V2.6.0 sync#495
Open
Luisfc68 wants to merge 58 commits into
Open
Conversation
V2.5.0 testnet deploy -> QA
Qa test -> master
chore: add mainnet deployment info
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Feature/FLY-2295 - Validate pegout refund address
Feature/FLY-2300 - Allow pegout refunds for non-penalization cases
Fix/FLY-2299 - Limit provider data
fix: allow only providers with min collateral in depositPegout and getProviders
refactor: add foundry upgrades
feat: remove penalization on late refund call for pegout
feat: validate btc prefix in hashPegInQuote
Version 2.5.1 -> master
251 deployment info
Dependency ReviewThe following issues were found:
|
Contributor
There was a problem hiding this comment.
Pull request overview
Syncs master into the v2.6.0 branch, updating Flyover PegIn/PegOut validation semantics, provider listing/metadata validation, and modernizing deployment/scripts and test coverage (including new BTC address datasets + fuzzing).
Changes:
- PegOut: collateral-sufficiency gating on deposit, revised refund/validation behavior for resigned LPs, new quote “fairness” validation, and a new insufficient-collateral revert for penalized refunds.
- PegIn: additional restrictions on
contractAddresstargets and BTC address prefix validation (testnet/mainnet), plus expanded unit + fuzz tests using datasets. - Ops/tests: refactors deployment scripts to OpenZeppelin upgrades tooling, adds proxy-admin/role query scripts, and updates docs/config/network naming + datasets.
Reviewed changes
Copilot reviewed 73 out of 104 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
src/PegOutContract.sol |
Adds quote “fairness”/refund address validation, changes deposit collateral gating, adjusts refund penalty behavior. |
src/PegInContract.sol |
Adds BTC prefix validation and expands disallowed contractAddress targets. |
src/FlyoverDiscovery.sol |
Enforces provider metadata length bounds; listing now depends on collateral sufficiency. |
src/CollateralManagement.sol |
Enforces minCollateral >= 1; withdraw clears resignation when collateral is already zero. |
src/interfaces/IPegOut.sol |
Adds UnfairQuote + InsufficientCollateral errors and expands documentation. |
src/interfaces/IFlyoverDiscovery.sol |
Replaces invalid provider data error with length-bounds error definition. |
src/interfaces/ICollateralManagement.sol |
Adds MinCollateralTooLow error. |
test/pegout/LpRefund.t.sol |
Updates peg-out refund/validate tests for resigned LP + penalization/collateral edge cases. |
test/pegout/Hashing.t.sol |
Adds hashing revert cases for native pegout expiry bounds and zero refund address. |
test/pegout/Deposit.t.sol |
Adds deposit revert test for collateral below minimum and zero refund address. |
test/pegin/PegInTestBase.sol |
Adds mainnet/testnet deploy toggle and dependency reuse helper. |
test/pegin/RegisterPegIn.t.sol |
Uses mainnet redeploy + chainId fixture alignment; uses shared BTC address constant. |
test/pegin/Hashing.t.sol |
Switches to shared testnet P2PKH “zero” address constant. |
test/pegin/DerivationAddress.t.sol |
Splits mainnet/testnet BTC address fixtures; aligns chainId for derivation fixtures. |
test/pegin/CallForUser.t.sol |
Adds test ensuring callForUser can’t target CollateralManagement slasher paths. |
test/integration/FlyoverDiscovery.t.sol |
Adds integration test for re-registration after resign/slash/withdraw edge case. |
test/helpers/FlyoverTestBase.sol |
Simplifies proxy setup by letting OZ proxy create ProxyAdmin; removes explicit ProxyAdmin import. |
test/helpers/BtcAddressDataset.sol |
New helper to load BTC address fixtures from JSON datasets. |
test/constants/btc.sol |
New shared constant for testnet P2PKH “zero” address bytes. |
test/fuzz/pegin/PegInHashPegInQuote.fuzz.t.sol |
New fuzz suite validating BTC address parsing/acceptance via datasets. |
test/fuzz/pegin/PegInFuzzTestBase.sol |
Uses shared BTC address constant for quote construction. |
test/fuzz/collateral/CollateralFuzzTestBase.sol |
Uses shared BTC address constant for quote construction. |
test/discovery/DiscoveryTestBase.sol |
Adds helpers/constants for provider metadata length-bound tests. |
test/discovery/Registration.t.sol |
Adds max-length boundary tests; updates expected revert data. |
test/discovery/Update.t.sol |
Adds max-length boundary tests; updates expected revert data. |
test/discovery/ListingFilter.t.sol |
Ensures providers below new min collateral are excluded from listing. |
test/collateral/Configuration.t.sol |
Adds minCollateral boundary tests for initialize and setter. |
test/collateral/Resign.t.sol |
Updates withdraw behavior test for “slashed to zero” resignation clearing. |
test/collateral/Slashing.t.sol |
Updates BTC address placeholders to new constant/lengths. |
test/deployment/DeployPegOut.t.sol |
Updates deployment tests to read ProxyAdmin from proxy and verify ownership/upgradeability. |
test/deployment/DeployPegIn.t.sol |
Updates deployment tests to read ProxyAdmin from proxy and verify ownership/upgradeability. |
test/deployment/DeployFlyoverDiscovery.t.sol |
Updates deployment tests to read ProxyAdmin from proxy and verify ownership/upgradeability. |
test/deployment/DeployFlyover.t.sol |
Tracks per-proxy ProxyAdmin ownership and validates upgradeability of all deployed contracts. |
test/deployment/DeployCollateralManagement.t.sol |
Updates deployment tests to read ProxyAdmin ownership and validate upgradeability. |
test/datasets/p2pkh.json |
New BTC address fixture dataset. |
test/datasets/p2sh.json |
New BTC address fixture dataset. |
test/datasets/p2wpkh.json |
New BTC address fixture dataset. |
test/datasets/p2wsh.json |
New BTC address fixture dataset. |
test/datasets/p2tr.json |
New BTC address fixture dataset. |
script/helpers/ProxyReader.sol |
New helper to read ERC-1967 admin/implementation slots in scripts/tests. |
script/helpers/AddressResolver.sol |
Updates address key name for CollateralManagement resolution. |
script/HelperConfig.s.sol |
Adds OZ upgrades Options helper (unsafeAllow external-library-linking). |
script/deployment/DeployPauseRegistry.s.sol |
Refactors to Upgrades.deployTransparentProxy and logs proxy admin/impl. |
script/deployment/DeployCollateralManagement.s.sol |
Refactors to OZ upgrades tooling and logs proxy admin/impl. |
script/deployment/DeployFlyoverDiscovery.s.sol |
Refactors to OZ upgrades tooling and logs proxy admin/impl. |
script/deployment/DeployPegIn.s.sol |
Refactors to OZ upgrades tooling and logs proxy admin/impl. |
script/deployment/DeployPegOut.s.sol |
Refactors to OZ upgrades tooling and logs proxy admin/impl. |
script/deployment/DeployFlyover.s.sol |
Orchestrates multi-contract deploy via OZ upgrades tooling; records per-proxy admin/impl. |
script/deployment/DeployLibraries.s.sol |
New script to deploy linked libraries and guide updating addresses.json. |
script/tasks/QueryProxyAdmin.s.sol |
New script to read proxy admin (ERC-1967 slot) and owner if applicable. |
script/tasks/QueryFlyoverRoles.s.sol |
New script to query/access-control roles for a set of Flyover contracts. |
script/tasks/GetVersions.sh |
Updates network key handling and address keys for querying versions. |
README.md |
Updates make command examples to new network keys (e.g., rskTestnet). |
docs/FOUNDRY_MAKEFILE_GUIDE.md |
Updates network naming and command examples to new keys. |
package.json |
Bumps package version, updates upgrade scripts network args, adds OZ upgrades-core dependency, updates btc helper version. |
foundry.toml |
Enables AST/build info outputs; adds remappings for OZ libs. |
foundry.lock |
Adds OZ upgrades + OZ upgradeable lib pins. |
eslint.config.mjs |
Ignores lib/*. |
addresses.json |
Updates deployed addresses and keys (adds PauseRegistry/CM/Discovery/PegIn/PegOut per network). |
.gitmodules |
Adds submodules for openzeppelin-foundry-upgrades and openzeppelin-contracts-upgradeable. |
.gitignore |
Includes broadcast artifacts for chainId 30 in addition to 31. |
broadcast/DeployLibraries.s.sol/30/dry-run/run-latest.json |
Adds dry-run deployment artifact (chainId 30). |
broadcast/DeployLibraries.s.sol/31/dry-run/run-latest.json |
Adds dry-run deployment artifact (chainId 31). |
Comment on lines
+363
to
+366
| if ( | ||
| quote.expireBlock > block.number + _NATIVE_PEGOUT_BLOCKS || | ||
| quote.expireDate > block.timestamp + _NATIVE_PEGOUT_SECONDS | ||
| ) revert UnfairQuote(); |
Comment on lines
92
to
96
| function _deployAll( | ||
| address defaultAdmin, | ||
| HelperConfig.FlyoverConfig memory cfg | ||
| HelperConfig.FlyoverConfig memory cfg, | ||
| Options memory opts | ||
| ) private returns (FlyoverDeployment memory d) { |
Comment on lines
+98
to
+106
| address pauseRegistryProxy = Upgrades.deployTransparentProxy( | ||
| "PauseRegistry.sol", | ||
| defaultAdmin, | ||
| abi.encodeCall( | ||
| PauseRegistry.initialize, | ||
| (cfg.adminDelay, defaultAdmin) | ||
| ), | ||
| opts | ||
| ); |
Comment on lines
+30
to
+40
| /// @notice Reverts when provider metadata lengths are empty or exceed configured bounds | ||
| /// @param nameLength The observed provider name length | ||
| /// @param apiBaseUrlLength The observed API base URL length | ||
| /// @param maxNameLength The maximum allowed provider name length | ||
| /// @param maxApiBaseUrlLength The maximum allowed API base URL length | ||
| error ProviderDataLengthOutOfBounds( | ||
| uint256 nameLength, | ||
| uint256 apiBaseUrlLength, | ||
| uint256 maxNameLength, | ||
| uint256 maxApiBaseUrlLength | ||
| ); |
Comment on lines
230
to
236
| if (_shouldPenalize(quote, quoteHash, btcBlockHeaderHash)) { | ||
| uint256 collateral = _collateralManagement.getPegOutCollateral(quote.lpRskAddress); | ||
| if (collateral < quote.penaltyFee) { | ||
| revert IPegOut.InsufficientCollateral(collateral); | ||
| } | ||
| _collateralManagement.slashPegOutCollateral(msg.sender, quote, quoteHash); | ||
| } |
Comment on lines
+569
to
+571
| return _mainnet ? | ||
| prefix == 0x00 || prefix == 0x05 : // p2pkh and p2sh mainnet | ||
| prefix == 0x6f || prefix == 0xc4; // p2pkh and p2sh testnet |
AndresQuijano
approved these changes
Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Merge master into v2.6.0