[L-01] Lack of Validation On Linked Messengers #1033
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ihor Farion <ihor@umaproject.org>
grasphoper
requested review from
bmzig,
mrice32,
nicholaspai and
pxrl
as code owners
nicholaspai
approved these changes
Jun 5, 2025
grasphoper
added a commit
that referenced
this pull request
Aug 5, 2025
* fix(ZkSync_SpokePool): Add __gap (#907) * fix(ZkSync_SpokePool): Add __gap This contract gets extended by the Lens_SpokePool which doesn't add any storage but we should add it in case a future variable gets added to the Lens_SpokePool * Update ZkSync_SpokePool.json * Add `OFTTransportAdapter` to support cross-chain token transfers of `USDT0` via `OFT` messaging protocol (#902) * first draft of OFTTransportAdapter Signed-off-by: Ihor Farion <ihor@umaproject.org> * update yarn.lock file Signed-off-by: Ihor Farion <ihor@umaproject.org> * Revert "update yarn.lock file" This reverts commit 4c216ea. Signed-off-by: Ihor Farion <ihor@umaproject.org> * add yarn.lock compatible with master Signed-off-by: Ihor Farion <ihor@umaproject.org> * polish OFTTransportAdapter, add OFT support to Arbitrum_Adapter on L1, and Arbitrum_SpokePool on L2 Signed-off-by: Ihor Farion <ihor@umaproject.org> * polish + fix missing approval Signed-off-by: Ihor Farion <ihor@umaproject.org> * add context for dstEid Signed-off-by: Ihor Farion <ihor@umaproject.org> * address most of the PR comments about contracts Signed-off-by: Ihor Farion <ihor@umaproject.org> * update deploy scripts, add tests for OFT messaging, polish contracts Signed-off-by: Ihor Farion <ihor@umaproject.org> * cleanup comments and extraneous log file Signed-off-by: Ihor Farion <ihor@umaproject.org> * revert package.json prepublish change Signed-off-by: Ihor Farion <ihor@umaproject.org> * generalize oft adapter to support multiple tokens. Introduce OFTAddressBook to support that. Update deploy / test scripts to reflect new functionality Signed-off-by: Ihor Farion <ihor@umaproject.org> * add __gap to ArbitrumSpokePool, update stale comments on OFTTransportAdapter, update layouts of ArbitrumSpokePool and AlephZeroSpokePool Signed-off-by: Ihor Farion <ihor@umaproject.org> * update some comments; adjust fee cap naming Signed-off-by: Ihor Farion <ihor@umaproject.org> * address PR comments Signed-off-by: Ihor Farion <ihor@umaproject.org> * address PR comments Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix deploy script, remove incorrect values from consts Signed-off-by: Ihor Farion <ihor@umaproject.org> * improve comment Signed-off-by: Ihor Farion <ihor@umaproject.org> * add oftFeeCap as a param to arbitrum adapter construction Signed-off-by: Ihor Farion <ihor@umaproject.org> * move OFT functionality to SpokePool for easy further integration and removing boilerplate code Signed-off-by: Ihor Farion <ihor@umaproject.org> * remove layerzero from foundry remappings Signed-off-by: Ihor Farion <ihor@umaproject.org> * address licensing comment; add permalink to LZ OFT code on github Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix a couple of comment typos Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * feat(SpokePoolPeriphery): Support multiple exchanges (#777) * feat(SpokePoolPeriphery): Support multiple exchanges Currently we can only initialize the periphery contract with a single exchange to swap with. This PR allows us to initialize it with multiple exchanges to swap with. Like before, these initial set of exchanges and function selectors cannot be changed post-initialization, which gives the user assurances. * rename * Update SpokeV3PoolPeriphery.sol * Update SpokeV3PoolPeriphery.sol * Update SpokeV3PoolPeriphery.sol * Add unit tests * Add whitelistExchanges only owner method * rename * Remove onlyOwner * Remove whitelist of exchanges, add proxy to bypass approval abuse Make user approve proxy contract so no one can use `exchange` + `routerCalldata` to steal their already approved funds via the `SpokePoolPeriphery` * Add some protection to callSpokePoolPeriphery * Only call swapAndBridge through proxy * move periphery funcs into proxy * Update SpokePoolV3Periphery.sol * remove depositERC20 * Update SpokePoolV3Periphery.sol * Add back safeTransferFron's to permit funcs * Add unit tests that check if calling deposit and swapAndBridge with no value fails directly * Add interfaces to make sure we don't add new functions as easily * Add Create2Factory * feat: add permit2 entrypoints to the periphery (#782) * feat: add permit2 entrypoints to the periphery Signed-off-by: Bennett <bennett@umaproject.org> * Update test/evm/foundry/local/SpokePoolPeriphery.t.sol * Update SpokePoolPeriphery.t.sol * move permit2 to proxy * fix permit2 Signed-off-by: bennett <bennett@umaproject.org> * wip: swap arguments refactor Signed-off-by: bennett <bennett@umaproject.org> * implement isValidSignature Signed-off-by: bennett <bennett@umaproject.org> * 1271 Signed-off-by: bennett <bennett@umaproject.org> * simplify isValidSignature Signed-off-by: bennett <bennett@umaproject.org> * rebase /programs on master Signed-off-by: nicholaspai <npai.nyc@gmail.com> * clean up comments * rebase programs * fix: consolidate structs so that permit2 witnesses cover inputs Signed-off-by: bennett <bennett@umaproject.org> * begin permit2 unit tests Signed-off-by: bennett <bennett@umaproject.org> * rebase * Update SpokePoolPeriphery.t.sol * move type definitions to interface Signed-off-by: bennett <bennett@umaproject.org> * fix permit2 test Signed-off-by: bennett <bennett@umaproject.org> * transfer type tests Signed-off-by: bennett <bennett@umaproject.org> * rename EIP1271Signature to Permi2Approval Signed-off-by: bennett <bennett@umaproject.org> --------- Signed-off-by: Bennett <bennett@umaproject.org> Signed-off-by: bennett <bennett@umaproject.org> Signed-off-by: nicholaspai <npai.nyc@gmail.com> Co-authored-by: nicholaspai <9457025+nicholaspai@users.noreply.github.com> Co-authored-by: nicholaspai <npai.nyc@gmail.com> * feat: sponsored swap and deposits (#790) * feat: add permit2 entrypoints to the periphery Signed-off-by: Bennett <bennett@umaproject.org> * Update test/evm/foundry/local/SpokePoolPeriphery.t.sol * Update SpokePoolPeriphery.t.sol * move permit2 to proxy * fix permit2 Signed-off-by: bennett <bennett@umaproject.org> * wip: swap arguments refactor Signed-off-by: bennett <bennett@umaproject.org> * implement isValidSignature Signed-off-by: bennett <bennett@umaproject.org> * 1271 Signed-off-by: bennett <bennett@umaproject.org> * simplify isValidSignature Signed-off-by: bennett <bennett@umaproject.org> * rebase /programs on master Signed-off-by: nicholaspai <npai.nyc@gmail.com> * clean up comments * rebase programs * feat: sponsored swap and deposits Signed-off-by: bennett <bennett@umaproject.org> * fix: consolidate structs so that permit2 witnesses cover inputs Signed-off-by: bennett <bennett@umaproject.org> * begin permit2 unit tests Signed-off-by: bennett <bennett@umaproject.org> * rebase * Update SpokePoolPeriphery.t.sol * move type definitions to interface Signed-off-by: bennett <bennett@umaproject.org> * fix permit2 test Signed-off-by: bennett <bennett@umaproject.org> * transfer type tests Signed-off-by: bennett <bennett@umaproject.org> * rename EIP1271Signature to Permi2Approval Signed-off-by: bennett <bennett@umaproject.org> * add mockERC20 which implements permit/receiveWithAuthorization Signed-off-by: bennett <bennett@umaproject.org> * add tests for permit, permit2, and receiveWithAuth swaps/deposits Signed-off-by: bennett <bennett@umaproject.org> * add tests for invalid witnesses Signed-off-by: bennett <bennett@umaproject.org> * factor out signature checking Signed-off-by: bennett <bennett@umaproject.org> --------- Signed-off-by: Bennett <bennett@umaproject.org> Signed-off-by: bennett <bennett@umaproject.org> Signed-off-by: nicholaspai <npai.nyc@gmail.com> Co-authored-by: nicholaspai <9457025+nicholaspai@users.noreply.github.com> Co-authored-by: nicholaspai <npai.nyc@gmail.com> * feat: Delete SwapAndBridge and add submission fees to gasless flow (#809) * feat: add permit2 entrypoints to the periphery Signed-off-by: Bennett <bennett@umaproject.org> * Update test/evm/foundry/local/SpokePoolPeriphery.t.sol * Update SpokePoolPeriphery.t.sol * move permit2 to proxy * fix permit2 Signed-off-by: bennett <bennett@umaproject.org> * wip: swap arguments refactor Signed-off-by: bennett <bennett@umaproject.org> * implement isValidSignature Signed-off-by: bennett <bennett@umaproject.org> * 1271 Signed-off-by: bennett <bennett@umaproject.org> * simplify isValidSignature Signed-off-by: bennett <bennett@umaproject.org> * rebase /programs on master Signed-off-by: nicholaspai <npai.nyc@gmail.com> * clean up comments * rebase programs * feat: sponsored swap and deposits Signed-off-by: bennett <bennett@umaproject.org> * fix: consolidate structs so that permit2 witnesses cover inputs Signed-off-by: bennett <bennett@umaproject.org> * begin permit2 unit tests Signed-off-by: bennett <bennett@umaproject.org> * rebase * Update SpokePoolPeriphery.t.sol * move type definitions to interface Signed-off-by: bennett <bennett@umaproject.org> * fix permit2 test Signed-off-by: bennett <bennett@umaproject.org> * transfer type tests Signed-off-by: bennett <bennett@umaproject.org> * rename EIP1271Signature to Permi2Approval Signed-off-by: bennett <bennett@umaproject.org> * add mockERC20 which implements permit/receiveWithAuthorization Signed-off-by: bennett <bennett@umaproject.org> * add tests for permit, permit2, and receiveWithAuth swaps/deposits Signed-off-by: bennett <bennett@umaproject.org> * add tests for invalid witnesses Signed-off-by: bennett <bennett@umaproject.org> * feat: Delete SwapAndBridge and add submission fees to gasless flow SwapAndBridge is to be replaced with SpokePoolV3Periphery Gasless flows will require user to cover gas cost of whoever submits the transaction, but they can be set to 0 if the user wants to submit themselves. * Internal refactor * Update SpokePoolV3Periphery.sol * Update PeripherySigningLib.sol * Update SpokePoolV3Periphery.sol * Update PeripherySigningLib.sol --------- Signed-off-by: Bennett <bennett@umaproject.org> Signed-off-by: bennett <bennett@umaproject.org> Signed-off-by: nicholaspai <npai.nyc@gmail.com> Co-authored-by: Bennett <bennett@umaproject.org> * Update SpokePoolV3Periphery.sol * Update SpokePoolPeriphery.t.sol * Move all comments to interface and use inherit doc * fix: eip712 types and hashes (#821) * refactor comments Signed-off-by: bennett <bennett@umaproject.org> * Create IERC20Auth.sol * fix tests * Comments --------- Signed-off-by: Bennett <bennett@umaproject.org> Signed-off-by: bennett <bennett@umaproject.org> Signed-off-by: nicholaspai <npai.nyc@gmail.com> Co-authored-by: bmzig <57361391+bmzig@users.noreply.github.com> Co-authored-by: Bennett <bennett@umaproject.org> Co-authored-by: Dong-Ha Kim <dongha.kim210@gmail.com> * Single AddressBook for all adapters (#919) * use a single address book instead of 1 per adapter for oft / xerc20 storage needs Signed-off-by: Ihor Farion <ihor@umaproject.org> * update comments and naming Signed-off-by: Ihor Farion <ihor@umaproject.org> * add a gas optimization suggested in OFT PR Signed-off-by: Ihor Farion <ihor@umaproject.org> * address PR comments and minor improvements Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix spokePool test Signed-off-by: Ihor Farion <ihor@umaproject.org> * address PR comments Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * feat: add xERC20 standard support via Hyperlane (#914) * first draft of OFTTransportAdapter Signed-off-by: Ihor Farion <ihor@umaproject.org> * update yarn.lock file Signed-off-by: Ihor Farion <ihor@umaproject.org> * Revert "update yarn.lock file" This reverts commit 4c216ea. Signed-off-by: Ihor Farion <ihor@umaproject.org> * add yarn.lock compatible with master Signed-off-by: Ihor Farion <ihor@umaproject.org> * polish OFTTransportAdapter, add OFT support to Arbitrum_Adapter on L1, and Arbitrum_SpokePool on L2 Signed-off-by: Ihor Farion <ihor@umaproject.org> * polish + fix missing approval Signed-off-by: Ihor Farion <ihor@umaproject.org> * add context for dstEid Signed-off-by: Ihor Farion <ihor@umaproject.org> * address most of the PR comments about contracts Signed-off-by: Ihor Farion <ihor@umaproject.org> * update deploy scripts, add tests for OFT messaging, polish contracts Signed-off-by: Ihor Farion <ihor@umaproject.org> * cleanup comments and extraneous log file Signed-off-by: Ihor Farion <ihor@umaproject.org> * revert package.json prepublish change Signed-off-by: Ihor Farion <ihor@umaproject.org> * generalize oft adapter to support multiple tokens. Introduce OFTAddressBook to support that. Update deploy / test scripts to reflect new functionality Signed-off-by: Ihor Farion <ihor@umaproject.org> * add __gap to ArbitrumSpokePool, update stale comments on OFTTransportAdapter, update layouts of ArbitrumSpokePool and AlephZeroSpokePool Signed-off-by: Ihor Farion <ihor@umaproject.org> * update some comments; adjust fee cap naming Signed-off-by: Ihor Farion <ihor@umaproject.org> * address PR comments Signed-off-by: Ihor Farion <ihor@umaproject.org> * address PR comments Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix deploy script, remove incorrect values from consts Signed-off-by: Ihor Farion <ihor@umaproject.org> * improve comment Signed-off-by: Ihor Farion <ihor@umaproject.org> * init commit that adds xerc20 hyperlane adapter and embeds it into arbitrum adapter and spokepool Signed-off-by: Ihor Farion <ihor@umaproject.org> * complete adapter / spoke modifications to support xerc20 trasnfers through hyperlane Signed-off-by: Ihor Farion <ihor@umaproject.org> * updated chain adapters with XERC20 support: mode, base, unichain, blast, linea, optimism; updated spokepools: same chains; added spoke + adapter tests: arbitrum, optimism, linea Signed-off-by: Ihor Farion <ihor@umaproject.org> * update arbitrum spokepool gap Signed-off-by: Ihor Farion <ihor@umaproject.org> * polish code to fit blast spokepool into a bytecode size limit Signed-off-by: Ihor Farion <ihor@umaproject.org> * added testing xerc20 functionality for chain adapters: base, blast, mode, unichain Signed-off-by: Ihor Farion <ihor@umaproject.org> * add spoke pool tests for xerc20 transfers for: base, mode, unichain Signed-off-by: Ihor Farion <ihor@umaproject.org> * add blast spoke pool tests in a separate commit for easy revert Signed-off-by: Ihor Farion <ihor@umaproject.org> * add oftFeeCap as a param to arbitrum adapter construction Signed-off-by: Ihor Farion <ihor@umaproject.org> * move OFT functionality to SpokePool for easy further integration and removing boilerplate code Signed-off-by: Ihor Farion <ihor@umaproject.org> * remove layerzero from foundry remappings Signed-off-by: Ihor Farion <ihor@umaproject.org> * remove MockBlast_SpokePool and related test, as they're of limited use Signed-off-by: Ihor Farion <ihor@umaproject.org> * address licensing comment; add permalink to LZ OFT code on github Signed-off-by: Ihor Farion <ihor@umaproject.org> * make AddressBook consistent between OFT and XERC20 Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix a couple of comment typos Signed-off-by: Ihor Farion <ihor@umaproject.org> * checkpoint: deploy scripts and test modifications for adapter / spokepool constructor changes are still needed Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix a couple of comment typos Signed-off-by: Ihor Farion <ihor@umaproject.org> * adjust xerc20 code to fit the new adapter store pattern Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix adapter tests with new pattern Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix all spokepool tests Signed-off-by: Ihor Farion <ihor@umaproject.org> * update storage layouts Signed-off-by: Ihor Farion <ihor@umaproject.org> * update adapter deployment scripts Signed-off-by: Ihor Farion <ihor@umaproject.org> * update all deploy scripts; update compiler params so that Blast_Spoke fits in the bytecode limit Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix foundry tests Signed-off-by: Ihor Farion <ihor@umaproject.org> * add QOL improvements to package.json , fix CI Signed-off-by: Ihor Farion <ihor@umaproject.org> * small pre-review polish Signed-off-by: Ihor Farion <ihor@umaproject.org> * deploy AdapterStore on sepolia, final polish Signed-off-by: Ihor Farion <ihor@umaproject.org> * polish comments Signed-off-by: Ihor Farion <ihor@umaproject.org> * make AdapterStore upgradeable; move AdapterStore.sol to a different folder; deploy upgradeable version Signed-off-by: Ihor Farion <ihor@umaproject.org> * Revert "make AdapterStore upgradeable; move AdapterStore.sol to a different folder; deploy upgradeable version" This reverts commit 7ef6170. Signed-off-by: Ihor Farion <ihor@umaproject.org> * make AdapterStore future-proof to additional storage requirements Signed-off-by: Ihor Farion <ihor@umaproject.org> * remove unused imports Signed-off-by: Ihor Farion <ihor@umaproject.org> * add new AdapterStore deployments, add verification to AdapterStore deploy script Signed-off-by: Ihor Farion <ihor@umaproject.org> * polish: remove oft / xerc20 chain id libs, change to constants. Rename _setHypXERC20Router and add human error protection Signed-off-by: Ihor Farion <ihor@umaproject.org> * OFT-specific polish: renaming Signed-off-by: Ihor Farion <ihor@umaproject.org> * remove named fee cap constants from chain-specific spokepools due to name collision; substitute for a const literal with comment. Fix tests Signed-off-by: Ihor Farion <ihor@umaproject.org> * add oftDstEid and hypXERC20DstDomain as constructor params wherever possible. Refactor AdapterStore functionality for chain Adapters Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix all tests Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix all deployment scripts Signed-off-by: Ihor Farion <ihor@umaproject.org> * modify evm-contract-sizes.sh to use --optimizer-runs flag insted of modifying foundry.toml on the fly Signed-off-by: Ihor Farion <ihor@umaproject.org> * adjust var naming and comments in AdapterStore Signed-off-by: Ihor Farion <ihor@umaproject.org> * clean up deploy scripts; bump constants repo dep Signed-off-by: Ihor Farion <ihor@umaproject.org> * remove deploy from include Signed-off-by: Ihor Farion <ihor@umaproject.org> * cleanup hardcoded vars from tests Signed-off-by: Ihor Farion <ihor@umaproject.org> * address new PR comments Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * feat: remove XERC20 code (#991) * remove Xerc20 code This reverts most of commit 62c4d96. * storage layouts * add OFT to universl adapter * remove extra AdapterStore * Update Universal_SpokePool.json * Add OFT unit tests to Universal spoke * Revert "feat(SpokePoolPeriphery): Support multiple exchanges (#777)" This reverts commit b9a298e. * adjust comments: remove xERC20 references Signed-off-by: Ihor Farion <ihor@umaproject.org> * add amountSentLD check (#1027) Signed-off-by: Ihor Farion <ihor@umaproject.org> * update doc comment (#1030) Signed-off-by: Ihor Farion <ihor@umaproject.org> * add human error protection to AdapterStore.sol (#1033) Signed-off-by: Ihor Farion <ihor@umaproject.org> * require that returned lzTokenFee is zero. Add tests for fee cap checking (#1029) Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix typos (#1035) Signed-off-by: Ihor Farion <ihor@umaproject.org> * use explicit import syntax (#1036) Signed-off-by: Ihor Farion <ihor@umaproject.org> * add security contact doc comments (#1037) Signed-off-by: Ihor Farion <ihor@umaproject.org> * [M-04] Insufficient Test Coverage (#1038) * add unhappy-path OFT tests cases for Universal Spoke / Adapter Signed-off-by: Ihor Farion <ihor@umaproject.org> * add arbitrum adapter / spoke tests Signed-off-by: Ihor Farion <ihor@umaproject.org> * fork test checkpoint Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * [M-02] Compromised Messengers Cannot Be Removed (#1034) * always allow a zero oft messenger to be set in SpokePool Signed-off-by: Ihor Farion <ihor@umaproject.org> * add forge test for SpokePool.removeMessenger functonality Signed-off-by: Ihor Farion <ihor@umaproject.org> * add Arbitrum spoke test and remove extraneous .only Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * update __gap comment (#1039) Signed-off-by: Ihor Farion <ihor@umaproject.org> * add missing docstrings Signed-off-by: Ihor Farion <ihor@umaproject.org> * restrict function visibility (#1041) Signed-off-by: Ihor Farion <ihor@umaproject.org> * [N-08] Missing Named Parameters in Mappings (#1040) * add named mapping params to AdapterStore Signed-off-by: Ihor Farion <ihor@umaproject.org> * update to popular versions of prettier and prettier-plugin-solidity Signed-off-by: Ihor Farion <ihor@umaproject.org> * bump SpokePool solidity version + add named params to oftMessengers mapping Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * bump solhint to solhint@^3.6.2 to align with master Signed-off-by: Ihor Farion <ihor@umaproject.org> * more updates to package.json from master Signed-off-by: Ihor Farion <ihor@umaproject.org> * revert last 2 commits Signed-off-by: Ihor Farion <ihor@umaproject.org> * reconcile packages with master Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> Signed-off-by: Bennett <bennett@umaproject.org> Signed-off-by: bennett <bennett@umaproject.org> Signed-off-by: nicholaspai <npai.nyc@gmail.com> Co-authored-by: nicholaspai <9457025+nicholaspai@users.noreply.github.com> Co-authored-by: nicholaspai <npai.nyc@gmail.com> Co-authored-by: bmzig <57361391+bmzig@users.noreply.github.com> Co-authored-by: Bennett <bennett@umaproject.org> Co-authored-by: Dong-Ha Kim <dongha.kim210@gmail.com> Co-authored-by: Matt Rice <matthewcrice32@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note: added a part of suggested change: IOFT validation on AdapterStore.sol side
In the SpokePool contract, there is no standard way of checking whether a contract supports specific interfaces or features. In particular, when adding a messenger, the single check being performed is whether the input address matches its token function against the one passed. As the token function is pretty common in a diverse set of contracts, a contract could be mistakenly passed that implements a token function and retrieves the particular token, but is not an IOFT type of contract. In such a scenario, the assignment will pass but will result in unexpected situations.
In the Ethereum ecosystem, more thorough validation can be accomplished if a contract is compliant with EIP-165. An interface is a collection of functions that define a set of behaviors. By implementing a standard, contracts can expose a function to query whether they support specific interfaces, making it easier for other contracts to understand their capabilities. Since messengers might be upgraded and new functionality can be added to existing contracts, this standardization would also allow new versions to ensure backward compatibility.
Furthermore, the IOFT interface does define the interface ID, which could be used to complement such validation when setting the messengers. Also, note that in the AdapterStore contract, the messengers added through any of the functions are not being checked as they are in the SpokePool contract.
Consider defining and implementing a standard interface detection mechanism in modules that interact with external contracts to improve their overall usability, safety, and efficiency by providing a consistent way for contracts to query and identify the features they support. Moreover, consider performing the same verification in the AdapterStore contract to be consistent with the messengers' additions.