[OUSD-09] Check burnToken in relay method#2782
Merged
shahthepro merged 4 commits intoshah/cross-chain-strategy-cctpv2from Feb 10, 2026
Merged
[OUSD-09] Check burnToken in relay method#2782shahthepro merged 4 commits intoshah/cross-chain-strategy-cctpv2from
shahthepro merged 4 commits intoshah/cross-chain-strategy-cctpv2from
Conversation
shahthepro
requested review from
clement-ux,
naddison36 and
sparrowDom
as code owners
…strategy-audit-ousd-09
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## shah/cross-chain-strategy-cctpv2 #2782 +/- ##
====================================================================
+ Coverage 42.60% 43.83% +1.23%
====================================================================
Files 133 133
Lines 6180 6184 +4
Branches 1652 1654 +2
====================================================================
+ Hits 2633 2711 +78
+ Misses 3543 3469 -74
Partials 4 4 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
sparrowDom
approved these changes
Feb 3, 2026
Member
sparrowDom
left a comment
sparrowDom
left a comment
There was a problem hiding this comment.
LGTM, should we include a unit test for this one?
sparrowDom
approved these changes
Feb 9, 2026
Member
sparrowDom
left a comment
sparrowDom
left a comment
There was a problem hiding this comment.
This is a good pick-up from the audit team. Thanks for the fix. I think a unit test would be a nice to have
shahthepro
merged commit 693edb6
into
shah/cross-chain-strategy-cctpv2
10 of 17 checks passed
shahthepro
added a commit
that referenced
this pull request
Feb 10, 2026
* some scaffolding * add basic necessities for unit tests * checkpoint * Fix compiling issues * Add fork test scaffolding * Fix stuffs * Prettify and change salt * Add auto-verification * Fix checkBalance * Make CCTPHookWrapper more resilient * refactor message version and type checks * add some comments * add comment * fix compile errors * Change addresses * Cross chain changes (#2718) * fix deploy files * minor rename * add calls to Morpho Vault into a try catch * refactor hook wrapper * don't revert if withdraw from underlying fails * use checkBalance for deposit/withdrawal acknowledgment * update message in remote strategy * remove unneeded functions * Fix compilation issues * Fix deployment files a bit * Fix Message relayer * Clean up master strategy * Fix deployment file name * move around stuff * Fix CCTP Integrator * clean up fork * Fix race condition (#2720) * Fix race condition * Transfer everything on wtihdrawal * Move destination domain one step above * Cleanup code * decode payloads in fork tests * Add library for message handling * More changes * Add comments and prettify * WIP Unit test setup (#2722) * add cross chain unit test basic files * add basic unit test setup * add header encoding * more tests * Add more fork tests * Add token transfer tests * WIP Unit tests for OUSD Simplified strategy (#2724) * more unit test integration * more tying up ends * fix bug * cleanup * add full round-trip test * cleanup * Fix approve all and prettify --------- Co-authored-by: Shahul Hameed <10547529+shahthepro@users.noreply.github.com> * Fix master fork tests * linter * add direct withdrawal paths and additional checks * Fix Remote strategy tests * Update comments and clean up code * Fix comment * Fix failing unit test * fix: withdraw only if balance is lower than requested amount * Document crosschain strategy * Update deployment file numbers * adjust the charts * change the function visibility to pure * fix: create2 proxy without using deployer address * fix: impersonate a single deployer on fork * deploy script bug fix * Store create2 proxy addresses * fix: await * more logging * fix opts * Fix env for deploy action * Change writeFileSync to writeFile * add log * Add more logs * fix callback * Add empty file * Cleanup logs * withdraw funds according to the spec * Address Code Review comments (#2732) * Address Code Review comments * Fix initialize method * Fix initialize method * fix remote strat initialize method * Revert 999 * fix comments * add a test that uncovers a withdrawal error (#2733) * remove transferType * correct spelling * rename baseToken to usdcToken * improve error message * simplify code * fix: min withdraw amount is 1e6 * add validations for config * fix: require a min deposit amount of 1e6 * fix: withdrawAll caps withdraw amount * Move around constants * Move decode message header function * fix fork tests * prettify * adjust some comments * have consistent event names * fix: remove redundant check * simplify stuff * adjust comment * fix: variable name * Add TokensBridged and MessageTransmitted events * Add finality threshold checks * add comment regarding fast transfers * Add analytics info * Change error message * Set 1 USDC as min allowed value for deposits * Change comment * Change comment * Update max transfer amount comment * Set nonce(0) as processed during initialization * Use Strategizable for strategist functionality (#2740) * use Strategizable * Add comment --------- Co-authored-by: Shahul Hameed <10547529+shahthepro@users.noreply.github.com> * set vault address to zero (#2742) * remove unnecessary comments * Add comment * Add nonReentrant for deposit and withdraw methods * Add more checks in constructor * Fix withdrawAll * Update deploy numbers * simplify _withdraw (#2741) * address verification (#2749) * add address verification * remove operator check * Fix merge issue * small adjustement * fix unit test * Bumped the deploy script numbers * remove unused parameter (#2754) * Add unit tests (#2751) * fix unit test * add more unit tests * add more unit tests * prettier * add some more unit tests * add thorough unit test support * Default to Timelock governance * lint * Fix VaultAddress in deployment scripts * Add events for nonce updates (#2755) * Sparrow dom/cctp defender action (#2770) * Add unit tests (#2751) * fix unit test * add more unit tests * add more unit tests * prettier * add some more unit tests * add thorough unit test support * add comment * create a defender task and cleanup * small change * add the ability for the defender relay action to store already processed transactions * update gitignore * prettier * put into a better place * ... * add dry run option, also fix issues with cross chain providers * read cctp domain ids from config * make api a constant * remove finality checks * add custom per chain block lookback * readme change * move all configuration out of cross-chain source file, to more easily support multiple networks and relaying directions * clear the testing addresses * prettier * add test address * add the option not to initialize the implementation contract * Prettify * add comment (#2787) * ignore messages that are too old (#2786) * [OUSD-09] Check burnToken in relay method (#2782) * [OUSD-09] Check burnToken in relay method * Fix: Check burn token is usdc on remote chain * Add tests * Make min transfer amount a constant (#2780) * [OUSD-15] Emit event when withdrawAll is skipped (#2781) --------- Co-authored-by: Domen Grabec <grabec@gmail.com> Co-authored-by: Nicholas Addison <nick@addisonbrown.com.au>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Code Change
Extracts burnToken from BurnMessageV2 and ensures that it's USDC token