refactor(host-contracts): replace ExpirationDateBeforeOneHour with weaker ExpirationDateInThePast check

Author: zmalatrax

host-contracts/contracts/ACL.sol

@@ -70,6 +70,9 @@ contract ACL is
         uint256 expirationDate
     );
 
+    /// @notice Returned if the requested expiration date for user decryption delegation is in the past.
+    error ExpirationDateInThePast();
+
     /// @notice Returned if the handlesList array is empty.
     error HandlesListIsEmpty();
 
@@ -287,6 +290,9 @@ contract ACL is
         if (delegate == contractAddress) {
             revert DelegateCannotBeContractAddress(contractAddress);
         }
+        if (expirationDate <= block.timestamp) {
+            revert ExpirationDateInThePast();
+        }
 
         uint64 oldExpirationDate = userDecryptionDelegation.expirationDate;
         uint64 newExpirationDate = expirationDate;

host-contracts/docs/contract_selectors.txt

@@ -113,6 +113,8 @@ ACL
 |----------+---------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | ExpirationDateAlreadySetToSameValue(address,address,address,uint256)      | 0x39a48202                                                         |
 |----------+---------------------------------------------------------------------------+--------------------------------------------------------------------|
+| Error    | ExpirationDateInThePast()                                                 | 0x15515f1a                                                         |
+|----------+---------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | FailedCall()                                                              | 0xd6bda275                                                         |
 |----------+---------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | HandlesListIsEmpty()                                                      | 0x70bd1996                                                         |

host-contracts/lib/FHE.sol

@@ -9369,6 +9369,10 @@ library FHE {
     ///      - the ACL contract must not be paused.
     ///        Reverts via an {PausableUpgradeable-EnforcedPause} error otherwise.
     ///
+    ///      - `expirationDate` must be strictly in the future.
+    ///        i.e. `expirationDate > block.timestamp`
+    ///        Reverts with an {IACL-ExpirationDateInThePast} error otherwise.
+    ///
     ///      - `expirationDate` must differ from the current value.
     ///        Reverts with an {IACL-ExpirationDateAlreadySetToSameValue} error otherwise.
     ///

host-contracts/rust_bindings/src/acl.rs

@@ -306,6 +306,25 @@ contract ACLTest is HostContractsDeployerTestUtils {
         acl.delegateForUserDecryption(delegate, contractAddress, expirationDate);
     }
 
+    /**
+     * @dev Tests that the sender cannot delegate for user decryption with expiration date in the past.
+     */
+    function test_CannotDelegateForUserDecryptionWithExpirationDateInThePast(
+        address sender,
+        address delegate,
+        address contractAddress
+    ) public {
+        vm.assume(sender != contractAddress);
+        vm.assume(sender != delegate);
+        vm.assume(delegate != contractAddress);
+
+        uint64 expirationDate = uint64(block.timestamp);
+
+        vm.prank(sender);
+        vm.expectRevert(ACL.ExpirationDateInThePast.selector);
+        acl.delegateForUserDecryption(delegate, contractAddress, expirationDate);
+    }
+
     /**
      * @dev Tests that the sender cannot delegate to itself as the contract address.
      */

host-contracts/test/acl/acl.t.sol

@@ -169,6 +169,10 @@ library FHE {
     ///      - the ACL contract must not be paused.
     ///        Reverts via an {PausableUpgradeable-EnforcedPause} error otherwise.
     ///
+    ///      - `expirationDate` must be strictly in the future.
+    ///        i.e. `expirationDate > block.timestamp`
+    ///        Reverts with an {IACL-ExpirationDateInThePast} error otherwise.
+    ///
     ///      - `expirationDate` must differ from the current value.
     ///        Reverts with an {IACL-ExpirationDateAlreadySetToSameValue} error otherwise.
     ///

library-solidity/codegen/src/templates/FHE.sol-template

@@ -9369,6 +9369,10 @@ library FHE {
     ///      - the ACL contract must not be paused.
     ///        Reverts via an {PausableUpgradeable-EnforcedPause} error otherwise.
     ///
+    ///      - `expirationDate` must be strictly in the future.
+    ///        i.e. `expirationDate > block.timestamp`
+    ///        Reverts with an {IACL-ExpirationDateInThePast} error otherwise.
+    ///
     ///      - `expirationDate` must differ from the current value.
     ///        Reverts with an {IACL-ExpirationDateAlreadySetToSameValue} error otherwise.
     ///

library-solidity/lib/FHE.sol

@@ -252,6 +252,18 @@ contract FHEDelegationTest is HostContractsDeployerTestUtils {
         adapter.delegateUserDecryption(contractContext, contractContext, expirationDate);
     }
 
+    function testFuzz_DelegateUserDecryption_RevertsWhenExpiryInThePast(
+        uint256 expirationDate,
+        address delegate,
+        address contractContext
+    ) public {
+        _assumeDelegateAndContext(delegate, contractContext);
+        uint64 boundedExpiry = uint64(bound(expirationDate, 0, block.timestamp));
+
+        vm.expectRevert(ACL.ExpirationDateInThePast.selector);
+        adapter.delegateUserDecryption(delegate, contractContext, boundedExpiry);
+    }
+
     function testFuzz_DelegateUserDecryption_RevertsOnSameBlockReplay(
         uint256 expirationDate,
         address delegate,