implement dynamic fee validation with maxFeeThouBPS and on-chain fee calculation

Author: O1ahmad

src/actions/SweepCCTPV2Action.sol

@@ -13,7 +13,7 @@ import {OtimFee} from "./fee-models/OtimFee.sol";
 import {IAction} from "./interfaces/IAction.sol";
 import {ISweepCCTPV2Action, INSTRUCTION_TYPEHASH, ARGUMENTS_TYPEHASH} from "./interfaces/ISweepCCTPV2Action.sol";
 
-import {InvalidArguments, BalanceUnderThreshold, CCTPTokenNotSupported} from "./errors/Errors.sol";
+import {InvalidArguments, BalanceUnderThreshold, CCTPTokenNotSupported, CCTPMaxFeeTooLow} from "./errors/Errors.sol";
 
 /// @title SweepCCTPV2Action
 /// @author Otim Labs, Inc.
@@ -54,7 +54,7 @@ contract SweepCCTPV2Action is IAction, ISweepCCTPV2Action, OtimFee {
                 arguments.threshold,
                 arguments.endBalance,
                 arguments.destinationCaller,
-                arguments.maxFee,
+                arguments.maxFeeThouBPS,
                 arguments.minFinalityThreshold,
                 hash(arguments.fee)
             )
@@ -112,6 +112,20 @@ contract SweepCCTPV2Action is IAction, ISweepCCTPV2Action, OtimFee {
             emit CCTPBurnLimitReached(arguments.token, burnLimitPerMessage);
         }
 
+        // validate maxFeeThouBPS against CCTP's minFee
+        uint256 calculatedMaxFee;
+        if (arguments.minFinalityThreshold < 2000) {
+            uint256 cctpMinFee = tokenMessengerV2.minFee();
+            if (arguments.maxFeeThouBPS < cctpMinFee) {
+                revert CCTPMaxFeeTooLow(arguments.maxFeeThouBPS, cctpMinFee);
+            }
+            // calculate actual fee based on transfer amount
+            calculatedMaxFee = tokenMessengerV2.getMinFeeAmount(transferAmount);
+        } else {
+            // standard transfers (minFinalityThreshold >= 2000) have no cost
+            calculatedMaxFee = 0;
+        }
+
         // approve the transferAmount to the CCTP TokenMessenger contract
         // slither-disable-next-line unused-return
         IERC20(arguments.token).approve(address(tokenMessengerV2), transferAmount);
@@ -123,7 +137,7 @@ contract SweepCCTPV2Action is IAction, ISweepCCTPV2Action, OtimFee {
             arguments.destinationMintRecipient,
             arguments.token,
             arguments.destinationCaller,
-            arguments.maxFee,
+            calculatedMaxFee,
             arguments.minFinalityThreshold
         );
 

src/actions/TransferCCTPV2Action.sol

@@ -14,7 +14,7 @@ import {OtimFee} from "./fee-models/OtimFee.sol";
 import {IAction} from "./interfaces/IAction.sol";
 import {ITransferCCTPV2Action, INSTRUCTION_TYPEHASH, ARGUMENTS_TYPEHASH} from "./interfaces/ITransferCCTPV2Action.sol";
 
-import {InvalidArguments, InsufficientBalance, CCTPTokenNotSupported} from "./errors/Errors.sol";
+import {InvalidArguments, InsufficientBalance, CCTPTokenNotSupported, CCTPMaxFeeTooLow} from "./errors/Errors.sol";
 
 /// @title TransferCCTPV2Action
 /// @author Otim Labs, Inc.
@@ -54,7 +54,7 @@ contract TransferCCTPV2Action is IAction, ITransferCCTPV2Action, Interval, OtimF
                 arguments.destinationDomain,
                 arguments.destinationMintRecipient,
                 arguments.destinationCaller,
-                arguments.maxFee,
+                arguments.maxFeeThouBPS,
                 arguments.minFinalityThreshold,
                 hash(arguments.schedule),
                 hash(arguments.fee)
@@ -114,6 +114,20 @@ contract TransferCCTPV2Action is IAction, ITransferCCTPV2Action, Interval, OtimF
             emit CCTPBurnLimitReached(arguments.token, burnLimitPerMessage);
         }
 
+        // validate maxFeeThouBPS against CCTP's minFee (only for fast transfers)
+        uint256 calculatedMaxFee;
+        if (arguments.minFinalityThreshold < 2000) {
+            uint256 cctpMinFee = tokenMessengerV2.minFee();
+            if (arguments.maxFeeThouBPS < cctpMinFee) {
+                revert CCTPMaxFeeTooLow(arguments.maxFeeThouBPS, cctpMinFee);
+            }
+            // calculate actual fee based on transfer amount
+            calculatedMaxFee = tokenMessengerV2.getMinFeeAmount(transferAmount);
+        } else {
+            // standard transfers (minFinalityThreshold >= 2000) have no cost
+            calculatedMaxFee = 0;
+        }
+
         // approve the transferAmount to the CCTP TokenMessenger contract
         // slither-disable-next-line unused-return
         IERC20(arguments.token).approve(address(tokenMessengerV2), transferAmount);
@@ -125,7 +139,7 @@ contract TransferCCTPV2Action is IAction, ITransferCCTPV2Action, Interval, OtimF
             arguments.destinationMintRecipient,
             arguments.token,
             arguments.destinationCaller,
-            arguments.maxFee,
+            calculatedMaxFee,
             arguments.minFinalityThreshold
         );
 

src/actions/errors/Errors.sol

@@ -15,6 +15,7 @@ error InstructionAlreadyDeactivated();
 error CallOnceFailed(address target, bytes4 selector, bytes result);
 
 error CCTPTokenNotSupported();
+error CCTPMaxFeeTooLow(uint32 userMaxFeeThouBPS, uint256 cctpMinFee);
 
 error MaxDepositTooLow();
 error MaxWithdrawTooLow();

src/actions/external/ITokenMessengerV2.sol

@@ -43,5 +43,14 @@ interface ITokenMessengerV2 {
         uint32 minFinalityThreshold,
         bytes calldata hookData
     ) external;
+
+    /// @notice Returns the minimum fee for a given amount
+    /// @param amount The amount for which to calculate the minimum fee
+    /// @return The minimum fee for the given amount
+    function getMinFeeAmount(uint256 amount) external view returns (uint256);
+
+    /// @notice Minimum fee for all transfers in 1/1000 basis points
+    /// @return The minimum fee in thousandth basis points (e.g., 10 = 0.01%)
+    function minFee() external view returns (uint256);
 }
 

src/actions/interfaces/ISweepCCTPV2Action.sol

@@ -4,11 +4,11 @@ pragma solidity ^0.8.26;
 import {IOtimFee} from "../fee-models/interfaces/IOtimFee.sol";
 
 bytes32 constant INSTRUCTION_TYPEHASH = keccak256(
-    "Instruction(uint256 salt,uint256 maxExecutions,address action,SweepCCTPV2 sweepCCTPV2)Fee(address token,uint256 maxBaseFeePerGas,uint256 maxPriorityFeePerGas,uint256 executionFee)SweepCCTPV2(address token,uint32 destinationDomain,bytes32 destinationMintRecipient,uint256 threshold,uint256 endBalance,bytes32 destinationCaller,uint256 maxFee,uint32 minFinalityThreshold,Fee fee)"
+    "Instruction(uint256 salt,uint256 maxExecutions,address action,SweepCCTPV2 sweepCCTPV2)Fee(address token,uint256 maxBaseFeePerGas,uint256 maxPriorityFeePerGas,uint256 executionFee)SweepCCTPV2(address token,uint32 destinationDomain,bytes32 destinationMintRecipient,uint256 threshold,uint256 endBalance,bytes32 destinationCaller,uint32 maxFeeThouBPS,uint32 minFinalityThreshold,Fee fee)"
 );
 
 bytes32 constant ARGUMENTS_TYPEHASH = keccak256(
-    "SweepCCTPV2(address token,uint32 destinationDomain,bytes32 destinationMintRecipient,uint256 threshold,uint256 endBalance,bytes32 destinationCaller,uint256 maxFee,uint32 minFinalityThreshold,Fee fee)Fee(address token,uint256 maxBaseFeePerGas,uint256 maxPriorityFeePerGas,uint256 executionFee)"
+    "SweepCCTPV2(address token,uint32 destinationDomain,bytes32 destinationMintRecipient,uint256 threshold,uint256 endBalance,bytes32 destinationCaller,uint32 maxFeeThouBPS,uint32 minFinalityThreshold,Fee fee)Fee(address token,uint256 maxBaseFeePerGas,uint256 maxPriorityFeePerGas,uint256 executionFee)"
 );
 
 /// @title ISweepCCTPV2Action
@@ -22,7 +22,7 @@ interface ISweepCCTPV2Action is IOtimFee {
     /// @param threshold - the sweep threshold
     /// @param endBalance - the account's balance after the sweep
     /// @param destinationCaller - the address allowed to call receiveMessage on destination (bytes32(0) for anyone)
-    /// @param maxFee - the maximum fee for the transfer in burn token units
+    /// @param maxFeeThouBPS - max fee in 1/1000 BPS (e.g., 10 = 0.01%, 100 = 0.1%)
     /// @param minFinalityThreshold - minimum finality threshold (e.g., 1000=fast, 2000=standard)
     /// @param fee - the fee to be paid
     struct SweepCCTPV2 {
@@ -32,7 +32,7 @@ interface ISweepCCTPV2Action is IOtimFee {
         uint256 threshold;
         uint256 endBalance;
         bytes32 destinationCaller;
-        uint256 maxFee;
+        uint32 maxFeeThouBPS;
         uint32 minFinalityThreshold;
         Fee fee;
     }

src/actions/interfaces/ITransferCCTPV2Action.sol

@@ -5,11 +5,11 @@ import {IInterval} from "../schedules/interfaces/IInterval.sol";
 import {IOtimFee} from "../fee-models/interfaces/IOtimFee.sol";
 
 bytes32 constant INSTRUCTION_TYPEHASH = keccak256(
-    "Instruction(uint256 salt,uint256 maxExecutions,address action,TransferCCTPV2 transferCCTPV2)Fee(address token,uint256 maxBaseFeePerGas,uint256 maxPriorityFeePerGas,uint256 executionFee)Schedule(uint256 startAt,uint256 startBy,uint256 interval,uint256 timeout)TransferCCTPV2(address token,uint256 amount,uint32 destinationDomain,bytes32 destinationMintRecipient,bytes32 destinationCaller,uint256 maxFee,uint32 minFinalityThreshold,Schedule schedule,Fee fee)"
+    "Instruction(uint256 salt,uint256 maxExecutions,address action,TransferCCTPV2 transferCCTPV2)Fee(address token,uint256 maxBaseFeePerGas,uint256 maxPriorityFeePerGas,uint256 executionFee)Schedule(uint256 startAt,uint256 startBy,uint256 interval,uint256 timeout)TransferCCTPV2(address token,uint256 amount,uint32 destinationDomain,bytes32 destinationMintRecipient,bytes32 destinationCaller,uint32 maxFeeThouBPS,uint32 minFinalityThreshold,Schedule schedule,Fee fee)"
 );
 
 bytes32 constant ARGUMENTS_TYPEHASH = keccak256(
-    "TransferCCTPV2(address token,uint256 amount,uint32 destinationDomain,bytes32 destinationMintRecipient,bytes32 destinationCaller,uint256 maxFee,uint32 minFinalityThreshold,Schedule schedule,Fee fee)Fee(address token,uint256 maxBaseFeePerGas,uint256 maxPriorityFeePerGas,uint256 executionFee)Schedule(uint256 startAt,uint256 startBy,uint256 interval,uint256 timeout)"
+    "TransferCCTPV2(address token,uint256 amount,uint32 destinationDomain,bytes32 destinationMintRecipient,bytes32 destinationCaller,uint32 maxFeeThouBPS,uint32 minFinalityThreshold,Schedule schedule,Fee fee)Fee(address token,uint256 maxBaseFeePerGas,uint256 maxPriorityFeePerGas,uint256 executionFee)Schedule(uint256 startAt,uint256 startBy,uint256 interval,uint256 timeout)"
 );
 
 /// @title ITransferCCTPV2Action
@@ -22,7 +22,7 @@ interface ITransferCCTPV2Action is IInterval, IOtimFee {
     /// @param destinationDomain - the destination domain for the CCTP transfer
     /// @param destinationMintRecipient - the address of the mint recipient for the CCTP transfer (in bytes32 format)
     /// @param destinationCaller - the address allowed to call receiveMessage on destination (bytes32(0) for anyone)
-    /// @param maxFee - the maximum fee for the transfer in burn token units
+    /// @param maxFeeThouBPS - max fee in 1/1000 BPS (e.g., 10 = 0.01%, 100 = 0.1%)
     /// @param minFinalityThreshold - minimum finality threshold (e.g., 1000=fast, 2000=standard)
     /// @param schedule - the schedule parameters for the transfer
     /// @param fee - the fee to be paid
@@ -32,7 +32,7 @@ interface ITransferCCTPV2Action is IInterval, IOtimFee {
         uint32 destinationDomain;
         bytes32 destinationMintRecipient;
         bytes32 destinationCaller;
-        uint256 maxFee;
+        uint32 maxFeeThouBPS;
         uint32 minFinalityThreshold;
         Schedule schedule;
         Fee fee;

test/actions/SweepCCTPV2.t.sol

@@ -46,7 +46,7 @@ contract SweepCCTPV2Test is InstructionForkTestContext {
         threshold: DEFAULT_THRESHOLD,
         endBalance: DEFAULT_END_BALANCE,
         destinationCaller: bytes32(0),
-        maxFee: 1e6,
+        maxFeeThouBPS: 10,
         minFinalityThreshold: 1000,
         fee: DEFAULT_FEE
     });
@@ -79,6 +79,28 @@ contract SweepCCTPV2Test is InstructionForkTestContext {
         // Note: In V2, this returns the TokenMessenger address, not a separate remote address
         DEFAULT_DESTINATION_TOKEN_MESSENGER = bytes32(uint256(uint160(SEPOLIA_TOKEN_MESSENGER_V2)));
 
+        // mock CCTP V2 fee functions
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSignature("minFee()"),
+            abi.encode(10) // 0.01% in 1/1000 BPS
+        );
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSelector(bytes4(keccak256("getMinFeeAmount(uint256)"))),
+            abi.encode(uint256(0)) // default: no fee
+        );
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSignature("getMinFeeAmount(uint256)", 50000001),
+            abi.encode(uint256(5000))
+        );
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSignature("getMinFeeAmount(uint256)", 100000001),
+            abi.encode(uint256(10000))
+        );
+
         DEFAULT_ACTION = address(sweepCCTPV2Action);
         DEFAULT_ARGS = abi.encode(DEFAULT_ACTION_ARGS);
     }
@@ -102,7 +124,7 @@ contract SweepCCTPV2Test is InstructionForkTestContext {
     /// @notice test that sweeping USDC via CCTP V2 with standard transfer works as expected
     function test_sweepCCTPV2_standardTransfer() public {
         DEFAULT_ACTION_ARGS.minFinalityThreshold = 2000;
-        DEFAULT_ACTION_ARGS.maxFee = 0;
+        DEFAULT_ACTION_ARGS.maxFeeThouBPS = 0;
 
         buildInstruction(DEFAULT_SALT, DEFAULT_MAX_EXECUTIONS, DEFAULT_ACTION, abi.encode(DEFAULT_ACTION_ARGS));
 

test/actions/TransferCCTPV2.t.sol

@@ -46,7 +46,7 @@ contract TransferCCTPV2Test is InstructionForkTestContext {
         destinationDomain: DEFAULT_DESTINATION_DOMAIN,
         destinationMintRecipient: bytes32(uint256(1)),
         destinationCaller: bytes32(0),
-        maxFee: 1e6,
+        maxFeeThouBPS: 10,
         minFinalityThreshold: 1000,
         schedule: DEFAULT_SCHEDULE,
         fee: DEFAULT_FEE
@@ -80,6 +80,23 @@ contract TransferCCTPV2Test is InstructionForkTestContext {
         // Note: In V2, this returns the TokenMessenger address, not a separate remote address
         DEFAULT_DESTINATION_TOKEN_MESSENGER = bytes32(uint256(uint160(SEPOLIA_TOKEN_MESSENGER_V2)));
 
+        // mock CCTP V2 fee functions
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSignature("minFee()"),
+            abi.encode(10) // 0.01% in 1/1000 BPS
+        );
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSelector(bytes4(keccak256("getMinFeeAmount(uint256)"))),
+            abi.encode(uint256(0)) // default: no fee
+        );
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSignature("getMinFeeAmount(uint256)", 100e6),
+            abi.encode(uint256(10000))
+        );
+
         USER_START_BALANCE = 5_000_000e6;
 
         DEFAULT_ACTION = address(transferCCTPV2Action);
@@ -105,7 +122,7 @@ contract TransferCCTPV2Test is InstructionForkTestContext {
     /// @notice test that transferring USDC via CCTP V2 with standard transfer works as expected
     function test_transferCCTPV2_standardTransfer() public {
         DEFAULT_ACTION_ARGS.minFinalityThreshold = 2000;
-        DEFAULT_ACTION_ARGS.maxFee = 0;
+        DEFAULT_ACTION_ARGS.maxFeeThouBPS = 0;
 
         buildInstruction(DEFAULT_SALT, DEFAULT_MAX_EXECUTIONS, DEFAULT_ACTION, abi.encode(DEFAULT_ACTION_ARGS));
 

test/gas-estimation/EstimateSweepCCTPV2GasConstant.t.sol

@@ -51,6 +51,18 @@ contract EstimateSweepCCTPV2GasConstant is InstructionForkTestContext {
         );
 
         actionManager.addAction(address(sweepCCTPV2Action));
+
+        // mock CCTP V2 fee functions
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSignature("minFee()"),
+            abi.encode(10) // 0.01% in 1/1000 BPS
+        );
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSelector(bytes4(keccak256("getMinFeeAmount(uint256)"))),
+            abi.encode(uint256(0)) // return 0 to avoid CCTP "maxFee < amount" validation
+        );
     }
 
     // check that the SWEEP_CCTP_V2_ACTION_GAS_CONSTANT doesn't result in an underpayment of the fee
@@ -69,16 +81,12 @@ contract EstimateSweepCCTPV2GasConstant is InstructionForkTestContext {
         arguments.destinationDomain = 2; // OP Sepolia
         arguments.destinationMintRecipient = bytes32(uint256(1));
         arguments.destinationCaller = bytes32(0);
-        arguments.maxFee = 1e6;
+        arguments.maxFeeThouBPS = 10;
         arguments.minFinalityThreshold = 1000;
         arguments.threshold = threshold;
         arguments.endBalance = endBalance;
         // fuzz test must pass argument validation
         vm.assume(endBalance <= threshold);
-        // assume threshold is greater than maxFee for CCTP V2 validation
-        vm.assume(threshold > arguments.maxFee);
-        // assume transfer amount (threshold - endBalance) is greater than maxFee for CCTP V2 validation
-        vm.assume(threshold - endBalance > arguments.maxFee);
         // assume a reasonable threshold (less than whale balance)
         vm.assume(threshold < IERC20(SEPOLIA_USDC).balanceOf(SEPOLIA_USDC_WHALE));
         // assume threshold is at least 2 USDC to have meaningful transfer amounts

test/gas-estimation/EstimateTransferCCTPV2GasConstant.t.sol

@@ -51,6 +51,18 @@ contract EstimateTransferCCTPV2GasConstant is InstructionForkTestContext {
         );
 
         actionManager.addAction(address(transferCCTPV2Action));
+
+        // mock CCTP V2 fee functions
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSignature("minFee()"),
+            abi.encode(10) // 0.01% in 1/1000 BPS
+        );
+        vm.mockCall(
+            SEPOLIA_TOKEN_MESSENGER_V2,
+            abi.encodeWithSelector(bytes4(keccak256("getMinFeeAmount(uint256)"))),
+            abi.encode(uint256(0)) // return 0 to avoid CCTP "maxFee < amount" validation
+        );
     }
 
     // check that the TRANSFER_CCTP_V2_ACTION_GAS_CONSTANT doesn't result in an underpayment of the fee
@@ -72,11 +84,9 @@ contract EstimateTransferCCTPV2GasConstant is InstructionForkTestContext {
         arguments.destinationDomain = 2; // OP Sepolia
         arguments.destinationMintRecipient = bytes32(uint256(1));
         arguments.destinationCaller = bytes32(0);
-        arguments.maxFee = 1e6;
+        arguments.maxFeeThouBPS = 10;
         arguments.minFinalityThreshold = 1000;
 
-        // assume amount is greater than maxFee for CCTP V2 validation
-        vm.assume(amount > arguments.maxFee);
         // assume a reasonable amount (less than whale balance, at least 2 USDC)
         vm.assume(amount >= 2e6 && amount < IERC20(SEPOLIA_USDC).balanceOf(SEPOLIA_USDC_WHALE));
         arguments.amount = amount;