C4 S-426 Fee parameter validation (#77)

ScreamingHawk · web-flow · commit 3d2de4786282 · 2025-11-26T14:00:25.000-05:00
* Fee parameter validation

* Update snapshot
diff --git a/.gas-snapshot b/.gas-snapshot
@@ -6,48 +6,52 @@ DelegatecallGuardTest:test_direct_call_reverts_NotDelegateCall() (gas: 8420)
 DelegatecallGuardTest:test_multiple_delegatecall_guards() (gas: 298825)
 DelegatecallGuardTest:test_onlyDelegatecall_modifier_usage() (gas: 98867)
 DelegatecallGuardTest:test_self_address_immutable() (gas: 2877)
-TrailsIntentEntrypointDeploymentTest:test_DeployIntentEntrypoint_SameAddress() (gas: 833102)
-TrailsIntentEntrypointDeploymentTest:test_DeployIntentEntrypoint_Success() (gas: 825615)
-TrailsIntentEntrypointDeploymentTest:test_DeployedIntentEntrypoint_HasCorrectConfiguration() (gas: 828414)
-TrailsIntentEntrypointTest:testAssemblyCodeExecution() (gas: 89250)
-TrailsIntentEntrypointTest:testConstructor() (gas: 3309)
-TrailsIntentEntrypointTest:testConstructorAndDomainSeparator() (gas: 7706)
-TrailsIntentEntrypointTest:testDepositToIntentAlreadyUsed() (gas: 114117)
-TrailsIntentEntrypointTest:testDepositToIntentCannotReuseDigest() (gas: 94779)
-TrailsIntentEntrypointTest:testDepositToIntentExpiredDeadline() (gas: 56051)
-TrailsIntentEntrypointTest:testDepositToIntentReentrancyProtection() (gas: 114095)
-TrailsIntentEntrypointTest:testDepositToIntentRequiresNonZeroAmount() (gas: 27393)
-TrailsIntentEntrypointTest:testDepositToIntentRequiresValidToken() (gas: 30776)
-TrailsIntentEntrypointTest:testDepositToIntentTransferFromFails() (gas: 58409)
-TrailsIntentEntrypointTest:testDepositToIntentWithPermitAlreadyUsed() (gas: 132684)
-TrailsIntentEntrypointTest:testDepositToIntentWithPermitExpiredDeadline() (gas: 36472)
-TrailsIntentEntrypointTest:testDepositToIntentWithPermitReentrancyProtection() (gas: 124106)
-TrailsIntentEntrypointTest:testDepositToIntentWithPermitRequiresNonZeroAmount() (gas: 35186)
-TrailsIntentEntrypointTest:testDepositToIntentWithPermitRequiresPermitAmount() (gas: 60755)
-TrailsIntentEntrypointTest:testDepositToIntentWithPermitRequiresValidToken() (gas: 35912)
-TrailsIntentEntrypointTest:testDepositToIntentWithPermitTransferFromFails() (gas: 59984)
-TrailsIntentEntrypointTest:testDepositToIntentWithPermitWrongSigner() (gas: 40463)
-TrailsIntentEntrypointTest:testDepositToIntentWithoutPermit_RequiresIntentAddress() (gas: 31463)
-TrailsIntentEntrypointTest:testDepositToIntentWrongSigner() (gas: 57297)
-TrailsIntentEntrypointTest:testDepositToIntent_WithNonStandardERC20AndFee_Success() (gas: 809490)
-TrailsIntentEntrypointTest:testDepositToIntent_WithNonStandardERC20_InsufficientAllowance_Reverts() (gas: 772309)
-TrailsIntentEntrypointTest:testDepositToIntent_WithNonStandardERC20_InsufficientBalance_Reverts() (gas: 772246)
-TrailsIntentEntrypointTest:testDepositToIntent_WithNonStandardERC20_Success() (gas: 780354)
-TrailsIntentEntrypointTest:testExactApprovalFlow() (gas: 150357)
-TrailsIntentEntrypointTest:testExecuteIntentWithFee() (gas: 153584)
-TrailsIntentEntrypointTest:testExecuteIntentWithPermit() (gas: 123206)
-TrailsIntentEntrypointTest:testExecuteIntentWithPermitExpired() (gas: 36391)
-TrailsIntentEntrypointTest:testExecuteIntentWithPermitInvalidSignature() (gas: 37707)
-TrailsIntentEntrypointTest:testExecuteIntentWithPermit_permit_frontrun() (gas: 128090)
-TrailsIntentEntrypointTest:testFeeCollectorReceivesFees() (gas: 147736)
-TrailsIntentEntrypointTest:testFeeCollectorReceivesFeesWithoutPermit() (gas: 117408)
-TrailsIntentEntrypointTest:testInfiniteApprovalFlow() (gas: 144644)
-TrailsIntentEntrypointTest:testIntentTypehashConstant() (gas: 5685)
-TrailsIntentEntrypointTest:testInvalidNonceReverts() (gas: 54678)
-TrailsIntentEntrypointTest:testNonceIncrementsOnDeposit() (gas: 90429)
-TrailsIntentEntrypointTest:testPermitAmountExcessiveWithFee() (gas: 60548)
-TrailsIntentEntrypointTest:testPermitAmountInsufficientWithFee() (gas: 59580)
-TrailsIntentEntrypointTest:testVersionConstant() (gas: 10359)
+TrailsIntentEntrypointDeploymentTest:test_DeployIntentEntrypoint_SameAddress() (gas: 823979)
+TrailsIntentEntrypointDeploymentTest:test_DeployIntentEntrypoint_Success() (gas: 816517)
+TrailsIntentEntrypointDeploymentTest:test_DeployedIntentEntrypoint_HasCorrectConfiguration() (gas: 819316)
+TrailsIntentEntrypointTest:testAssemblyCodeExecution() (gas: 89389)
+TrailsIntentEntrypointTest:testConstructor() (gas: 3375)
+TrailsIntentEntrypointTest:testConstructorAndDomainSeparator() (gas: 7775)
+TrailsIntentEntrypointTest:testDepositToIntentAlreadyUsed() (gas: 114213)
+TrailsIntentEntrypointTest:testDepositToIntentCannotReuseDigest() (gas: 94919)
+TrailsIntentEntrypointTest:testDepositToIntentExpiredDeadline() (gas: 56099)
+TrailsIntentEntrypointTest:testDepositToIntentReentrancyProtection() (gas: 114191)
+TrailsIntentEntrypointTest:testDepositToIntentRequiresNonZeroAmount() (gas: 27419)
+TrailsIntentEntrypointTest:testDepositToIntentRequiresValidToken() (gas: 30824)
+TrailsIntentEntrypointTest:testDepositToIntentTransferFromFails() (gas: 58487)
+TrailsIntentEntrypointTest:testDepositToIntentWithFeeAmountButNoCollector_Reverts() (gas: 112145)
+TrailsIntentEntrypointTest:testDepositToIntentWithFeeCollectorButNoAmount_Reverts() (gas: 90113)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitAlreadyUsed() (gas: 132840)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitExpiredDeadline() (gas: 36541)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitReentrancyProtection() (gas: 124239)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitRequiresNonZeroAmount() (gas: 35255)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitRequiresPermitAmount() (gas: 60824)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitRequiresValidToken() (gas: 35981)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitTransferFromFails() (gas: 60031)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitWithFeeAmountButNoCollector_Reverts() (gas: 140717)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitWithFeeCollectorButNoAmount_Reverts() (gas: 120296)
+TrailsIntentEntrypointTest:testDepositToIntentWithPermitWrongSigner() (gas: 40532)
+TrailsIntentEntrypointTest:testDepositToIntentWithoutPermit_RequiresIntentAddress() (gas: 31533)
+TrailsIntentEntrypointTest:testDepositToIntentWrongSigner() (gas: 57349)
+TrailsIntentEntrypointTest:testDepositToIntent_WithNonStandardERC20AndFee_Success() (gas: 809616)
+TrailsIntentEntrypointTest:testDepositToIntent_WithNonStandardERC20_InsufficientAllowance_Reverts() (gas: 772365)
+TrailsIntentEntrypointTest:testDepositToIntent_WithNonStandardERC20_InsufficientBalance_Reverts() (gas: 772324)
+TrailsIntentEntrypointTest:testDepositToIntent_WithNonStandardERC20_Success() (gas: 780514)
+TrailsIntentEntrypointTest:testExactApprovalFlow() (gas: 150550)
+TrailsIntentEntrypointTest:testExecuteIntentWithFee() (gas: 153720)
+TrailsIntentEntrypointTest:testExecuteIntentWithPermit() (gas: 123362)
+TrailsIntentEntrypointTest:testExecuteIntentWithPermitExpired() (gas: 36460)
+TrailsIntentEntrypointTest:testExecuteIntentWithPermitInvalidSignature() (gas: 37754)
+TrailsIntentEntrypointTest:testExecuteIntentWithPermit_permit_frontrun() (gas: 128224)
+TrailsIntentEntrypointTest:testFeeCollectorReceivesFees() (gas: 147872)
+TrailsIntentEntrypointTest:testFeeCollectorReceivesFeesWithoutPermit() (gas: 117534)
+TrailsIntentEntrypointTest:testInfiniteApprovalFlow() (gas: 144843)
+TrailsIntentEntrypointTest:testIntentTypehashConstant() (gas: 5732)
+TrailsIntentEntrypointTest:testInvalidNonceReverts() (gas: 54704)
+TrailsIntentEntrypointTest:testNonceIncrementsOnDeposit() (gas: 90568)
+TrailsIntentEntrypointTest:testPermitAmountExcessiveWithFee() (gas: 60617)
+TrailsIntentEntrypointTest:testPermitAmountInsufficientWithFee() (gas: 59627)
+TrailsIntentEntrypointTest:testVersionConstant() (gas: 10428)
 TrailsRouterDeploymentTest:test_DeployTrailsRouter_SameAddress() (gas: 1856117)
 TrailsRouterDeploymentTest:test_DeployTrailsRouter_Success() (gas: 1846511)
 TrailsRouterDeploymentTest:test_DeployedRouter_HasCorrectConfiguration() (gas: 1846307)
diff --git a/src/TrailsIntentEntrypoint.sol b/src/TrailsIntentEntrypoint.sol
@@ -37,6 +37,7 @@ contract TrailsIntentEntrypoint is ReentrancyGuard, ITrailsIntentEntrypoint {
     error IntentExpired();
     error InvalidIntentSignature();
     error InvalidNonce();
+    error InvalidFeeParameters();
     error PermitAmountMismatch();
 
     // -------------------------------------------------------------------------
@@ -109,15 +110,7 @@ contract TrailsIntentEntrypoint is ReentrancyGuard, ITrailsIntentEntrypoint {
             // Permit may have been frontrun. Continue with transferFrom attempt.
         }
 
-        IERC20(token).safeTransferFrom(user, intentAddress, amount);
-
-        // Pay fee if specified (fee token is same as deposit token)
-        if (feeAmount > 0 && feeCollector != address(0)) {
-            IERC20(token).safeTransferFrom(user, feeCollector, feeAmount);
-            emit FeePaid(user, token, feeAmount, feeCollector);
-        }
-
-        emit IntentDeposit(user, intentAddress, amount);
+        _processDeposit(user, token, amount, intentAddress, feeAmount, feeCollector);
     }
 
     /// @inheritdoc ITrailsIntentEntrypoint
@@ -137,11 +130,27 @@ contract TrailsIntentEntrypoint is ReentrancyGuard, ITrailsIntentEntrypoint {
         _verifyAndMarkIntent(
             user, token, amount, intentAddress, deadline, nonce, feeAmount, feeCollector, sigV, sigR, sigS
         );
+        _processDeposit(user, token, amount, intentAddress, feeAmount, feeCollector);
+    }
 
+    function _processDeposit(
+        address user,
+        address token,
+        uint256 amount,
+        address intentAddress,
+        uint256 feeAmount,
+        address feeCollector
+    ) internal {
         IERC20(token).safeTransferFrom(user, intentAddress, amount);
 
         // Pay fee if specified (fee token is same as deposit token)
-        if (feeAmount > 0 && feeCollector != address(0)) {
+        bool feeAmountSupplied = feeAmount > 0;
+        bool feeCollectorSupplied = feeCollector != address(0);
+        if (feeAmountSupplied != feeCollectorSupplied) {
+            // Must supply both feeAmount and feeCollector, or neither
+            revert InvalidFeeParameters();
+        }
+        if (feeAmountSupplied && feeCollectorSupplied) {
             IERC20(token).safeTransferFrom(user, feeCollector, feeAmount);
             emit FeePaid(user, token, feeAmount, feeCollector);
         }
diff --git a/test/TrailsIntentEntrypoint.t.sol b/test/TrailsIntentEntrypoint.t.sol
@@ -2114,4 +2114,241 @@ contract TrailsIntentEntrypointTest is Test {
         bytes32 digest = keccak256(abi.encodePacked("\x19\x01", entrypoint.DOMAIN_SEPARATOR(), hash));
         return vm.sign(userPrivateKey, digest);
     }
+
+    // =========================================================================
+    // Fee Parameter Validation Tests
+    // =========================================================================
+
+    /**
+     * @notice Test that depositToIntent reverts when feeAmount is provided but feeCollector is not
+     * @dev Validates InvalidFeeParameters error when feeAmount > 0 but feeCollector == address(0)
+     */
+    function testDepositToIntentWithFeeAmountButNoCollector_Reverts() public {
+        vm.startPrank(user);
+
+        address intentAddress = address(0x5678);
+        uint256 amount = 50 * 10 ** token.decimals();
+        uint256 feeAmount = 5 * 10 ** token.decimals(); // Fee amount provided
+        uint256 deadline = block.timestamp + 3600;
+        uint256 nonce = entrypoint.nonces(user);
+
+        bytes32 intentHash = keccak256(
+            abi.encode(
+                entrypoint.TRAILS_INTENT_TYPEHASH(),
+                user,
+                address(token),
+                amount,
+                intentAddress,
+                deadline,
+                block.chainid,
+                nonce,
+                feeAmount,
+                address(0) // No fee collector
+            )
+        );
+
+        bytes32 digest = keccak256(abi.encodePacked("\x19\x01", entrypoint.DOMAIN_SEPARATOR(), intentHash));
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(userPrivateKey, digest);
+
+        token.approve(address(entrypoint), amount + feeAmount);
+
+        vm.expectRevert(TrailsIntentEntrypoint.InvalidFeeParameters.selector);
+        entrypoint.depositToIntent(
+            user, address(token), amount, intentAddress, deadline, nonce, feeAmount, address(0), v, r, s
+        );
+
+        vm.stopPrank();
+    }
+
+    /**
+     * @notice Test that depositToIntent reverts when feeCollector is provided but feeAmount is not
+     * @dev Validates InvalidFeeParameters error when feeAmount == 0 but feeCollector != address(0)
+     */
+    function testDepositToIntentWithFeeCollectorButNoAmount_Reverts() public {
+        vm.startPrank(user);
+
+        address intentAddress = address(0x5678);
+        address feeCollector = address(0x9999); // Fee collector provided
+        uint256 amount = 50 * 10 ** token.decimals();
+        uint256 feeAmount = 0; // No fee amount
+        uint256 deadline = block.timestamp + 3600;
+        uint256 nonce = entrypoint.nonces(user);
+
+        bytes32 intentHash = keccak256(
+            abi.encode(
+                entrypoint.TRAILS_INTENT_TYPEHASH(),
+                user,
+                address(token),
+                amount,
+                intentAddress,
+                deadline,
+                block.chainid,
+                nonce,
+                feeAmount,
+                feeCollector
+            )
+        );
+
+        bytes32 digest = keccak256(abi.encodePacked("\x19\x01", entrypoint.DOMAIN_SEPARATOR(), intentHash));
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(userPrivateKey, digest);
+
+        token.approve(address(entrypoint), amount);
+
+        vm.expectRevert(TrailsIntentEntrypoint.InvalidFeeParameters.selector);
+        entrypoint.depositToIntent(
+            user, address(token), amount, intentAddress, deadline, nonce, feeAmount, feeCollector, v, r, s
+        );
+
+        vm.stopPrank();
+    }
+
+    /**
+     * @notice Test that depositToIntentWithPermit reverts when feeAmount is provided but feeCollector is not
+     * @dev Validates InvalidFeeParameters error when feeAmount > 0 but feeCollector == address(0)
+     */
+    function testDepositToIntentWithPermitWithFeeAmountButNoCollector_Reverts() public {
+        vm.startPrank(user);
+
+        address intentAddress = address(0x5678);
+        uint256 amount = 50 * 10 ** token.decimals();
+        uint256 feeAmount = 5 * 10 ** token.decimals(); // Fee amount provided
+        uint256 totalAmount = amount + feeAmount;
+        uint256 deadline = block.timestamp + 3600;
+        uint256 nonce = entrypoint.nonces(user);
+
+        // Create permit signature for total amount (deposit + fee)
+        bytes32 permitHash = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                token.DOMAIN_SEPARATOR(),
+                keccak256(
+                    abi.encode(
+                        keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"),
+                        user,
+                        address(entrypoint),
+                        totalAmount,
+                        token.nonces(user),
+                        deadline
+                    )
+                )
+            )
+        );
+
+        (uint8 permitV, bytes32 permitR, bytes32 permitS) = vm.sign(userPrivateKey, permitHash);
+
+        // Create intent signature
+        bytes32 intentHash = keccak256(
+            abi.encode(
+                entrypoint.TRAILS_INTENT_TYPEHASH(),
+                user,
+                address(token),
+                amount,
+                intentAddress,
+                deadline,
+                block.chainid,
+                nonce,
+                feeAmount,
+                address(0) // No fee collector
+            )
+        );
+
+        bytes32 intentDigest = keccak256(abi.encodePacked("\x19\x01", entrypoint.DOMAIN_SEPARATOR(), intentHash));
+        (uint8 sigV, bytes32 sigR, bytes32 sigS) = vm.sign(userPrivateKey, intentDigest);
+
+        vm.expectRevert(TrailsIntentEntrypoint.InvalidFeeParameters.selector);
+        entrypoint.depositToIntentWithPermit(
+            user,
+            address(token),
+            amount,
+            totalAmount,
+            intentAddress,
+            deadline,
+            nonce,
+            feeAmount,
+            address(0), // No fee collector
+            permitV,
+            permitR,
+            permitS,
+            sigV,
+            sigR,
+            sigS
+        );
+
+        vm.stopPrank();
+    }
+
+    /**
+     * @notice Test that depositToIntentWithPermit reverts when feeCollector is provided but feeAmount is not
+     * @dev Validates InvalidFeeParameters error when feeAmount == 0 but feeCollector != address(0)
+     */
+    function testDepositToIntentWithPermitWithFeeCollectorButNoAmount_Reverts() public {
+        vm.startPrank(user);
+
+        address intentAddress = address(0x5678);
+        address feeCollector = address(0x9999); // Fee collector provided
+        uint256 amount = 50 * 10 ** token.decimals();
+        uint256 feeAmount = 0; // No fee amount
+        uint256 deadline = block.timestamp + 3600;
+        uint256 nonce = entrypoint.nonces(user);
+
+        // Create permit signature for just the amount (no fee)
+        bytes32 permitHash = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                token.DOMAIN_SEPARATOR(),
+                keccak256(
+                    abi.encode(
+                        keccak256("Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline)"),
+                        user,
+                        address(entrypoint),
+                        amount,
+                        token.nonces(user),
+                        deadline
+                    )
+                )
+            )
+        );
+
+        (uint8 permitV, bytes32 permitR, bytes32 permitS) = vm.sign(userPrivateKey, permitHash);
+
+        // Create intent signature
+        bytes32 intentHash = keccak256(
+            abi.encode(
+                entrypoint.TRAILS_INTENT_TYPEHASH(),
+                user,
+                address(token),
+                amount,
+                intentAddress,
+                deadline,
+                block.chainid,
+                nonce,
+                feeAmount,
+                feeCollector
+            )
+        );
+
+        bytes32 intentDigest = keccak256(abi.encodePacked("\x19\x01", entrypoint.DOMAIN_SEPARATOR(), intentHash));
+        (uint8 sigV, bytes32 sigR, bytes32 sigS) = vm.sign(userPrivateKey, intentDigest);
+
+        vm.expectRevert(TrailsIntentEntrypoint.InvalidFeeParameters.selector);
+        entrypoint.depositToIntentWithPermit(
+            user,
+            address(token),
+            amount,
+            amount,
+            intentAddress,
+            deadline,
+            nonce,
+            feeAmount,
+            feeCollector, // Fee collector provided with no fee amount
+            permitV,
+            permitR,
+            permitS,
+            sigV,
+            sigR,
+            sigS
+        );
+
+        vm.stopPrank();
+    }
 }
