feat(SpokePoolPeriphery): Support multiple exchanges #777
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently we can only initialize the periphery contract with a single exchange to swap with. This PR allows us to initialize it with multiple exchanges to swap with. Like before, these initial set of exchanges and function selectors cannot be changed post-initialization, which gives the user assurances.
bmzig
approved these changes
Nov 27, 2024
bmzig
reviewed
Nov 27, 2024
|
I just added some forge unit tests for:
|
nicholaspai
commented
Nov 27, 2024
nicholaspai
commented
Nov 27, 2024
nicholaspai
commented
Nov 27, 2024
Make user approve proxy contract so no one can use `exchange` + `routerCalldata` to steal their already approved funds via the `SpokePoolPeriphery`
bmzig
reviewed
Nov 29, 2024
nicholaspai
commented
Dec 1, 2024
bmzig
reviewed
Dec 2, 2024
bmzig
reviewed
Dec 2, 2024
bmzig
reviewed
Dec 6, 2024
* feat: add permit2 entrypoints to the periphery Signed-off-by: Bennett <[email protected]> * Update test/evm/foundry/local/SpokePoolPeriphery.t.sol * Update SpokePoolPeriphery.t.sol * move permit2 to proxy * fix permit2 Signed-off-by: bennett <[email protected]> * wip: swap arguments refactor Signed-off-by: bennett <[email protected]> * implement isValidSignature Signed-off-by: bennett <[email protected]> * 1271 Signed-off-by: bennett <[email protected]> * simplify isValidSignature Signed-off-by: bennett <[email protected]> * rebase /programs on master Signed-off-by: nicholaspai <[email protected]> * clean up comments * rebase programs * fix: consolidate structs so that permit2 witnesses cover inputs Signed-off-by: bennett <[email protected]> * begin permit2 unit tests Signed-off-by: bennett <[email protected]> * rebase * Update SpokePoolPeriphery.t.sol * move type definitions to interface Signed-off-by: bennett <[email protected]> * fix permit2 test Signed-off-by: bennett <[email protected]> * transfer type tests Signed-off-by: bennett <[email protected]> * rename EIP1271Signature to Permi2Approval Signed-off-by: bennett <[email protected]> --------- Signed-off-by: Bennett <[email protected]> Signed-off-by: bennett <[email protected]> Signed-off-by: nicholaspai <[email protected]> Co-authored-by: nicholaspai <[email protected]> Co-authored-by: nicholaspai <[email protected]>
bmzig
reviewed
Dec 17, 2024
bmzig
previously approved these changes
Dec 17, 2024
* feat: add permit2 entrypoints to the periphery Signed-off-by: Bennett <[email protected]> * Update test/evm/foundry/local/SpokePoolPeriphery.t.sol * Update SpokePoolPeriphery.t.sol * move permit2 to proxy * fix permit2 Signed-off-by: bennett <[email protected]> * wip: swap arguments refactor Signed-off-by: bennett <[email protected]> * implement isValidSignature Signed-off-by: bennett <[email protected]> * 1271 Signed-off-by: bennett <[email protected]> * simplify isValidSignature Signed-off-by: bennett <[email protected]> * rebase /programs on master Signed-off-by: nicholaspai <[email protected]> * clean up comments * rebase programs * feat: sponsored swap and deposits Signed-off-by: bennett <[email protected]> * fix: consolidate structs so that permit2 witnesses cover inputs Signed-off-by: bennett <[email protected]> * begin permit2 unit tests Signed-off-by: bennett <[email protected]> * rebase * Update SpokePoolPeriphery.t.sol * move type definitions to interface Signed-off-by: bennett <[email protected]> * fix permit2 test Signed-off-by: bennett <[email protected]> * transfer type tests Signed-off-by: bennett <[email protected]> * rename EIP1271Signature to Permi2Approval Signed-off-by: bennett <[email protected]> * add mockERC20 which implements permit/receiveWithAuthorization Signed-off-by: bennett <[email protected]> * add tests for permit, permit2, and receiveWithAuth swaps/deposits Signed-off-by: bennett <[email protected]> * add tests for invalid witnesses Signed-off-by: bennett <[email protected]> * factor out signature checking Signed-off-by: bennett <[email protected]> --------- Signed-off-by: Bennett <[email protected]> Signed-off-by: bennett <[email protected]> Signed-off-by: nicholaspai <[email protected]> Co-authored-by: nicholaspai <[email protected]> Co-authored-by: nicholaspai <[email protected]>
) * feat: add permit2 entrypoints to the periphery Signed-off-by: Bennett <[email protected]> * Update test/evm/foundry/local/SpokePoolPeriphery.t.sol * Update SpokePoolPeriphery.t.sol * move permit2 to proxy * fix permit2 Signed-off-by: bennett <[email protected]> * wip: swap arguments refactor Signed-off-by: bennett <[email protected]> * implement isValidSignature Signed-off-by: bennett <[email protected]> * 1271 Signed-off-by: bennett <[email protected]> * simplify isValidSignature Signed-off-by: bennett <[email protected]> * rebase /programs on master Signed-off-by: nicholaspai <[email protected]> * clean up comments * rebase programs * feat: sponsored swap and deposits Signed-off-by: bennett <[email protected]> * fix: consolidate structs so that permit2 witnesses cover inputs Signed-off-by: bennett <[email protected]> * begin permit2 unit tests Signed-off-by: bennett <[email protected]> * rebase * Update SpokePoolPeriphery.t.sol * move type definitions to interface Signed-off-by: bennett <[email protected]> * fix permit2 test Signed-off-by: bennett <[email protected]> * transfer type tests Signed-off-by: bennett <[email protected]> * rename EIP1271Signature to Permi2Approval Signed-off-by: bennett <[email protected]> * add mockERC20 which implements permit/receiveWithAuthorization Signed-off-by: bennett <[email protected]> * add tests for permit, permit2, and receiveWithAuth swaps/deposits Signed-off-by: bennett <[email protected]> * add tests for invalid witnesses Signed-off-by: bennett <[email protected]> * feat: Delete SwapAndBridge and add submission fees to gasless flow SwapAndBridge is to be replaced with SpokePoolV3Periphery Gasless flows will require user to cover gas cost of whoever submits the transaction, but they can be set to 0 if the user wants to submit themselves. * Internal refactor * Update SpokePoolV3Periphery.sol * Update PeripherySigningLib.sol * Update SpokePoolV3Periphery.sol * Update PeripherySigningLib.sol --------- Signed-off-by: Bennett <[email protected]> Signed-off-by: bennett <[email protected]> Signed-off-by: nicholaspai <[email protected]> Co-authored-by: Bennett <[email protected]>
Does this function exist anymore? |
dohaki
reviewed
Dec 24, 2024
contracts/SpokePoolV3Periphery.sol
Outdated
| @@ -155,7 +230,7 @@ contract SpokePoolV3Periphery is Lockable, MultiCaller { | |||
| uint32 fillDeadline, | |||
| uint32 exclusivityParameter, | |||
| bytes memory message | |||
| ) external payable nonReentrant { | |||
There was a problem hiding this comment.
Not directly related to this specific diff, but is there a reason why you can not specify an explicit outputToken here?
There was a problem hiding this comment.
This is a copy/paste of the spoke pool verifier deposit function, so we just assume that this is only being used with the native token,
dohaki
reviewed
Dec 24, 2024
Signed-off-by: bennett <[email protected]>
…ub.com/across-protocol/contracts into spokepool-periphery-multiple-exchanges
|
I think we need to re-review this PR given the possibility of merge conflicts since it was last "finalized" Last state of repo pre the large merge with master: https://github.com/across-protocol/contracts/tree/c1f618173eace1dd03ea2a80124c07264e473840 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently we can only initialize the periphery contract with a single exchange to swap with. This PR allows us to initialize it with multiple exchanges to swap with. Like before, these initial set of exchanges and function selectors cannot be changed post-initialization, which gives the user assurances.
This also adds a methodwhitelistExchangeswhich can update the whitelisted exchange list. This means that the contract is nowOwnableand bothinitializeandwhitelistExchangesare markedonlyOwner. This means that users need to trust the owner of the contract now, and the worst thing that the owner can do is whitelist a malicious exchange. The caller of theswapXfunctions would still need to knowingly sign off onrouterCalldatathat would target this malicious exchange, so the user still retains controlI don't think we're going to make the contractOwnableand let the owner update the whitelisted exchange list post-deployment, but if we want to we can revert this commit. The reasoning is to give better assurances to the user about the contract's expected behavior.This PR removes the whitelist of exchanges that can be called by the SpokePoolPeriphery, which was useful for protecting the caller from
approve-ing the SpokePoolPeriphery contract and leaving an approval that could be stolen by another user who could direct the SpokePoolPeriphery totransferFromthe user who left their approval hanging. The reasoning for removing the whitelist is so that multiple exchanges can be used by the caller. In order to keep protecting the user from this "approval abuse", we add a new "Proxy" contract that should be used by the caller to call functions likeSpokePoolPeriphery.swapAndBridgethat require approvals. Now the user only approves the proxy contract which can only be used to callSpokePoolPeriphery.swapAndBridgerather than execute any arbitrary calldata.