[M2] A malicious receiver could prevent the OffRamp from receiving funds from the MerkleRoot #477
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
👋 vicentevieytes, thanks for creating this pull request! To help reviewers, please consider creating future PRs as drafts first. This allows you to self-review and make any final changes before notifying the team. Once you're ready, you can mark it as "Ready for review" to request feedback. Thanks! |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR adds functionality to freeze merkle roots in the OffRamp contract, allowing the owner to freeze a merkle root and retrieve its funds.
Key changes:
- Added
freezeMerkleRootopcode and message handling to OffRamp contract - Implemented
sendFreezemethod in MerkleRoot contract to handle freeze operations - Added comprehensive test coverage for both authorized and unauthorized freeze attempts
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| contracts/wrappers/ccip/OffRamp.ts | Added freezeMerkleRoot opcode, message type, codec, and sendFreezeMerkleRoot method |
| contracts/wrappers/ccip/MerkleRoot.ts | Added freeze opcode and sendFreeze method |
| contracts/tests/ccip/OffRamp.spec.ts | Added tests for freezing merkle roots by owner and non-owner scenarios |
| contracts/contracts/ccip/offramp/messages.tolk | Added OffRamp_FreezeMerkleRoot message struct and updated message type union |
| contracts/contracts/ccip/offramp/contract.tolk | Added onFreezeMerkleRoot handler to process freeze requests |
| contracts/contracts/ccip/merkle_root/messages.tolk | Added MerkleRoot_Freeze message struct |
| contracts/contracts/ccip/merkle_root/contract.tolk | Added onFreeze handler to destroy contract and return funds |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
vicentevieytes
changed the title
vicentevieytes
force-pushed
the
vv/freeze-merklerroot-message
branch
2 times, most recently
from
9b8a1b8 to
4bd6754
Compare
… vv/freeze-merklerroot-message
… vv/freeze-merklerroot-message
Collaborator
|
These cost are covered in the fee. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds the following message paths to freeze deployable contracts when messages are not finalizing:
OffRamp_FreezeMerkleRoot -> MerkleRoot_Freeze
OffRamp_FreeezeReceiveExecutor -> ReceiveExecutor_Freeze