Invariants: Investigate & fix outstanding critical & potential issues

[wischli]

Fixed all outstanding critical and potential issues from #468, June 2025 (pre final v3 audits). Based against intermediary #598 to reduce main-rebase noise. Note: There might be new issues emerging from running the suite due to the heavy amount of changes and rebases.

Invariant Test Improvements

Zero Price Edge Case Handling

• Applied comprehensive zero price handling across all properties
• Prevents division by zero errors in price calculations

Async Vault Properties

• Corrected maxDeposit and maxWithdraw property calculations
• Fixed maxMint property for async vaults
• Added proper escrow edge case handling with meaningful catch cases

Infrastructure Improvements

• Removed mock MessageProcessor and MessageDispatcher in favor of real implementations
• Fixed asset ID resolution using proper spoke.vaultToAssetId() instead of hardcoded pool currency
• Updated setup permissions and managers configuration

Code Cleanup

• Removed outdated v2 invariant "fuzzing" suite
• Removed unnecessary root_{cancel, schedule}Rely function
• Refactored HubTargets after notify refactor
• Fix broken formatting
• Fix warnings

TODO

• Receive review/guidance from Recon
• Run Echidna locally for limited period
• Inspect coverage
• Run with suite & debug potentially emerging issues
• Format & apply import ordering

[github-actions]

Coverage after merging invariants_potential-issues into invariants_rebase-main-5fcfc44781ded1908c613d341fc5de066554dd58 will be

97.03%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
src/adapters
AxelarAdapter.sol	100%	100%	100%	100%
LayerZeroAdapter.sol	87.50%	100%	80%	86.84%	81–83, 87–88
WormholeAdapter.sol	100%	100%	100%	100%
src/common
GasService.sol	97.89%	100%	100%	96.88%	112, 120
Gateway.sol	100%	100%	100%	100%
Guardian.sol	89.04%	64.29%	100%	93.02%	130, 130–131, 48–52
MessageDispatcher.sol	97.46%	92.86%	100%	99.14%	64–68
MessageProcessor.sol	80.13%	50%	100%	97.75%	101, 106, 115, 118, 121, 132, 135, 138, 141, 144, 153, 161, 164, 177, 188, 193, 197, 51–55, 69, 71, 74, 77, 82, 85, 88, 90
MultiAdapter.sol	100%	100%	100%	100%
PoolEscrow.sol	100%	100%	100%	100%
Root.sol	100%	100%	100%	100%
TokenRecoverer.sol	100%	100%	100%	100%
src/common/factories
PoolEscrowFactory.sol	100%	100%	100%	100%
src/common/libraries
MessageLib.sol	100%	100%	100%	100%
MessageProofLib.sol	100%	100%	100%	100%
PricingLib.sol	100%	100%	100%	100%
RequestCallbackMessageLib.sol	89.58%	50%	100%	100%	106, 141, 38, 57, 77
RequestMessageLib.sol	89.74%	50%	100%	100%	37, 55, 72, 89
src/hooks
BaseTransferHook.sol	98.15%	100%	95.24%	98.55%	81
FreelyTransferable.sol	92.31%	80%	100%	100%	29
FreezeOnly.sol	100%	100%	100%	100%
FullRestrictions.sol	94.74%	87.50%	100%	100%	36
RedemptionRestrictions.sol	85.71%	50%	100%	100%	29
src/hooks/libraries
UpdateRestrictionMessageLib.sol	90%	50%	100%	100%	40, 61, 82
src/hub
Accounting.sol	93.75%	96%	100%	91.53%	114–115, 118–119, 134, 137
Holdings.sol	97.46%	88.46%	100%	100%	116, 221, 82
Hub.sol	88.29%	53.33%	100%	92.73%	109, 428–429, 432, 432–433, 451, 454, 454–455, 475, 492, 509, 536, 540, 571–572, 600, 610, 620, 620, 620, 622, 636, 643–645, 738, 79–80, 80–81, 81–82, 82–84
HubHelpers.sol	95.49%	92.59%	100%	95.83%	163–165, 215, 54–55
HubRegistry.sol	93.67%	79.17%	100%	100%	104, 110, 116, 33, 44
ShareClassManager.sol	100%	100%	100%	100%
src/managers
MerkleProofManager.sol	79.45%	61.11%	88.89%	84.78%	104, 111, 130–131, 131, 131, 133–134, 136–137, 40–41, 44, 54
OnOfframpManager.sol	100%	100%	100%	100%
src/managers/decoders
BaseDecoder.sol	75%	100%	75%	75%	43–44
CircleDecoder.sol	0%	100%	0%	0%	11, 16, 20, 22
VaultDecoder.sol	0%	100%	0%	0%	10, 104, 110, 15–16, 22, 28, 34, 40, 46, 52, 58, 64, 69, 75, 80, 86, 9, 92, 98
src/misc
Auth.sol	100%	100%	100%	100%
ERC20.sol	100%	100%	100%	100%
Escrow.sol	56.25%	33.33%	100%	66.67%	15, 17, 21–22, 22, 22, 24
Multicall.sol	83.33%	33.33%	100%	100%	17, 17
Recoverable.sol	100%	100%	100%	100%
ReentrancyProtection.sol	90%	75%	100%	100%	22
src/misc/libraries
ArrayLib.sol	96.15%	83.33%	100%	100%	26
BitmapLib.sol	100%	100%	100%	100%
BytesLib.sol	90.27%	56%	100%	100%	109, 120, 131, 14, 142, 153, 16, 164, 175, 186, 87
CastLib.sol	95.24%	66.67%	100%	100%	10, 34
EIP712Lib.sol	100%	100%	100%	100%
MathLib.sol	93.46%	76.19%	100%	97.33%	35–36, 45, 47, 49, 51, 53
MerkleProofLib.sol	100%	100%	100%	100%
SafeTransferLib.sol	96.97%	92.86%	100%	100%	75
SignatureLib.sol	95.24%	80%	100%	100%	17
StringLib.sol	100%	100%	100%	100%
TransientArrayLib.sol	100%	100%	100%	100%
TransientBytesLib.sol	100%	100%	100%	100%
TransientStorageLib.sol	100%	100%	100%	100%
src/spoke
BalanceSheet.sol	99.46%	96.88%	100%	100%	59
ContractUpdater.sol	100%	100%	100%	100%
ShareToken.sol	92.41%	60%	94.44%	98.04%	101, 113, 146, 148, 33
Spoke.sol	95.25%	85.57%	100%	98.66%	102, 102–103, 103, 128, 128–129, 129, 131, 330, 336–338, 394–395, 421–422
src/spoke/factories
TokenFactory.sol	92%	50%	100%	94.74%	24–25
src/spoke/libraries
UpdateContractMessageLib.sol	89.74%	50%	100%	100%	110, 40, 62, 86
src/valuations
IdentityValuation.sol	100%	100%	100%	100%
OracleValuation.sol	100%	100%	100%	100%
src/vaults
AsyncRequestManager.sol	94.54%	83.95%	93.02%	98.35%	164, 167, 170, 173, 184, 196, 201, 220, 227, 260, 294, 408, 413, 452, 454, 503, 510
AsyncVault.sol	96.25%	83.33%	95%	98.15%	148, 49
BaseVaults.sol	93.50%	80.77%	95.24%	95.45%	125, 138, 240, 313–314, 86–87, 87, 87–89
SyncDepositVault.sol	100%	100%	100%	100%
SyncManager.sol	85.96%	76.19%	87.50%	88.31%	161, 181–182, 227–228, 59–61, 63, 63, 63, 65, 70, 75
VaultRouter.sol	91.16%	53.85%	100%	98.97%	105, 108–109, 122, 122–123, 123, 138–139, 158, 158, 175, 221
src/vaults/factories
AsyncVaultFactory.sol	89.47%	50%	100%	93.33%	36, 48
SyncDepositVaultFactory.sol	91.30%	50%	100%	94.74%	45, 60

[sherlock-ai-github-agent]

Sherlock AI Findings

The automated tool identified the following potential security issues in the codebase. Please review the details for each issue in the linked dashboard.

#	Title	Severity	Details
5	Operator can redirect deposits by choosing arbitrary receiver	High	View Details
1	Rounding Discrepancy in Share Calculation Leading to Loss of Funds	Medium	View Details
2	Duplicate batch transmission due to cumulative underpaid counter in repay	Medium	View Details
3	Loss of Funds in updateRestriction Due to Unhandled msg.value When Batching	Medium	View Details
4	Potential Reentrancy Vulnerability in mint() Function Due to State Updates Before Asset Transfer	Medium	View Details
6	Logic Flaw in wire Function Allowing Orphaned Source Mappings Leading to Unauthorized Message Validation	Medium	View Details

Next Steps: Review the linked issues in the dashboard and address high-severity bugs first. Contact the team if you need assistance.

Full report available at: https://ai.sherlock.xyz/runs/8dfe06e7-6177-4870-8b98-49344494dfc9