chore: deploy HyperliquidDepositHandler after audit of Jan 19 (#1313)

* deploy and configure

Signed-off-by: Ihor Farion <ihor@umaproject.org>

* add --verify

Signed-off-by: Ihor Farion <ihor@umaproject.org>

* fix hyperliquiddeposithandler deployment script

Signed-off-by: Ihor Farion <ihor@umaproject.org>

* bump package version

Signed-off-by: Ihor Farion <ihor@umaproject.org>

* pr comments

Signed-off-by: Ihor Farion <ihor@umaproject.org>

---------

Signed-off-by: Ihor Farion <ihor@umaproject.org>

Author: grasphoper

broadcast/DeployHyperliquidDepositHandler.s.sol/999/run-latest.json

@@ -535,9 +535,9 @@
           "transaction_hash": "0x11abc3566704b51ee63255b70eddb4e3f127c7e6c9dad6bdfbf547b684bcaf2c"
         },
         "HyperliquidDepositHandler": {
-          "address": "0x861E127036B28D32f3777B4676F6bbb9e007d195",
-          "block_number": 20301679,
-          "transaction_hash": "0x187b45f39be413aff2ff526946c64f76ed98763129e7e2ffb7d2d4c5bd997519"
+          "address": "0xbFB53E9C8acCe6D6aC54885A8e33A7Aec95427D5",
+          "block_number": 27144816,
+          "transaction_hash": "0xf7f1b77559935ec04f3a3a89601b621f21d4cf38c2701e8df18e10f333b24c7c"
         },
         "SponsoredCCTPDstPeriphery": {
           "address": "0x478D451e101bE484880a14cf3cCC293CD48E6140",

broadcast/deployed-addresses.json

@@ -159,7 +159,7 @@ This file contains the latest deployed smart contract addresses from the broadca
 | ------------------------- | ------------------------------------------------------------------------------------------------------------------------- |
 | DonationBox               | [0xf9a0c1C775f1B6e156ad3f1DB784520461DDb19e](https://hyperevmscan.io//address/0xf9a0c1C775f1B6e156ad3f1DB784520461DDb19e) |
 | DstOFTHandler             | [0x0Ca8316a6fcc15C833A220c40D84550B08339438](https://hyperevmscan.io//address/0x0Ca8316a6fcc15C833A220c40D84550B08339438) |
-| HyperliquidDepositHandler | [0x861E127036B28D32f3777B4676F6bbb9e007d195](https://hyperevmscan.io//address/0x861E127036B28D32f3777B4676F6bbb9e007d195) |
+| HyperliquidDepositHandler | [0xbFB53E9C8acCe6D6aC54885A8e33A7Aec95427D5](https://hyperevmscan.io//address/0xbFB53E9C8acCe6D6aC54885A8e33A7Aec95427D5) |
 | MulticallHandler          | [0x5E7840E06fAcCb6d1c3b5F5E0d1d3d07F2829bba](https://hyperevmscan.io//address/0x5E7840E06fAcCb6d1c3b5F5E0d1d3d07F2829bba) |
 | SP1Helios                 | [0xc19B7EF43a6eBd393446F401d1eCFac01B181ac0](https://hyperevmscan.io//address/0xc19B7EF43a6eBd393446F401d1eCFac01B181ac0) |
 | SpokePool                 | [0x35E63eA3eb0fb7A3bc543C71FB66412e1F6B0E04](https://hyperevmscan.io//address/0x35E63eA3eb0fb7A3bc543C71FB66412e1F6B0E04) |

broadcast/deployed-addresses.md

@@ -1,6 +1,6 @@
 {
   "name": "@across-protocol/contracts",
-  "version": "5.0.0",
+  "version": "5.0.1",
   "author": "UMA Team",
   "license": "AGPL-3.0-only",
   "repository": {

package.json

@@ -1,3 +1,30 @@
+# Hypercore token metadata notes
+
+- To get `hypercore-tokens.json` info:
+
+```
+curl -s 'https://api.hyperliquid.xyz/info' \
+  -H 'content-type: application/json' \
+  --data '{"type":"spotMeta"}' \
+| jq '.tokens[]
+      | select((.name|ascii_upcase)=="USDT0"
+            or (.name|ascii_upcase)=="USDC"
+            or (.name|ascii_upcase)=="USDH")'
+```
+
+These 3 fields added manually to each entry:
+
+```
+    "canBeUsedForAccountActivation": true,
+    "accountActivationFeeCore": 100000000,
+    "bridgeSafetyBufferCore": 100000000000000000
+```
+
+- `script/mintburn/hypercore-tokens.json` is read by `script/mintburn/ReadHCoreTokenInfoUtil.s.sol`.
+- USDC is a special case: `evmContract.address` in that JSON is **not** the real HyperEVM USDC ERC20 address.
+- Read utils hard-override USDC to `0xb88339CB7199b77E23DB6E890353E22632Ba630f` for all script configuration paths.
+- Same address is documented in `script/mintburn/oft/README.md`.
+
 # Mintburn Prod Readiness Checks
 
 `checkSponsoredPeripheryProdReadiness.sh` checks the latest canonical sponsored mintburn periphery deployments from [`broadcast/deployed-addresses.json`](broadcast/deployed-addresses.json).

script/mintburn/README.md

@@ -2,43 +2,48 @@
 pragma solidity ^0.8.0;
 
 import { Script } from "forge-std/Script.sol";
-import { console } from "forge-std/console.sol";
-import { Constants } from "../utils/Constants.sol";
 
 contract ReadHCoreTokenInfoUtil is Script {
     string internal constant HCORE_JSON_PATH = "./script/mintburn/hypercore-tokens.json";
+    address internal constant HYPEREVM_USDC = 0xb88339CB7199b77E23DB6E890353E22632Ba630f;
 
     struct TokenJson {
         uint256 index;
         address evmAddress;
         bool canBeUsedForAccountActivation;
         uint256 accountActivationFeeCore;
         uint256 bridgeSafetyBufferCore;
+        bool isUsdc;
     }
 
-    function readToken(string memory tokenName) public view returns (TokenJson memory info) {
+    function readToken(string memory tokenKey) public view returns (TokenJson memory info) {
         string memory json = vm.readFile(HCORE_JSON_PATH);
-        string memory base = string.concat(".", tokenName);
+        string memory base = string.concat(".", tokenKey);
 
         info.index = vm.parseJsonUint(json, string.concat(base, ".index"));
+        info.isUsdc = _isUsdc(tokenKey);
 
-        // evmAddress can be null in JSON; parseJsonAddress would revert. Try/catch and leave zero if unset.
-        try this._parseAddress(json, string.concat(base, ".evmAddress")) returns (address a) {
+        // evmContract.address can be null in JSON; parseJsonAddress would revert.
+        try this._parseAddress(json, string.concat(base, ".evmContract.address")) returns (address a) {
             info.evmAddress = a;
         } catch {
             info.evmAddress = address(0);
         }
 
-        // Required fields for CoreTokenInfo
-        info.canBeUsedForAccountActivation = vm.parseJsonBool(
-            json,
-            string.concat(base, ".canBeUsedForAccountActivation")
-        );
-        info.accountActivationFeeCore = vm.parseJsonUint(json, string.concat(base, ".accountActivationFeeCore"));
-        info.bridgeSafetyBufferCore = vm.parseJsonUint(json, string.concat(base, ".bridgeSafetyBufferCore"));
+        // Optional fields for CoreTokenInfo. Leave defaults if absent.
+        try this._parseBool(json, string.concat(base, ".canBeUsedForAccountActivation")) returns (bool canActivate) {
+            info.canBeUsedForAccountActivation = canActivate;
+        } catch {}
+        try this._parseUint(json, string.concat(base, ".accountActivationFeeCore")) returns (uint256 activationFee) {
+            info.accountActivationFeeCore = activationFee;
+        } catch {}
+        try this._parseUint(json, string.concat(base, ".bridgeSafetyBufferCore")) returns (uint256 bridgeSafetyBuffer) {
+            info.bridgeSafetyBufferCore = bridgeSafetyBuffer;
+        } catch {}
     }
 
-    function resolveEvmAddress(TokenJson memory info, uint256 /* chainId */) public pure returns (address evm) {
+    function resolveEvmAddress(TokenJson memory info) public pure returns (address evm) {
+        if (info.isUsdc) return HYPEREVM_USDC;
         require(info.evmAddress != address(0), "evmAddress required in JSON");
         return info.evmAddress;
     }
@@ -47,4 +52,16 @@ contract ReadHCoreTokenInfoUtil is Script {
     function _parseAddress(string memory json, string memory key) external pure returns (address) {
         return vm.parseJsonAddress(json, key);
     }
+
+    function _parseBool(string memory json, string memory key) external pure returns (bool) {
+        return vm.parseJsonBool(json, key);
+    }
+
+    function _parseUint(string memory json, string memory key) external pure returns (uint256) {
+        return vm.parseJsonUint(json, key);
+    }
+
+    function _isUsdc(string memory tokenKey) internal pure returns (bool) {
+        return keccak256(bytes(tokenKey)) == keccak256(bytes("usdc"));
+    }
 }

script/mintburn/ReadHCoreTokenInfoUtil.s.sol

@@ -1,36 +1,51 @@
 {
   "usdc": {
     "name": "USDC",
-    "index": 0,
-    "tokenId": "0x6d1e7cde53ba9467b783cb7c530ce054",
     "szDecimals": 8,
     "weiDecimals": 8,
+    "index": 0,
+    "tokenId": "0x6d1e7cde53ba9467b783cb7c530ce054",
     "isCanonical": true,
-    "evmAddress": null,
+    "evmContract": {
+      "address": "0x6b9e773128f453f5c2c60935ee2de2cbc5390a24",
+      "evm_extra_wei_decimals": -2
+    },
+    "fullName": null,
+    "deployerTradingFeeShare": "0.0",
     "canBeUsedForAccountActivation": true,
     "accountActivationFeeCore": 100000000,
     "bridgeSafetyBufferCore": 100000000000000000
   },
   "usdt0": {
     "name": "USDT0",
-    "index": 268,
-    "tokenId": "0x25faedc3f054130dbb4e4203aca63567",
     "szDecimals": 2,
     "weiDecimals": 8,
+    "index": 268,
+    "tokenId": "0x25faedc3f054130dbb4e4203aca63567",
     "isCanonical": false,
-    "evmAddress": "0xb8ce59fc3717ada4c02eadf9682a9e934f625ebb",
+    "evmContract": {
+      "address": "0xb8ce59fc3717ada4c02eadf9682a9e934f625ebb",
+      "evm_extra_wei_decimals": -2
+    },
+    "fullName": "USDT0",
+    "deployerTradingFeeShare": "0.0",
     "canBeUsedForAccountActivation": true,
     "accountActivationFeeCore": 100000000,
     "bridgeSafetyBufferCore": 100000000000000000
   },
   "usdh": {
     "name": "USDH",
-    "index": 360,
-    "tokenId": "0x54e00a5988577cb0b0c9ab0cb6ef7f4b",
     "szDecimals": 2,
     "weiDecimals": 8,
+    "index": 360,
+    "tokenId": "0x54e00a5988577cb0b0c9ab0cb6ef7f4b",
     "isCanonical": false,
-    "evmAddress": "0x111111a1a0667d36bd57c0a9f569b98057111111",
+    "evmContract": {
+      "address": "0x111111a1a0667d36bd57c0a9f569b98057111111",
+      "evm_extra_wei_decimals": -2
+    },
+    "fullName": "USDH",
+    "deployerTradingFeeShare": "0.0",
     "canBeUsedForAccountActivation": true,
     "accountActivationFeeCore": 100000000,
     "bridgeSafetyBufferCore": 100000000000000000

script/mintburn/hypercore-tokens.json

@@ -3,7 +3,7 @@ pragma solidity ^0.8.0;
 
 import { Config } from "forge-std/Config.sol";
 import { console } from "forge-std/console.sol";
-import { Strings } from "@openzeppelin/contracts/utils/Strings.sol";
+import { SafeCast } from "@openzeppelin/contracts-v4/utils/math/SafeCast.sol";
 
 import { ReadHCoreTokenInfoUtil } from "../../mintburn/ReadHCoreTokenInfoUtil.s.sol";
 import { DstOFTHandler } from "../../../contracts/periphery/mintburn/sponsored-oft/DstOFTHandler.sol";
@@ -14,6 +14,7 @@ import { AddressToBytes32 } from "../../../contracts/libraries/AddressConverters
 /// @notice Shared helper for configuring `DstOFTHandler` instances using TOML and JSON metadata.
 abstract contract DstHandlerConfigLib is Config {
     using AddressToBytes32 for address;
+    using SafeCast for uint256;
 
     function _loadTokenConfig(string memory tokenKey) internal {
         require(bytes(tokenKey).length != 0, "token key required");
@@ -26,7 +27,7 @@ abstract contract DstHandlerConfigLib is Config {
 
         ReadHCoreTokenInfoUtil reader = new ReadHCoreTokenInfoUtil();
         ReadHCoreTokenInfoUtil.TokenJson memory info = reader.readToken(tokenName);
-        address tokenAddr = reader.resolveEvmAddress(info, block.chainid);
+        address tokenAddr = reader.resolveEvmAddress(info);
         require(tokenAddr != address(0), "token addr missing");
 
         console.log("Configuring CoreTokenInfo for", tokenName);
@@ -35,10 +36,10 @@ abstract contract DstHandlerConfigLib is Config {
 
         HyperCoreFlowExecutor(dstHandlerAddress).setCoreTokenInfo(
             tokenAddr,
-            uint32(info.index),
+            info.index.toUint32(),
             info.canBeUsedForAccountActivation,
-            uint64(info.accountActivationFeeCore),
-            uint64(info.bridgeSafetyBufferCore)
+            info.accountActivationFeeCore.toUint64(),
+            info.bridgeSafetyBufferCore.toUint64()
         );
     }