Merge branch 'master' into fix/erc7930/reject-empty-reference-and-addresse

Author: Amxx

.changeset/bright-cooks-brush.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`RLP`: Perform a memory copy when decoding `bytes` objects containing a single byte instead of returning a reference to the input.

.changeset/happy-pants-decide.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': patch
+---
+
+Rename `BridgeERC20Core` to `BridgeFungible`

.changeset/spicy-seals-bake.md

@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': minor
+---
+
+`WebAuthn`: Verification now returns `false` instead of reverting when client data contains an out-of-bounds `challengeIndex`.

CHANGELOG.md

@@ -7,6 +7,7 @@
 - `ERC721` and `ERC1155`: Prevent setting an operator for `address(0)`. In the case of `ERC721` this type of operator allowance could lead to obfuscated mint permission. ([#6171](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/6171))
 - `RLP`: The `encode(bytes32)` function now encodes `bytes32` as a fixed size item and not as a scalar in `encode(uint256)`. Users must replace calls to `encode(bytes32)` with `encode(uint256(bytes32))` to preserve the same behavior. ([#6167](https://github.com/OpenZeppelin/openzeppelin-contracts/pull/6167))
 - `ERC4337Utils`: The `parseValidationData` now returns a `ValidationRange` as the last return tuple value indicating whether the `validationData` is compared against a timestamp or block number. Developers must update their code to handle this new return value (e.g. `(aggregator, validAfter, validUntil) -> (aggregator, validAfter, validUntil, range)`).
+- `SignerWebAuthn`: The `_rawSignatureValidation` function now returns `false` when the signature is not a valid WebAuthn authentication assertion. P256 fallback is removed. Developers can add it back by overriding the function.
 
 ## 5.5.0 (2025-10-31)
 

contracts/crosschain/CrosschainLinked.sol

@@ -12,7 +12,7 @@ import {ERC7786Recipient} from "./ERC7786Recipient.sol";
  *
  * This contract contains the logic to register and send messages to counterparts on remote chains using ERC-7786
  * gateways. It ensure received messages originate from a counterpart. This is the base of token bridges such as
- * {BridgeERC20Core}.
+ * {BridgeFungible}.
  *
  * Contracts that inherit from this contract can use the internal {_sendMessageToCounterpart} to send messages to their
  * counterpart on a foreign chain. They must override the {_processMessage} function to handle messages that have

contracts/crosschain/README.adoc

@@ -10,7 +10,7 @@ This directory contains contracts for sending and receiving cross chain messages
 
 Additionally there are multiple bridge constructions:
 
-* {BridgeERC20Core}: Core bridging logic for crosschain ERC-20 transfer. Used by {BridgeERC20}, {BridgeERC7802} and {ERC20Crosschain},
+* {BridgeFungible}: Core bridging logic for crosschain ERC-20 transfer. Used by {BridgeERC20}, {BridgeERC7802} and {ERC20Crosschain},
 * {BridgeERC20}: Standalone bridge contract to connect an ERC-20 token contract with counterparts on remote chains,
 * {BridgeERC7802}: Standalone bridge contract to connect an ERC-7802 token contract with counterparts on remote chains.
 
@@ -22,7 +22,7 @@ Additionally there are multiple bridge constructions:
 
 == Bridges
 
-{{BridgeERC20Core}}
+{{BridgeFungible}}
 
 {{BridgeERC20}}
 

contracts/crosschain/bridges/BridgeERC20.sol

@@ -3,14 +3,14 @@
 pragma solidity ^0.8.26;
 
 import {IERC20, SafeERC20} from "../../token/ERC20/utils/SafeERC20.sol";
-import {BridgeERC20Core} from "./BridgeERC20Core.sol";
+import {BridgeFungible} from "./abstract/BridgeFungible.sol";
 
 /**
- * @dev This is a variant of {BridgeERC20Core} that implements the bridge logic for ERC-20 tokens that do not expose a
+ * @dev This is a variant of {BridgeFungible} that implements the bridge logic for ERC-20 tokens that do not expose a
  * crosschain mint and burn mechanism. Instead, it takes custody of bridged assets.
  */
 // slither-disable-next-line locked-ether
-abstract contract BridgeERC20 is BridgeERC20Core {
+abstract contract BridgeERC20 is BridgeFungible {
     using SafeERC20 for IERC20;
 
     IERC20 private immutable _token;

contracts/crosschain/bridges/BridgeERC7802.sol

@@ -3,13 +3,13 @@
 pragma solidity ^0.8.26;
 
 import {IERC7802} from "../../interfaces/draft-IERC7802.sol";
-import {BridgeERC20Core} from "./BridgeERC20Core.sol";
+import {BridgeFungible} from "./abstract/BridgeFungible.sol";
 
 /**
- * @dev This is a variant of {BridgeERC20Core} that implements the bridge logic for ERC-7802 compliant tokens.
+ * @dev This is a variant of {BridgeFungible} that implements the bridge logic for ERC-7802 compliant tokens.
  */
 // slither-disable-next-line locked-ether
-abstract contract BridgeERC7802 is BridgeERC20Core {
+abstract contract BridgeERC7802 is BridgeFungible {
     IERC7802 private immutable _token;
 
     constructor(IERC7802 token_) {

…s/crosschain/bridges/BridgeERC20Core.sol …hain/bridges/abstract/BridgeFungible.solcontracts/crosschain/bridges/BridgeERC20Core.sol renamed to contracts/crosschain/bridges/abstract/BridgeFungible.sol contracts/crosschain/bridges/BridgeERC20Core.sol renamed to contracts/crosschain/bridges/abstract/BridgeFungible.sol

@@ -2,10 +2,10 @@
 
 pragma solidity ^0.8.26;
 
-import {InteroperableAddress} from "../../utils/draft-InteroperableAddress.sol";
-import {Context} from "../../utils/Context.sol";
-import {ERC7786Recipient} from "../ERC7786Recipient.sol";
-import {CrosschainLinked} from "../CrosschainLinked.sol";
+import {InteroperableAddress} from "../../../utils/draft-InteroperableAddress.sol";
+import {Context} from "../../../utils/Context.sol";
+import {ERC7786Recipient} from "../../ERC7786Recipient.sol";
+import {CrosschainLinked} from "../../CrosschainLinked.sol";
 
 /**
  * @dev Base contract for bridging ERC-20 between chains using an ERC-7786 gateway.
@@ -18,11 +18,11 @@ import {CrosschainLinked} from "../CrosschainLinked.sol";
  * which interface with ERC-7802 to provide an approve-free user experience. It is also used by the {ERC20Crosschain}
  * extension, which embeds the bridge logic directly in the token contract.
  */
-abstract contract BridgeERC20Core is Context, CrosschainLinked {
+abstract contract BridgeFungible is Context, CrosschainLinked {
     using InteroperableAddress for bytes;
 
-    event CrosschainERC20TransferSent(bytes32 indexed sendId, address indexed from, bytes to, uint256 amount);
-    event CrosschainERC20TransferReceived(bytes32 indexed receiveId, bytes from, address indexed to, uint256 amount);
+    event CrosschainFungibleTransferSent(bytes32 indexed sendId, address indexed from, bytes to, uint256 amount);
+    event CrosschainFungibleTransferReceived(bytes32 indexed receiveId, bytes from, address indexed to, uint256 amount);
 
     /**
      * @dev Transfer `amount` tokens to a crosschain receiver.
@@ -50,7 +50,7 @@ abstract contract BridgeERC20Core is Context, CrosschainLinked {
             new bytes[](0)
         );
 
-        emit CrosschainERC20TransferSent(sendId, from, to, amount);
+        emit CrosschainFungibleTransferSent(sendId, from, to, amount);
 
         return sendId;
     }
@@ -68,7 +68,7 @@ abstract contract BridgeERC20Core is Context, CrosschainLinked {
 
         _onReceive(to, amount);
 
-        emit CrosschainERC20TransferReceived(receiveId, from, to, amount);
+        emit CrosschainFungibleTransferReceived(receiveId, from, to, amount);
     }
 
     /// @dev Virtual function: implementation is required to handle token being burnt or locked on the source chain.

contracts/token/ERC20/README.adoc

@@ -19,7 +19,7 @@ Additionally there are multiple custom extensions, including:
 * {ERC20Bridgeable}: compatibility with crosschain bridges through ERC-7802.
 * {ERC20Burnable}: destruction of own tokens.
 * {ERC20Capped}: enforcement of a cap to the total supply when minting tokens.
-* {ERC20Crosschain}: embedded {BridgeERC20Core} bridge, making the token crosschain through the use of ERC-7786 gateways.
+* {ERC20Crosschain}: embedded {BridgeFungible} bridge, making the token crosschain through the use of ERC-7786 gateways.
 * {ERC20Pausable}: ability to pause token transfers.
 * {ERC20FlashMint}: token level support for flash loans through the minting and burning of ephemeral tokens (standardized as ERC-3156).
 * {ERC20Votes}: support for voting and vote delegation. xref:governance.adoc#token[See the governance guide for a minimal example (with the required overrides when combining ERC20 + ERC20Permit + ERC20Votes)].