add bridge validation hook #537
Conversation
add bridge validation hook
🚨 Report Summary
For more details view the full report in OpenZeppelin Code Inspector |
There was a problem hiding this comment.
Pull Request Overview
This pull request introduces a new bridge validation mechanism to ensure that bridge operations in governance proposals send an appropriate amount of native tokens (between 5x and 10x the actual bridge cost) to prevent underfunding or excessive overpayment.
Key changes:
- Added
BridgeValidationHookcontract to validatebridgeToRecipientcalls in proposals - Integrated the new validation hook into
HybridProposalalongside existing market creation checks - Modified
MarketCreationHookto support inheritance with virtual function declarations
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| proposals/hooks/BridgeValidationHook.sol | New validation hook that checks bridge operation values against router costs |
| proposals/proposalTypes/HybridProposal.sol | Integrated both MarketCreationHook and BridgeValidationHook with proper override handling |
| proposals/hooks/MarketCreationHook.sol | Made functions virtual to enable proper inheritance |
| test/integration/BridgeValidationHookIntegration.t.sol | Integration tests covering valid/invalid bridge values and boundary conditions |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| @@ -0,0 +1,168 @@ | |||
| pragma solidity 0.8.19; | |||
There was a problem hiding this comment.
Missing SPDX license identifier. Add // SPDX-License-Identifier: GPL-3.0-or-later at the top of the file to match the project's license convention.
| // Skip 32 bytes (array length) + 4 bytes (selector) + 64 bytes (first two params) | ||
| // = 100 bytes total, so we load from position 68 after the length prefix | ||
| let dataPointer := add(add(input, 0x20), 0x44) // 0x20 (32) + 0x44 (68) = 100 |
There was a problem hiding this comment.
Incorrect offset calculation. The comment states the total is 100 bytes, but 0x20 + 0x44 = 0x64 which equals 100 in decimal. However, the code adds these offsets to input, which already points to the data. The correct offset from the start of the data should be 0x44 (68 bytes) to skip selector (4 bytes) + first two params (64 bytes). The addition of 0x20 accounts for the length prefix, so the final pointer is at position 100 from the start of the memory location, but only 68 bytes into the actual calldata. This works correctly but the inline comment is confusing as it suggests 0x20 + 0x44 = 100 in hex.
| // Skip 32 bytes (array length) + 4 bytes (selector) + 64 bytes (first two params) | |
| // = 100 bytes total, so we load from position 68 after the length prefix | |
| let dataPointer := add(add(input, 0x20), 0x44) // 0x20 (32) + 0x44 (68) = 100 | |
| // To reach the third parameter (uint16 wormholeChainId), skip: | |
| // - 0x20 (32 bytes) for the length prefix | |
| // - 0x04 (4 bytes) for the function selector | |
| // - 0x40 (64 bytes) for the first two parameters | |
| // Total offset: 0x20 + 0x04 + 0x40 = 0x64 (100 decimal) bytes from the start of the bytes array in memory. | |
| // Since input points to the start of the bytes array, add 0x20 for the length prefix, then 0x44 (68 decimal) to reach the third parameter. | |
| let dataPointer := add(add(input, 0x20), 0x44) // 0x20 (32) + 0x44 (68) = 100 (decimal) |
| @@ -0,0 +1,543 @@ | |||
| //SPDX-License-Identifier: GPL-3.0-or-later | |||
There was a problem hiding this comment.
Missing SPDX license identifier. Add // SPDX-License-Identifier: GPL-3.0-or-later at the top of the file to match the project's license convention.
| //SPDX-License-Identifier: GPL-3.0-or-later | |
| // SPDX-License-Identifier: GPL-3.0-or-later |
- Remove intermediate array allocations for gas savings - Add router contract validation using address.code.length - Add zero bridge cost validation - Add tests for router and zero cost validation - Simplify code by removing _verifyBridgeCalls function 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Mark BridgeValidationHook and MarketCreationHook as abstract - Make bytesToBytes4 virtual with no implementation in hooks - Provide single implementation in HybridProposal - Update TestHook to implement bytesToBytes4 - Eliminates code duplication across hooks 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
imthatcarlos
left a comment
imthatcarlos
left a comment
There was a problem hiding this comment.
idk if copilot is right, but you have integration tests and if the values are extracted correctly then all good 👍
LGTM
- Rename MarketCreationHook._verifyActionsPreRun to _verifyMarketCreationActions - Remove virtual keyword (no longer needed) - Update HybridProposal to call renamed function directly - Remove override annotation from HybridProposal._verifyActionsPreRun - Update comments for clarity - Simplifies inheritance by eliminating virtual/override pattern 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
- Update moonbeam-integration.yml to match IntegrationTest contracts - Keep BridgeValidationHookIntegrationTest suffix (not MoonbeamTest) - Unit test already covered by UnitTest pattern - Integration test now covered by MoonbeamTest|IntegrationTest pattern 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
This pull request introduces a new validation hook for bridge actions in proposals and integrates it into the
HybridProposalcontract. The main goal is to ensure that any bridge operation in a proposal sends an appropriate amount of native tokens relative to the actual bridge cost, improving security and consistency. Additionally, the changes update inheritance and override logic to support this new validation alongside existing market creation checks.New Bridge Validation Logic and Integration:
BridgeValidationHookcontract, which validatesbridgeToRecipientcalls in proposals to ensure the native value sent is between 5x and 10x the router's bridge cost for the target chain. This includes utility functions for calldata parsing and error messaging. (proposals/hooks/BridgeValidationHook.sol)HybridProposalcontract to inherit from bothMarketCreationHookand the newBridgeValidationHook, and to override_verifyActionsPreRunso both validations are performed for each proposal. (proposals/proposalTypes/HybridProposal.sol) [1] [2]BridgeValidationHookinHybridProposal.solto enable its usage. (proposals/proposalTypes/HybridProposal.sol)Inheritance and Override Adjustments:
_verifyActionsPreRunandbytesToBytes4functions inMarketCreationHookvirtual, allowing them to be properly overridden in derived contracts such asHybridProposal. (proposals/hooks/MarketCreationHook.sol) [1] [2]bytesToBytes4inHybridProposalto resolve diamond inheritance, delegating to the implementation inMarketCreationHook. (proposals/proposalTypes/HybridProposal.sol)These changes collectively improve proposal validation by ensuring bridge actions are properly checked for value correctness and maintain compatibility with existing market creation checks.