Merge branch 'OpenZeppelin:master' into master

Author: Kansas

.changeset/itchy-turkeys-allow.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`RLP`: Add a library for encoding and decoding data in Ethereum's Recursive Length Prefix format.

.changeset/modern-moments-raise.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`Memory`: Add a UDVT for handling slices on memory space similarly to calldata slices.

.changeset/shiny-dolphins-lick.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`ERC4626`: compute `maxWithdraw` using `maxRedeem` and `previewRedeem` so that changes to the preview functions affect the max functions.

.changeset/silent-zebras-press.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`ERC7786Recipient`: Generic ERC-7786 cross-chain message recipient contract.

.changeset/wise-webs-fly.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`Accumulators`: A library for merging an arbitrary dynamic number of bytes buffers.

CHANGELOG.md

@@ -6,10 +6,13 @@
 
 ### Breaking changes
 
-- Update minimum pragma to 0.8.24 in `Votes`, `VotesExtended`, `ERC20Votes`, `Strings`, `ERC1155URIStorage`, `MessageHashUtils`, `ERC721URIStorage`, `ERC721Votes`, `ERC721Wrapper`, `ERC721Burnable`, `ERC721Consecutive`, `ERC721Enumerable`, `ERC721Pausable`, `ERC721Royalty`, `ERC721Wrapper`, `EIP712`, and `ERC7739`. ([#5726](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5726))
+- `SignerERC7702` is renamed as `SignerEIP7702`. Imports and inheritance must be updated to that new name and path. Behavior is unmodified.
+- `ERC721Holder` and `ERC1155Holder` are flagged as stateless and are no longer transpiled. Developers using their upgradeable variants from `@openzeppelin/contracts-upgradeable` (i.e. `ERC712HolderUpgradeable` and `ERC1155HolderUpgradeable`) must update their imports to use the equivalent version available in `@openzeppelin/contracts`.
+- Update minimum pragma to 0.8.24 in `Votes`, `VotesExtended`, `ERC20Votes`, `Strings`, `ERC1155URIStorage`, `MessageHashUtils`, `ERC721URIStorage`, `ERC721Votes`, `ERC721Wrapper`, `ERC721Burnable`, `ERC721Consecutive`, `ERC721Enumerable`, `ERC721Pausable`, `ERC721Royalty`, `ERC721Wrapper`, `EIP712`, `ERC4626` and `ERC7739`. ([#5726](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/5726))
 
 ### Deprecation
 
+- `Initializable` and `UUPSUpgradeable` are no longer transpiled. An alias is present in the `@openzeppelin/contracts-upgradeable` package that redirect to the corresponding file in `@openzeppelin/contracts`. These alias will be removed in the next major release. Developers are advised to update their imports to get these files directly from the `@openzeppelin/contracts` package.
 - `ECDSA` signature malleability protection is partly deprecated. See documentation for more details.
 
 ## 5.4.0 (2025-07-17)

GUIDELINES.md

@@ -117,7 +117,7 @@ In addition to the official Solidity Style Guide we have a number of other conve
 
   Some standards (e.g. ERC-20) use present tense, and in those cases the
   standard specification is used.
-  
+
 * Interface names should have a capital I prefix.
 
   ```solidity
@@ -141,7 +141,7 @@ In addition to the official Solidity Style Guide we have a number of other conve
 * Unchecked arithmetic blocks should contain comments explaining why overflow is guaranteed not to happen. If the reason is immediately apparent from the line above the unchecked block, the comment may be omitted.
 
 * Custom errors should be declared following the [EIP-6093](https://eips.ethereum.org/EIPS/eip-6093) rationale whenever reasonable. Also, consider the following:
-  
+
   * The domain prefix should be picked in the following order:
     1. Use `ERC<number>` if the error is a violation of an ERC specification.
     2. Use the name of the underlying component where it belongs (eg. `Governor`, `ECDSA`, or `Timelock`).
@@ -153,3 +153,18 @@ In addition to the official Solidity Style Guide we have a number of other conve
     4. Declare the error in an extension if the error only happens in such extension or child contracts.
 
   * Custom error names should not be declared twice along the library to avoid duplicated identifier declarations when inheriting from multiple contracts.
+
+* Numeric literals should use appropriate formats based on their purpose to improve code readability:
+
+  **Memory-related operations (use hexadecimal):**
+  * Memory locations: `mload(64)` → `mload(0x40)`
+  * Memory offsets: `mstore(add(ptr, 32), value)` → `mstore(add(ptr, 0x20), value)`
+  * Memory lengths: `keccak256(ptr, 85)` → `keccak256(ptr, 0x55)`
+
+  **Bit operations (use decimal):**
+  * Shift amounts: `shl(0x80, value)` → `shl(128, value)`
+  * Bit masks and positions should use decimal when representing bit counts
+
+  **Exceptions:**
+  * Trivially small values (1, 2) may use decimal even in memory operations: `ptr := add(ptr, 1)`
+  * In `call`/`staticcall`/`delegatecall`, decimal zero is acceptable when both location and length are zero

contracts/account/utils/draft-ERC7579Utils.sol

@@ -126,10 +126,10 @@ library ERC7579Utils {
         Mode mode
     ) internal pure returns (CallType callType, ExecType execType, ModeSelector selector, ModePayload payload) {
         return (
-            CallType.wrap(Packing.extract_32_1(Mode.unwrap(mode), 0)),
-            ExecType.wrap(Packing.extract_32_1(Mode.unwrap(mode), 1)),
-            ModeSelector.wrap(Packing.extract_32_4(Mode.unwrap(mode), 6)),
-            ModePayload.wrap(Packing.extract_32_22(Mode.unwrap(mode), 10))
+            CallType.wrap(Packing.extract_32_1(Mode.unwrap(mode), 0x00)),
+            ExecType.wrap(Packing.extract_32_1(Mode.unwrap(mode), 0x01)),
+            ModeSelector.wrap(Packing.extract_32_4(Mode.unwrap(mode), 0x06)),
+            ModePayload.wrap(Packing.extract_32_22(Mode.unwrap(mode), 0x0a))
         );
     }
 
@@ -146,9 +146,9 @@ library ERC7579Utils {
     function decodeSingle(
         bytes calldata executionCalldata
     ) internal pure returns (address target, uint256 value, bytes calldata callData) {
-        target = address(bytes20(executionCalldata[0:20]));
-        value = uint256(bytes32(executionCalldata[20:52]));
-        callData = executionCalldata[52:];
+        target = address(bytes20(executionCalldata[0x00:0x14]));
+        value = uint256(bytes32(executionCalldata[0x14:0x34]));
+        callData = executionCalldata[0x34:];
     }
 
     /// @dev Encodes a delegate call execution. See {decodeDelegate}.
@@ -163,8 +163,8 @@ library ERC7579Utils {
     function decodeDelegate(
         bytes calldata executionCalldata
     ) internal pure returns (address target, bytes calldata callData) {
-        target = address(bytes20(executionCalldata[0:20]));
-        callData = executionCalldata[20:];
+        target = address(bytes20(executionCalldata[0:0x14]));
+        callData = executionCalldata[0x14:];
     }
 
     /// @dev Encodes a batch of executions. See {decodeBatch}.
@@ -180,17 +180,17 @@ library ERC7579Utils {
             uint256 bufferLength = executionCalldata.length;
 
             // Check executionCalldata is not empty.
-            if (bufferLength < 32) revert ERC7579DecodingError();
+            if (bufferLength < 0x20) revert ERC7579DecodingError();
 
             // Get the offset of the array (pointer to the array length).
-            uint256 arrayLengthOffset = uint256(bytes32(executionCalldata[0:32]));
+            uint256 arrayLengthOffset = uint256(bytes32(executionCalldata[0x00:0x20]));
 
             // The array length (at arrayLengthOffset) should be 32 bytes long. We check that this is within the
             // buffer bounds. Since we know bufferLength is at least 32, we can subtract with no overflow risk.
-            if (arrayLengthOffset > bufferLength - 32) revert ERC7579DecodingError();
+            if (arrayLengthOffset > bufferLength - 0x20) revert ERC7579DecodingError();
 
             // Get the array length. arrayLengthOffset + 32 is bounded by bufferLength so it does not overflow.
-            uint256 arrayLength = uint256(bytes32(executionCalldata[arrayLengthOffset:arrayLengthOffset + 32]));
+            uint256 arrayLength = uint256(bytes32(executionCalldata[arrayLengthOffset:arrayLengthOffset + 0x20]));
 
             // Check that the buffer is long enough to store the array elements as "offset pointer":
             // - each element of the array is an "offset pointer" to the data.
@@ -200,7 +200,7 @@ library ERC7579Utils {
             //
             // Since we know bufferLength is at least arrayLengthOffset + 32, we can subtract with no overflow risk.
             // Solidity limits length of such arrays to 2**64-1, this guarantees `arrayLength * 32` does not overflow.
-            if (arrayLength > type(uint64).max || bufferLength - arrayLengthOffset - 32 < arrayLength * 32)
+            if (arrayLength > type(uint64).max || bufferLength - arrayLengthOffset - 0x20 < arrayLength * 0x20)
                 revert ERC7579DecodingError();
 
             assembly ("memory-safe") {

contracts/crosschain/ERC7786Recipient.sol

@@ -0,0 +1,69 @@
+// SPDX-License-Identifier: MIT
+
+pragma solidity ^0.8.27;
+
+import {IERC7786Recipient} from "../interfaces/draft-IERC7786.sol";
+import {BitMaps} from "../utils/structs/BitMaps.sol";
+
+/**
+ * @dev Base implementation of an ERC-7786 compliant cross-chain message receiver.
+ *
+ * This abstract contract exposes the `receiveMessage` function that is used for communication with (one or multiple)
+ * destination gateways. This contract leaves two functions unimplemented:
+ *
+ * * {_isAuthorizedGateway}, an internal getter used to verify whether an address is recognised by the contract as a
+ * valid ERC-7786 destination gateway. One or multiple gateway can be supported. Note that any malicious address for
+ * which this function returns true would be able to impersonate any account on any other chain sending any message.
+ *
+ * * {_processMessage}, the internal function that will be called with any message that has been validated.
+ *
+ * This contract implements replay protection, meaning that if two messages are received from the same gateway with the
+ * same `receiveId`, then the second one will NOT be executed, regardless of the result of {_isAuthorizedGateway}.
+ */
+abstract contract ERC7786Recipient is IERC7786Recipient {
+    using BitMaps for BitMaps.BitMap;
+
+    mapping(address gateway => BitMaps.BitMap) private _received;
+
+    error ERC7786RecipientUnauthorizedGateway(address gateway, bytes sender);
+    error ERC7786RecipientMessageAlreadyProcessed(address gateway, bytes32 receiveId);
+
+    /// @inheritdoc IERC7786Recipient
+    function receiveMessage(
+        bytes32 receiveId,
+        bytes calldata sender, // Binary Interoperable Address
+        bytes calldata payload
+    ) external payable returns (bytes4) {
+        // Check authorization
+        if (!_isAuthorizedGateway(msg.sender, sender)) {
+            revert ERC7786RecipientUnauthorizedGateway(msg.sender, sender);
+        }
+
+        // Prevent duplicate execution
+        if (_received[msg.sender].get(uint256(receiveId))) {
+            revert ERC7786RecipientMessageAlreadyProcessed(msg.sender, receiveId);
+        }
+        _received[msg.sender].set(uint256(receiveId));
+
+        _processMessage(msg.sender, receiveId, sender, payload);
+
+        return IERC7786Recipient.receiveMessage.selector;
+    }
+
+    /**
+     * @dev Virtual getter that returns whether an address is a valid ERC-7786 gateway for a given sender.
+     *
+     * The `sender` parameter is an interoperable address that include the source chain. The chain part can be
+     * extracted using the {InteroperableAddress} library to selectively authorize gateways based on the origin chain
+     * of a message.
+     */
+    function _isAuthorizedGateway(address gateway, bytes calldata sender) internal view virtual returns (bool);
+
+    /// @dev Virtual function that should contain the logic to execute when a cross-chain message is received.
+    function _processMessage(
+        address gateway,
+        bytes32 receiveId,
+        bytes calldata sender,
+        bytes calldata payload
+    ) internal virtual;
+}

contracts/crosschain/README.adoc

@@ -0,0 +1,12 @@
+= Cross chain interoperability
+
+[.readme-notice]
+NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/crosschain
+
+This directory contains contracts for sending and receiving cross chain messages that follows the ERC-7786 standard.
+
+- {ERC7786Recipient}: generic ERC-7786 crosschain contract that receives messages from a trusted gateway
+
+== Helpers
+
+{{ERC7786Recipient}}