Reimplement OutboundQueue pallet

.github/workflows/ethereum.yml

@@ -39,7 +39,7 @@ jobs:
         run: forge test
       - name: Coverage
         working-directory: core/packages/contracts
-        run: forge coverage --report=lcov
+        run: forge coverage --report=lcov --via-ir
       - name: Lint
         working-directory: core/packages/contracts
         run: pnpm lint
@@ -48,4 +48,3 @@ jobs:
         with:
           working-directory: core/packages/contracts
           files: lcov.info
-

core/packages/contracts/.gitignore

@@ -9,10 +9,10 @@ artifacts/
 coverage.json
 coverage/
 .vscode/
-deployments/
 out/
 cache/
 broadcast/
 types/
 tsconfig.tsbuildinfo
 lcov.info
+tenderly.yaml

core/packages/contracts/.solhint.json

@@ -1,7 +1,7 @@
 {
   "extends": "solhint:recommended",
   "rules": {
-    "compiler-version": ["error", "0.8.19"],
+    "compiler-version": ["error", "0.8.20"],
     "func-visibility": ["warn", {"ignoreConstructors":true}],
     "not-rely-on-time": "off",
     "avoid-low-level-calls": "off",

core/packages/contracts/foundry.toml

@@ -1,12 +1,12 @@
 [profile.default]
-solc_version = '0.8.19'
+solc_version = "0.8.20"
 optimizer = true
 optimizer_runs = 20_000
 via_ir = true
 test = 'test'
 ffi = true
 
 ignored_error_codes = [
-    # prevrandao not supported by Anvil VM
-    9432
+    # DeployScript.sol is never deployed
+    5574
 ]

core/packages/contracts/scripts/helpers.ts

@@ -67,7 +67,7 @@ class ValidatorSet {
         let leaves = wallets.map((w) => keccakFromHexString(w.address))
         let tree = new MerkleTree(leaves, keccak, {
             sortLeaves: false,
-            sortPairs: true,
+            sortPairs: false,
         })
 
         this.wallets = wallets

core/packages/contracts/src/Auth.sol

@@ -0,0 +1,14 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
+pragma solidity 0.8.20;
+
+import {AccessControl} from "openzeppelin/access/AccessControl.sol";
+
+contract Auth is AccessControl {
+    bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");
+
+    constructor() {
+        _grantRole(ADMIN_ROLE, msg.sender);
+        _setRoleAdmin(ADMIN_ROLE, ADMIN_ROLE);
+    }
+}

core/packages/contracts/src/BeefyClient.sol

@@ -1,9 +1,10 @@
 // SPDX-License-Identifier: Apache-2.0
-pragma solidity ^0.8.19;
+// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
+pragma solidity 0.8.20;
 
 import {ECDSA} from "openzeppelin/utils/cryptography/ECDSA.sol";
 import {Ownable} from "openzeppelin/access/Ownable.sol";
-import {MerkleProof} from "openzeppelin/utils/cryptography/MerkleProof.sol";
+import {MerkleProof} from "./utils/MerkleProof.sol";
 import {Bitfield} from "./utils/Bitfield.sol";
 import {MMRProof} from "./utils/MMRProof.sol";
 import {ScaleCodec} from "./ScaleCodec.sol";
@@ -441,10 +442,7 @@ contract BeefyClient is Ownable {
             }
 
             // Check that validator is actually in a validator set
-            //
-            // NOTE: This currently insecure due to a regression documented in SNO-427.
-            // Basically `proof.index` (the merkle leaf index) is not being validated.
-            if (!isValidatorInSet(vset, proof.account, proof.proof)) {
+            if (!isValidatorInSet(vset, proof.account, proof.index, proof.proof)) {
                 revert InvalidValidatorProof();
             }
 
@@ -498,13 +496,13 @@ contract BeefyClient is Ownable {
      * @param proof Merkle proof required for validation of the address
      * @return true if the validator is in the set
      */
-    function isValidatorInSet(ValidatorSet memory vset, address addr, bytes32[] calldata proof)
+    function isValidatorInSet(ValidatorSet memory vset, address addr, uint256 index, bytes32[] calldata proof)
         internal
         pure
         returns (bool)
     {
         bytes32 hashedLeaf = keccak256(abi.encodePacked(addr));
-        return MerkleProof.verify(proof, vset.root, hashedLeaf);
+        return MerkleProof.verify(vset.root, hashedLeaf, index, vset.length, proof);
     }
 
     /**

core/packages/contracts/src/DeployScript.sol

@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
-pragma solidity ^0.8.19;
+// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
+pragma solidity 0.8.20;
 
 import {WETH9} from "canonical-weth/WETH9.sol";
 import {Script} from "forge-std/Script.sol";
@@ -11,55 +12,77 @@ import {OutboundQueue} from "../src/OutboundQueue.sol";
 import {NativeTokens} from "../src/NativeTokens.sol";
 import {TokenVault} from "../src/TokenVault.sol";
 import {Vault} from "../src/Vault.sol";
-import {IVault} from "../src/IVault.sol";
 import {UpgradeProxy} from "../src/UpgradeProxy.sol";
 import {SovereignTreasury} from "../src/SovereignTreasury.sol";
+import {Registry} from "../src/Registry.sol";
 import {ParaID} from "../src/Types.sol";
 
 contract DeployScript is Script {
+    Registry public registry;
+    Vault public vault;
+    BeefyClient public beefyClient;
+    ParachainClient public parachainClient;
+    InboundQueue public inboundQueue;
+    OutboundQueue public outboundQueue;
+    TokenVault public tokenVault;
+    NativeTokens public nativeTokens;
+    UpgradeProxy public upgradeProxy;
+
     function setUp() public {}
 
     function run() public {
         uint256 privateKey = vm.envUint("PRIVATE_KEY");
         address deployer = vm.rememberKey(privateKey);
         vm.startBroadcast(deployer);
 
+        // Registry
+        registry = new Registry();
+        registry.grantRole(registry.REGISTER_ROLE(), deployer);
+
+        // Vault
+        vault = new Vault();
+
         // SovereignTreasury
-        Vault vault = new Vault();
-        SovereignTreasury treasury = new SovereignTreasury(vault);
+        SovereignTreasury treasury = new SovereignTreasury(registry, vault);
+        registry.registerContract(keccak256("SovereignTreasury"), address(treasury));
 
         // BeefyClient
         uint256 randaoCommitDelay = vm.envUint("RANDAO_COMMIT_DELAY");
         uint256 randaoCommitExpiration = vm.envUint("RANDAO_COMMIT_EXP");
-        BeefyClient beefyClient = new BeefyClient(randaoCommitDelay, randaoCommitExpiration);
+        beefyClient = new BeefyClient(randaoCommitDelay, randaoCommitExpiration);
 
         // ParachainClient
         uint32 paraId = uint32(vm.envUint("BRIDGE_HUB_PARAID"));
-        ParachainClient parachainClient = new ParachainClient(beefyClient, paraId);
+        parachainClient = new ParachainClient(beefyClient, paraId);
 
         // InboundQueue
         uint256 relayerReward = vm.envUint("RELAYER_REWARD");
-        InboundQueue inboundQueue = new InboundQueue(parachainClient, vault, relayerReward);
+        inboundQueue = new InboundQueue(registry, parachainClient, vault, relayerReward);
+        registry.registerContract(keccak256("InboundQueue"), address(inboundQueue));
 
         // OutboundQueue
         uint256 relayerFee = vm.envUint("RELAYER_FEE");
-        OutboundQueue outboundQueue = new OutboundQueue(vault, relayerFee);
+        outboundQueue = new OutboundQueue(registry, vault, relayerFee);
+        registry.registerContract(keccak256("OutboundQueue"), address(outboundQueue));
 
         // NativeTokens
-        TokenVault tokenVault = new TokenVault();
-        NativeTokens nativeTokens = new NativeTokens(
+        tokenVault = new TokenVault();
+        nativeTokens = new NativeTokens(
+            registry,
             tokenVault,
-            outboundQueue,
             ParaID.wrap(uint32(vm.envUint("ASSET_HUB_PARAID"))),
-            vm.envUint("CREATE_TOKEN_FEE")
+            vm.envUint("CREATE_TOKEN_FEE"),
+            bytes2(vm.envBytes("CREATE_CALL_INDEX")),
+            bytes2(vm.envBytes("SET_METADATA_CALL_INDEX"))
         );
-        inboundQueue.updateHandler(1, IRecipient(nativeTokens));
+        registry.registerContract(keccak256("NativeTokens"), address(nativeTokens));
 
         // Deploy WETH for testing
         new WETH9();
 
-        // Upgrades
-        UpgradeProxy upgradeProxy = new UpgradeProxy(ParaID.wrap(paraId));
+        // UpgradeProxy
+        upgradeProxy = new UpgradeProxy(registry, ParaID.wrap(paraId));
+        registry.registerContract(keccak256("UpgradeProxy"), address(upgradeProxy));
 
         // Allow inbound queue to send messages to handlers
         nativeTokens.grantRole(nativeTokens.SENDER_ROLE(), address(inboundQueue));
@@ -82,24 +105,32 @@ contract DeployScript is Script {
         // Move ownership of everything to Upgrades app
 
         treasury.grantRole(treasury.ADMIN_ROLE(), address(upgradeProxy));
-        treasury.revokeRole(treasury.ADMIN_ROLE(), address(this));
+        treasury.revokeRole(treasury.ADMIN_ROLE(), deployer);
 
         nativeTokens.grantRole(nativeTokens.ADMIN_ROLE(), address(upgradeProxy));
-        nativeTokens.revokeRole(nativeTokens.ADMIN_ROLE(), address(this));
+        nativeTokens.revokeRole(nativeTokens.ADMIN_ROLE(), deployer);
 
         vault.grantRole(vault.ADMIN_ROLE(), address(upgradeProxy));
-        vault.revokeRole(vault.ADMIN_ROLE(), address(this));
+        vault.revokeRole(vault.ADMIN_ROLE(), deployer);
 
         tokenVault.grantRole(tokenVault.ADMIN_ROLE(), address(upgradeProxy));
-        tokenVault.revokeRole(tokenVault.ADMIN_ROLE(), address(this));
+        tokenVault.revokeRole(tokenVault.ADMIN_ROLE(), deployer);
 
         inboundQueue.grantRole(inboundQueue.ADMIN_ROLE(), address(upgradeProxy));
-        inboundQueue.revokeRole(inboundQueue.ADMIN_ROLE(), address(this));
+        inboundQueue.revokeRole(inboundQueue.ADMIN_ROLE(), deployer);
 
         outboundQueue.grantRole(outboundQueue.ADMIN_ROLE(), address(upgradeProxy));
-        outboundQueue.revokeRole(outboundQueue.ADMIN_ROLE(), address(this));
+        outboundQueue.revokeRole(outboundQueue.ADMIN_ROLE(), deployer);
+
+        registry.grantRole(outboundQueue.ADMIN_ROLE(), address(upgradeProxy));
+        registry.revokeRole(outboundQueue.ADMIN_ROLE(), deployer);
+
+        upgradeProxy.revokeRole(upgradeProxy.ADMIN_ROLE(), deployer);
 
-        upgradeProxy.revokeRole(upgradeProxy.ADMIN_ROLE(), address(this));
+        // Fund the sovereign account for the BridgeHub parachain. Used to reward relayers
+        // of messages originating from BridgeHub
+        uint256 initialDeposit = vm.envUint("BRIDGE_HUB_INITIAL_DEPOSIT");
+        vault.deposit{value: initialDeposit}(ParaID.wrap(paraId));
 
         vm.stopBroadcast();
     }

core/packages/contracts/src/Gateway.sol

@@ -0,0 +1,36 @@
+// SPDX-License-Identifier: Apache-2.0
+// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
+pragma solidity 0.8.20;
+
+import {AccessControl} from "openzeppelin/access/AccessControl.sol";
+import {Registry} from "./Registry.sol";
+import {IOutboundQueue} from "./IOutboundQueue.sol";
+import {IRecipient} from "./IRecipient.sol";
+import {ParaID} from "./Types.sol";
+import {Auth} from "./Auth.sol";
+import {RegistryLookup} from "./RegistryLookup.sol";
+
+abstract contract Gateway is Auth, RegistryLookup, IRecipient {
+    bytes32 public constant SENDER_ROLE = keccak256("SENDER_ROLE");
+    bytes32 public constant OUTBOUND_QUEUE = keccak256("OutboundQueue");
+
+    /* Errors */
+
+    error Unauthorized();
+
+    constructor(Registry registry) RegistryLookup(registry) {
+        _setRoleAdmin(SENDER_ROLE, ADMIN_ROLE);
+    }
+
+    function handle(ParaID origin, bytes calldata message) external virtual;
+
+    function outboundQueue() internal view returns (IOutboundQueue) {
+        return IOutboundQueue(resolve(OUTBOUND_QUEUE));
+    }
+
+    function ensureOrigin(ParaID a, ParaID b) internal pure {
+        if (a != b) {
+            revert Unauthorized();
+        }
+    }
+}

core/packages/contracts/src/IOutboundQueue.sol

@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
-pragma solidity ^0.8.19;
+// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
+pragma solidity 0.8.20;
 
 import {ParaID} from "./Types.sol";
 

core/packages/contracts/src/IParachainClient.sol

@@ -1,9 +1,7 @@
 // SPDX-License-Identifier: Apache-2.0
-pragma solidity ^0.8.19;
+// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
+pragma solidity 0.8.20;
 
 interface IParachainClient {
-    function verifyCommitment(
-        bytes32 commitment,
-        bytes calldata opaqueProof
-    ) external view returns (bool);
+    function verifyCommitment(bytes32 commitment, bytes calldata opaqueProof) external view returns (bool);
 }

core/packages/contracts/src/IRecipient.sol

@@ -1,5 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
-pragma solidity ^0.8.19;
+// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
+pragma solidity 0.8.20;
 
 import {ParaID} from "./Types.sol";