optimize bridge validation and add safety checks

anajuliabit · claude · anajuliabit · commit 80f4dd379d3e · 2025-10-24T13:10:33.000-03:00
- Remove intermediate array allocations for gas savings - Add router contract validation using address.code.length - Add zero bridge cost validation - Add tests for router and zero cost validation - Simplify code by removing _verifyBridgeCalls function 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/proposals/hooks/BridgeValidationHook.sol b/proposals/hooks/BridgeValidationHook.sol
@@ -24,51 +24,32 @@ contract BridgeValidationHook {
     function _verifyBridgeActions(
         ProposalAction[] memory proposal
     ) internal view {
-        address[] memory targets = new address[](proposal.length);
-        uint256[] memory values = new uint256[](proposal.length);
-        bytes[] memory datas = new bytes[](proposal.length);
-
-        for (uint256 i = 0; i < proposal.length; i++) {
-            targets[i] = proposal[i].target;
-            values[i] = proposal[i].value;
-            datas[i] = proposal[i].data;
-        }
-
-        _verifyBridgeCalls(targets, values, datas);
-    }
-
-    /// @notice Internal function to verify bridge calls
-    /// @param targets Array of target addresses for each action
-    /// @param values Array of native token values for each action
-    /// @param datas Array of calldata for each action
-    function _verifyBridgeCalls(
-        address[] memory targets,
-        uint256[] memory values,
-        bytes[] memory datas
-    ) internal view {
-        uint256 proposalLength = targets.length;
+        uint256 proposalLength = proposal.length;
 
         for (uint256 i = 0; i < proposalLength; i++) {
-            bytes4 selector = bytesToBytes4(datas[i]);
+            bytes4 selector = bytesToBytes4(proposal[i].data);
 
             // Check if this action is a bridgeToRecipient call
             if (selector == BRIDGE_TO_RECIPIENT_SELECTOR) {
-                address router = targets[i];
-                uint256 actionValue = values[i];
+                address router = proposal[i].target;
+                uint256 actionValue = proposal[i].value;
+
+                // Validate router is a contract
+                _validateRouterIsContract(router);
 
                 // Extract wormholeChainId from calldata
                 // Calldata structure:
                 // 0-3: function selector
                 // 4-35: address to (32 bytes)
                 // 36-67: uint256 amount (32 bytes)
                 // 68-99: uint16 wormholeChainId (32 bytes, right-padded)
-                uint16 wormholeChainId = extractUint16FromCalldata(datas[i]);
-
-                // Get the actual bridge cost from the router
-                uint256 bridgeCost = xWELLRouter(router).bridgeCost(
-                    wormholeChainId
+                uint16 wormholeChainId = extractUint16FromCalldata(
+                    proposal[i].data
                 );
 
+                // Get the actual bridge cost from the router with validation
+                uint256 bridgeCost = _getBridgeCost(router, wormholeChainId);
+
                 // Validate that action value is between 5x and 10x the bridge cost
                 uint256 minValue = bridgeCost * MIN_BRIDGE_COST_MULTIPLIER;
                 uint256 maxValue = bridgeCost * MAX_BRIDGE_COST_MULTIPLIER;
@@ -96,6 +77,31 @@ contract BridgeValidationHook {
         }
     }
 
+    /// @notice Validates that the router address is a contract
+    /// @param router The router address to validate
+    function _validateRouterIsContract(address router) private view {
+        require(
+            router.code.length > 0,
+            "BridgeValidationHook: router must be a contract"
+        );
+    }
+
+    /// @notice Gets bridge cost from router and validates it's non-zero
+    /// @param router The router contract address
+    /// @param wormholeChainId The destination chain ID
+    /// @return bridgeCost The validated bridge cost
+    function _getBridgeCost(
+        address router,
+        uint16 wormholeChainId
+    ) private view returns (uint256 bridgeCost) {
+        bridgeCost = xWELLRouter(router).bridgeCost(wormholeChainId);
+
+        require(
+            bridgeCost > 0,
+            "BridgeValidationHook: bridge cost must be greater than zero"
+        );
+    }
+
     /// @notice Extract uint16 value from calldata at the third parameter position
     /// @param input The calldata to extract from
     /// @return result The extracted uint16 value
diff --git a/test/integration/BridgeValidationHookIntegration.t.sol b/test/integration/BridgeValidationHookIntegration.t.sol
@@ -365,6 +365,38 @@ contract BridgeValidationHookIntegrationTest is Test {
 
         proposal.testVerifyBridgeActions(actions);
     }
+
+    /// ============ VALIDATION TESTS ============
+
+    function testInvalidRouterNotContract() public {
+        InvalidRouterNotContractProposal proposal = new InvalidRouterNotContractProposal(
+                actualBridgeCost
+            );
+
+        proposal.build(addresses);
+
+        (
+            address[] memory targets,
+            uint256[] memory values,
+            bytes[] memory calldatas,
+            ,
+
+        ) = proposal.getProposalActionSteps();
+
+        ProposalAction[] memory actions = new ProposalAction[](1);
+        actions[0] = ProposalAction({
+            target: targets[0],
+            value: values[0],
+            data: calldatas[0],
+            description: "",
+            actionType: ActionType.Moonbeam
+        });
+
+        // Should fail validation - router is not a contract
+        vm.expectRevert("BridgeValidationHook: router must be a contract");
+
+        proposal.testVerifyBridgeActions(actions);
+    }
 }
 
 /// ============ TEST PROPOSAL CONTRACTS ============
@@ -541,3 +573,28 @@ contract BoundaryAboveMaximumProposal is BaseTestProposal {
         );
     }
 }
+
+/// @notice Invalid proposal - router is not a contract (EOA address)
+contract InvalidRouterNotContractProposal is BaseTestProposal {
+    constructor(uint256 _bridgeCost) BaseTestProposal(_bridgeCost) {}
+
+    string public constant override name = "INVALID_ROUTER_NOT_CONTRACT";
+
+    function build(Addresses addresses) public override {
+        // Use an EOA address instead of a contract
+        address eoaRouter = address(0x1234567890123456789012345678901234567890);
+
+        _pushAction(
+            eoaRouter, // EOA instead of contract
+            bridgeCost * 7,
+            abi.encodeWithSignature(
+                "bridgeToRecipient(address,uint256,uint16)",
+                TEST_RECIPIENT,
+                TEST_BRIDGE_AMOUNT,
+                BASE_WORMHOLE_CHAIN_ID
+            ),
+            "Bridge WELL to Base via invalid router",
+            ActionType.Moonbeam
+        );
+    }
+}
diff --git a/test/unit/BridgeValidationHookUnit.t.sol b/test/unit/BridgeValidationHookUnit.t.sol
