Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(contracts): InterchainAccountRouter minor audit remediation #4581

Merged
merged 6 commits into from
Oct 29, 2024
Merged

fix(contracts): InterchainAccountRouter minor audit remediation #4581

merged 6 commits into from
Oct 29, 2024

Conversation

aroralanuk
Copy link
Contributor

@aroralanuk aroralanuk commented Sep 27, 2024
edited
Loading

Description

  • disabled the ICARouter's ability to change hook given that the user doesn't expect the hook to change after they deploy their ICA account. Hook is not part of the derivation like ism on the destination chain and hence, cannot be configured custom by the user.

Drive-by changes

  • MailboxClient events for hook and ism setting
  • ProtocolFee events for setting beneficiary and owner

Related issues

Backward compatibility

No

Testing

Unit tests

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Sep 27, 2024
edited
Loading

🦋 Changeset detected

Latest commit: 495f7eb

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages
Name Type
@hyperlane-xyz/core Minor
@hyperlane-xyz/helloworld Patch
@hyperlane-xyz/sdk Patch
@hyperlane-xyz/infra Patch
@hyperlane-xyz/cli Patch
@hyperlane-xyz/widgets Patch
@hyperlane-xyz/ccip-server Patch
@hyperlane-xyz/github-proxy Patch
@hyperlane-xyz/utils Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@codecov Codecov
Copy link

codecov bot commented Sep 27, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.78%. Comparing base (7f3e066) to head (495f7eb).
Report is 32 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4581      +/-   ##
==========================================
+ Coverage   73.74%   73.78%   +0.03%     
==========================================
  Files         100      100              
  Lines        1436     1442       +6     
  Branches      187      187              
==========================================
+ Hits         1059     1064       +5     
- Misses        356      357       +1     
  Partials       21       21
Components Coverage Δ
core 84.61% <ø> (ø)
hooks 76.41% <100.00%> (+0.70%) ⬆️
isms 77.58% <ø> (ø)
token 88.75% <ø> (ø)
middlewares 77.58% <100.00%> (+0.19%) ⬆️

yorhodes
yorhodes approved these changes Oct 1, 2024
View reviewed changes
Copy link
Member

@yorhodes yorhodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my mental model for events is to surface data that is cumulative/not a constant time view call
dont feel strongly but this seems superfluous
I dont think we will ever build an indexer for these?

solidity/contracts/middleware/InterchainAccountRouter.sol Show resolved Hide resolved
@aroralanuk
Copy link
Contributor Author

my mental model for events is to surface data that is cumulative/not a constant time view call dont feel strongly but this seems superfluous I dont think we will ever build an indexer for these?

is hookset not something we can use in the validator if say the merkle hook gets updated in the future?

yorhodes
yorhodes requested changes Oct 9, 2024
View reviewed changes
Copy link
Member

@yorhodes yorhodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all lgtm except the only initializing change, please revert

solidity/contracts/middleware/InterchainAccountRouter.sol Outdated Show resolved Hide resolved
solidity/contracts/middleware/InterchainAccountRouter.sol Show resolved Hide resolved
@aroralanuk aroralanuk requested a review from yorhodes October 23, 2024 19:45
@aroralanuk
docs(changeset): disabled the ICARouter's ability to change hook give…
495f7eb 
…n that the user doesn't expect the hook to change after they deploy their ICA account. Hook is not part of the derivation like ism on the destination chain and hence, cannot be configured custom by the user.
@aroralanuk aroralanuk enabled auto-merge October 29, 2024 10:43
@aroralanuk aroralanuk added this pull request to the merge queue Oct 29, 2024
Merged via the queue into main with commit 0640f83 Oct 29, 2024
36 checks passed
@aroralanuk aroralanuk deleted the kunal/ica-router-audit-minor branch October 29, 2024 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yorhodes yorhodes yorhodes approved these changes

@tkporter tkporter Awaiting requested review from tkporter tkporter is a code owner

@ltyu ltyu Awaiting requested review from ltyu ltyu is a code owner

Assignees
No one assigned
Labels
None yet
Projects
Hyperlane Tasks
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@aroralanuk @yorhodes