.
+
+use oft_core::OFTCore;
+use soroban_sdk::{token::TokenClient, Address, Env};
+
+/// Debit tokens using LockUnlock OFT type (locks tokens in contract).
+///
+/// # Parameters
+/// * `env` - The Soroban environment
+/// * `token` - Address of the token
+/// * `sender` - Address of the token sender
+/// * `amount_ld` - Amount to debit in local decimals
+/// * `min_amount_ld` - Minimum amount that must be received (for slippage protection)
+/// * `dst_eid` - Destination endpoint ID
+///
+/// # Returns
+/// * `amount_sent_ld` - The amount sent in local decimals
+/// * `amount_received_ld` - The amount received in local decimals on the remote
+pub fn debit<T: OFTCore>(
+    env: &Env,
+    token: &Address,
+    sender: &Address,
+    amount_ld: i128,
+    min_amount_ld: i128,
+    dst_eid: u32,
+) -> (i128, i128) {
+    let (amount_sent_ld, amount_received_ld) = T::__debit_view(env, amount_ld, min_amount_ld, dst_eid);
+    TokenClient::new(env, token).transfer(sender, env.current_contract_address(), &amount_received_ld);
+    (amount_sent_ld, amount_received_ld)
+}
+
+/// Credit tokens using LockUnlock OFT type (unlocks tokens from contract).
+///
+/// # Parameters
+/// * `env` - The Soroban environment
+/// * `token` - Address of the token
+/// * `to` - Address of the token recipient
+/// * `amount_ld` - Amount to credit in local decimals
+/// * `_src_eid` - Source endpoint ID (unused)
+///
+/// # Returns
+/// The amount credited
+pub fn credit<T: OFTCore>(env: &Env, token: &Address, to: &Address, amount_ld: i128, _src_eid: u32) -> i128 {
+    TokenClient::new(env, token).transfer(&env.current_contract_address(), to, &amount_ld);
+    amount_ld
+}

package/contracts/oapps/console-oft/src/oft_types/mint_burn.rs

@@ -0,0 +1,50 @@
+//! MintBurn type implementation for OFT.
+//!
+//! This OFT type burns tokens on debit (send) and mints tokens on credit (receive).
+//! Used when the OFT contract has mint authority over the token.
+
+use crate::interfaces::MintableClient;
+use oft_core::OFTCore;
+use soroban_sdk::{token::TokenClient, Address, Env};
+
+/// Debit tokens using MintBurn OFT type (burns tokens from sender).
+///
+/// # Parameters
+/// * `env` - The Soroban environment
+/// * `token` - Address of the token (SAC) to burn from
+/// * `sender` - Address of the token sender
+/// * `amount_ld` - Amount to debit in local decimals
+/// * `min_amount_ld` - Minimum amount that must be received (for slippage protection)
+/// * `dst_eid` - Destination endpoint ID
+///
+/// # Returns
+/// * `amount_sent_ld` - The amount sent in local decimals
+/// * `amount_received_ld` - The amount received in local decimals on the remote
+pub fn debit<T: OFTCore>(
+    env: &Env,
+    token: &Address,
+    sender: &Address,
+    amount_ld: i128,
+    min_amount_ld: i128,
+    dst_eid: u32,
+) -> (i128, i128) {
+    let (amount_sent_ld, amount_received_ld) = T::__debit_view(env, amount_ld, min_amount_ld, dst_eid);
+    TokenClient::new(env, token).burn(sender, &amount_received_ld);
+    (amount_sent_ld, amount_received_ld)
+}
+
+/// Credit tokens using MintBurn OFT type (mints tokens to recipient).
+///
+/// # Parameters
+/// * `env` - The Soroban environment
+/// * `mintable` - Address of the contract responsible for minting tokens (e.g. SAC wrapper)
+/// * `to` - Address of the token recipient
+/// * `amount_ld` - Amount to credit in local decimals
+/// * `_src_eid` - Source endpoint ID (unused)
+///
+/// # Returns
+/// The amount credited
+pub fn credit<T: OFTCore>(env: &Env, mintable: &Address, to: &Address, amount_ld: i128, _src_eid: u32) -> i128 {
+    MintableClient::new(env, mintable).mint(to, &amount_ld, &env.current_contract_address());
+    amount_ld
+}

package/contracts/oapps/console-oft/src/oft_types/mod.rs

@@ -0,0 +1,24 @@
+//! OFT mode implementations.
+//!
+//! This module provides reference implementations for the two main OFT types:
+//!
+//! - **LockUnlock**: Locks tokens on send, unlocks on receive. Operates directly on the
+//!   token via standard SEP-41 `transfer`.
+//! - **MintBurn**: Burns tokens on send (via TokenClient on the token), mints on receive
+//!   via a contract that implements [`Mintable`](crate::interfaces::Mintable).
+
+use soroban_sdk::{contracttype, Address};
+
+pub mod lock_unlock;
+pub mod mint_burn;
+
+/// The OFT operation type.
+#[contracttype]
+#[derive(Clone, Debug, Eq, PartialEq)]
+pub enum OftType {
+    /// Lock tokens on send, unlock on receive.
+    LockUnlock,
+    /// Burn tokens on send, mint on receive.
+    /// The address is the Mintable contract used for minting on credit
+    MintBurn(Address),
+}

package/contracts/oapps/console-oft/src/tests/extensions/mod.rs

@@ -0,0 +1,3 @@
+mod oft_fee;
+mod pausable;
+mod rate_limiter;

package/contracts/oapps/console-oft/src/tests/extensions/oft_fee.rs

@@ -0,0 +1,255 @@
+extern crate std;
+
+use crate::extensions::oft_fee::FEE_CONFIG_MANAGER_ROLE;
+use crate::extensions::oft_fee::{OFTFee, OFTFeeError, OFTFeeInternal};
+use soroban_sdk::{
+    contract, contractimpl,
+    testutils::Address as _,
+    token::{StellarAssetClient, TokenClient},
+    Address, Env, Symbol,
+};
+use utils::auth::Auth;
+use utils::rbac::{grant_role_no_auth, RoleBasedAccessControl};
+
+// ============================================================================
+// Test Contract
+// ============================================================================
+
+#[contract]
+struct FeeTestContract;
+
+impl Auth for FeeTestContract {
+    fn authorizer(env: &Env) -> Option<Address> {
+        Some(env.current_contract_address())
+    }
+}
+
+impl OFTFeeInternal for FeeTestContract {}
+
+#[contractimpl(contracttrait)]
+impl OFTFee for FeeTestContract {}
+
+#[contractimpl(contracttrait)]
+impl RoleBasedAccessControl for FeeTestContract {}
+
+#[contractimpl]
+impl FeeTestContract {
+    pub fn init_roles(env: Env) {
+        let contract_id = env.current_contract_address();
+        grant_role_no_auth(&env, &contract_id, &Symbol::new(&env, FEE_CONFIG_MANAGER_ROLE), &contract_id);
+    }
+
+    pub fn charge_fee(env: Env, token: Address, from: Address, fee_amount: i128) {
+        <Self as OFTFeeInternal>::__charge_fee(&env, &token, &from, fee_amount);
+    }
+}
+
+// ============================================================================
+// Test Setup
+// ============================================================================
+
+struct TestSetup {
+    env: Env,
+    client: FeeTestContractClient<'static>,
+    contract_id: Address,
+    token: Address,
+    from: Address,
+    fee_deposit: Address,
+}
+
+fn setup() -> TestSetup {
+    let env = Env::default();
+    env.mock_all_auths_allowing_non_root_auth();
+
+    let contract_id = env.register(FeeTestContract, ());
+    let client = FeeTestContractClient::new(&env, &contract_id);
+    client.init_roles();
+
+    let token_admin = Address::generate(&env);
+    let sac = env.register_stellar_asset_contract_v2(token_admin.clone());
+    let token = sac.address();
+
+    let from = Address::generate(&env);
+    let fee_deposit = Address::generate(&env);
+
+    StellarAssetClient::new(&env, &token).mint(&from, &1_000_000i128);
+
+    TestSetup { env, client, contract_id, token, from, fee_deposit }
+}
+
+fn id(v: u32) -> u128 {
+    v as u128
+}
+
+// ============================================================================
+// Set Default Fee BPS Tests
+// ============================================================================
+
+#[test]
+fn test_set_default_fee_bps_rejects_invalid_value() {
+    let TestSetup { client, contract_id, .. } = setup();
+
+    let res = client.try_set_default_fee_bps(&10_001u32, &contract_id);
+    assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::InvalidBps.into());
+}
+
+// ============================================================================
+// Set Fee BPS Tests
+// ============================================================================
+
+#[test]
+fn test_set_fee_bps_rejects_invalid_value() {
+    let TestSetup { client, contract_id, .. } = setup();
+    let id_101 = id(101);
+
+    let res = client.try_set_fee_bps(&id_101, &Some(10_001u32), &contract_id);
+    assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::InvalidBps.into());
+}
+
+#[test]
+fn test_set_fee_bps_set_and_remove() {
+    let TestSetup { client, contract_id, .. } = setup();
+    let id_101 = id(101);
+
+    client.set_fee_bps(&id_101, &Some(200u32), &contract_id);
+    assert_eq!(client.fee_bps(&id_101), Some(200));
+    assert_eq!(client.get_fee(&id_101, &10_000i128), 200);
+
+    client.set_default_fee_bps(&111u32, &contract_id);
+    client.set_fee_bps(&id_101, &None, &contract_id);
+    assert_eq!(client.fee_bps(&id_101), None);
+    assert_eq!(client.default_fee_bps(), 111);
+    assert_eq!(client.get_fee(&id_101, &10_000i128), 111);
+
+    // Per-ID Some(0) explicitly overrides default to zero fee
+    client.set_fee_bps(&id_101, &Some(0u32), &contract_id);
+    assert_eq!(client.fee_bps(&id_101), Some(0));
+    assert_eq!(client.get_fee(&id_101, &10_000i128), 0);
+    assert_eq!(client.get_fee(&id(99), &10_000i128), 111, "other IDs still use default");
+
+    // set_default_fee_bps(0) removes the default fee
+    client.set_default_fee_bps(&0u32, &contract_id);
+    assert_eq!(client.default_fee_bps(), 0);
+    assert_eq!(client.get_fee(&id(99), &10_000i128), 0);
+}
+
+// ============================================================================
+// Set Fee Deposit Tests
+// ============================================================================
+
+#[test]
+fn test_set_fee_deposit_same_value() {
+    let TestSetup { client, contract_id, fee_deposit, .. } = setup();
+
+    client.set_fee_deposit(&fee_deposit, &contract_id);
+    let res = client.try_set_fee_deposit(&fee_deposit, &contract_id);
+    assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::SameValue.into());
+}
+
+// ============================================================================
+// Charge Fee Tests
+// ============================================================================
+
+#[test]
+fn test_charge_fee_zero_amount_no_transfer() {
+    let TestSetup { env, client, contract_id, token, from, fee_deposit, .. } = setup();
+
+    client.set_fee_deposit(&fee_deposit, &contract_id);
+
+    let token_client = TokenClient::new(&env, &token);
+    let from_before = token_client.balance(&from);
+    let dep_before = token_client.balance(&fee_deposit);
+
+    client.charge_fee(&token, &from, &0i128);
+
+    assert_eq!(token_client.balance(&from), from_before);
+    assert_eq!(token_client.balance(&fee_deposit), dep_before);
+}
+
+#[test]
+fn test_charge_fee_transfers() {
+    let TestSetup { env, client, contract_id, token, from, fee_deposit, .. } = setup();
+
+    client.set_fee_deposit(&fee_deposit, &contract_id);
+
+    let token_client = TokenClient::new(&env, &token);
+    let from_before = token_client.balance(&from);
+    let dep_before = token_client.balance(&fee_deposit);
+
+    client.charge_fee(&token, &from, &123i128);
+
+    assert_eq!(token_client.balance(&from), from_before - 123);
+    assert_eq!(token_client.balance(&fee_deposit), dep_before + 123);
+}
+
+// ============================================================================
+// Fee View Tests
+// ============================================================================
+
+#[test]
+fn test_fee_view_no_fee_returns_zero() {
+    let TestSetup { client, .. } = setup();
+
+    assert_eq!(client.get_fee(&id(1), &10_000i128), 0);
+}
+
+#[test]
+fn test_fee_view_computes_correct_fee() {
+    let TestSetup { client, contract_id, fee_deposit, .. } = setup();
+
+    client.set_fee_deposit(&fee_deposit, &contract_id);
+    client.set_default_fee_bps(&250u32, &contract_id);
+
+    assert_eq!(client.get_fee(&id(1), &10_000i128), 250);
+}
+
+// ============================================================================
+// Get Amount Before Fee Tests
+// ============================================================================
+
+#[test]
+fn test_get_amount_before_fee_no_fee() {
+    let TestSetup { client, .. } = setup();
+
+    let result = client.get_amount_before_fee(&id(1), &10_000i128);
+    assert_eq!(result, 10_000);
+}
+
+#[test]
+fn test_get_amount_before_fee_roundtrip() {
+    let TestSetup { client, contract_id, .. } = setup();
+
+    client.set_default_fee_bps(&250u32, &contract_id); // 2.5%
+
+    let original = 100_000i128;
+    let fee = client.get_fee(&id(1), &original);
+    let after_fee = original - fee;
+    let recovered = client.get_amount_before_fee(&id(1), &after_fee);
+    assert_eq!(recovered, original);
+}
+
+#[test]
+fn test_get_amount_before_fee_full_fee_returns_zero() {
+    let TestSetup { client, contract_id, .. } = setup();
+
+    client.set_default_fee_bps(&10_000u32, &contract_id); // 100%
+
+    let result = client.get_amount_before_fee(&id(1), &5_000i128);
+    assert_eq!(result, 0);
+}
+
+#[test]
+fn test_get_amount_before_fee_per_destination_override() {
+    let TestSetup { client, contract_id, .. } = setup();
+
+    client.set_default_fee_bps(&100u32, &contract_id); // 1% default
+    client.set_fee_bps(&id(42), &Some(500u32), &contract_id); // 5% for id 42
+
+    // 5% fee: after = 9_500 → before = 9_500 * 10_000 / 9_500 = 10_000
+    let result = client.get_amount_before_fee(&id(42), &9_500i128);
+    assert_eq!(result, 10_000);
+
+    // Other destinations still use default 1%
+    let result_default = client.get_amount_before_fee(&id(99), &9_900i128);
+    assert_eq!(result_default, 10_000);
+}