Merged
Conversation
Agusx1211
added a commit
that referenced
this pull request
Feb 11, 2026
* initial commit v1.5 * simplify repo * dependencies * initial implementation * add self requires * Update openzeppelin-contracts submodule to latest commit 78eb160 * Add replaceBytes and fixes * hydrate * Unify tools * Delete gitkeep * Add hydrate tx.origin * Add SequenceDelegate * forge fmt * Natively handle delegatecall * Comments and cleanup * Fix to message sender and tx origin * Add receive * Per call hydrate * Add 1.5 tests * forge lint * Delete makefile * Update README * Separate sweep * Rename SharedProxy -> HydrateProxy * Allow nested delegate calls * Sweeping native is optional * Delegate call to anything on TrailsUtils * Remove v1 docs * Fix delegate test * Add sweep event * Consistent docstring * Reorder hydrateAndSweep * Allow nochainid * forge fmt * Delete TrailsValidator script * forge fmt * Fix sweep tests * Add approvals to hydrate * Separate hydrate type and data flag * Add repeat-section to malleable sapient (#88) * Add repeat-section to malleable sapient * repeat-section failure tests * consistent docs and func * Repeat section encoding includes size * Correct repeat section doc * Pin foundry version * Docs update * Remove TrailsValidator * Quantstamp finding updates (#90) * Simplify tests * SEQ-3 Add 721 owner to RequireUtils * Add bal/allow require functions * RequireUtils update terminology * S-3 Update README re delegatecall context * S-4 Remove unchecked * S-4 Unused deps * Fix comment typo on require utils --------- Co-authored-by: agusx1211 <aaguilar@polygon.technology> * Tidy gitignore * v1.5 Audits --------- Co-authored-by: Agusx1211 <agusgit@pm.me> Co-authored-by: agusx1211 <aa@horizon.io> Co-authored-by: agusx1211 <aaguilar@polygon.technology>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR addresses findings observed by Quantstamp during the TrailsUtils audit.
SEQ-3:
RequireUtilsandTrailsValidatorERC721 Approval Checks Do Not Validate Token OwnershipAdded
requireERC721OwnerandrequireERC721OwnerSelffunctions.Added combined bal/allow functions e.g.
requireMinERC20BalanceAllowancefor ERC20/721/1155 as this will likely be a common pattern.S-3: README delegatecall surface statement is misleading relative to actual execution behavior
Updated README.
S-4: Unnecessary
uncheckedblocksRemoved unchecked blocks
S-4: Unused
CalldataDecodedependencyRemoved unused dep
Other
This includes some simplifications to the
RequireUtilstests.Not included