refactor: blacklisted funds logic #125
Conversation
| ) external override onlyLinkedAdapter { | ||
| if (messengerStatus != Status.Deprecated) revert IOpUSDCBridgeAdapter_NotMigrated(); | ||
|
|
||
| IUSDC(USDC).safeTransfer(_spender, _amount); |
There was a problem hiding this comment.
Add a comment that if the _spender is still blacklisted, the chain operator will be forced to replay this message, as the transfer will fail
There was a problem hiding this comment.
In this case _spender was not blacklisted, the user on l2 was the problem would be if the _spender is blacklisted after it sends the message to l2 to a target that is also blacklisted.
There was a problem hiding this comment.
wdym? This is only to cover the scenario because the blacklist is not atomic, and we dont care if _spender is blacklisted or not on L1, if hes ever un-blacklisted he just replays this right? The blacklist on l1 != the blacklist on l2 and shouldnt assume they match
There was a problem hiding this comment.
Add a comment that if the _spender is still blacklisted, the chain operator will be forced to replay this message, as the transfer will fail
need to still add this comment
There was a problem hiding this comment.
Sorry, It was added in the natspec, above the function.
Co-authored-by: excaliborr <124819095+excaliborr@users.noreply.github.com>
Co-authored-by: excaliborr <124819095+excaliborr@users.noreply.github.com>
…land/opUSDC into fix/refund-blacklisted-funds
| } | ||
| } | ||
|
|
||
| /** | ||
| * @notice Withdraws the blacklisted funds from L2 |
There was a problem hiding this comment.
Would be better to explain a bit more here what the function does and what's its purpose is
There was a problem hiding this comment.
Btw, why did you create this function? Isn't cleaner/simpler to handle this logic on receiveMessage only if the contract has been migrated?
Maybe I'm missing something
There was a problem hiding this comment.
I think that way is also more consistent with receiveMessage on the l2 adapter
There was a problem hiding this comment.
This is intentional as receiveMessage will not revert if the user is still blacklisted on L1, but will actually keep incrementing the amount of blacklistAmount as the try block will always fail if they are still blacklisted.
function receiveMessage(address _user, address _spender, uint256 _amount) external override onlyLinkedAdapter {
// Transfer the tokens to the user
try this.attemptTransfer(_user, _amount) { // Fails cause user is still blacklisted
emit MessageReceived(_user, _amount, MESSENGER);
} catch {
userBlacklistedFunds[_user] += _amount; // Increments users funds
emit MessageFailed(_user, _amount, MESSENGER);
}
}They can do this an infinite amount of times because L2 will never know if the address on L1 is blacklisted, as the blacklist is not atomic.
This extra fn was added to handle this edgecase
Co-authored-by: Disco <131301107+0xDiscotech@users.noreply.github.com>
| */ | ||
| // solhint-disable-next-line no-unused-vars | ||
| function receiveMessage(address _user, address _spender, uint256 _amount) external override onlyLinkedAdapter { | ||
| // Transfer the tokens to the user | ||
| try this.attemptTransfer(_user, _amount) { | ||
| emit MessageReceived(_user, _amount, MESSENGER); |
There was a problem hiding this comment.
can we add _spender into the MessageReceived event as well
| } | ||
| } | ||
|
|
||
| /** | ||
| * @notice Withdraws the blacklisted funds from L2 once the adapter is deprecated | ||
| * @dev If the _spender is still blacklisted, the chain operator will be forced to |
excaliborr
force-pushed
the
fix/refund-blacklisted-funds
branch
from
a85974f
to
04297cf
Compare
| * @notice Receive the message from the other chain and mint the bridged representation for the user | ||
| * @dev This function should only be called when receiving a message to mint the bridged representation | ||
| * @dev If the mint fails the funds might be recovered by calling withdrawBlacklistedFunds if the user | ||
| * is ever unblacklisted | ||
| * @param _user The user to mint the bridged representation for | ||
| * @param _spender The address that provided the tokens | ||
| * @param _amount The amount of tokens to mint |
There was a problem hiding this comment.
| * @notice Receive the message from the other chain and mint the bridged representation for the user | |
| * @dev This function should only be called when receiving a message to mint the bridged representation | |
| * @dev If the mint fails the funds might be recovered by calling withdrawBlacklistedFunds if the user | |
| * is ever unblacklisted | |
| * @param _user The user to mint the bridged representation for | |
| * @param _spender The address that provided the tokens | |
| * @param _amount The amount of tokens to mint | |
| * @notice Receive the message from the other chain and transfer the tokens to the user | |
| * @dev This function should only be called when receiving a message to transfer the tokens | |
| * @dev If the transfer fails the funds might be recovered by calling withdrawBlacklistedFunds | |
| * @param _user The user to transfer the tokens to | |
| * @param _spender The address that provided the tokens | |
| * @param _amount The amount of tokens to transfer |
| } catch { | ||
| blacklistedFundsDetails[_spender][_user] += _amount; | ||
| emit MessageFailed(_spender, _user, _amount, MESSENGER); | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * @notice Withdraws the blacklisted funds from L2 | ||
| * @notice Receives a message from L2 if the adapter is deprecated are a user is withdrawing blacklisted funds |
There was a problem hiding this comment.
| * @notice Receives a message from L2 if the adapter is deprecated are a user is withdrawing blacklisted funds | |
| * @notice Receives a message from L2 if the adapter is deprecated and a user is withdrawing blacklisted funds |
| } catch { | ||
| blacklistedFundsDetails[_spender][_user] += _amount; | ||
| emit MessageFailed(_spender, _user, _amount, MESSENGER); | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * @notice Withdraws the blacklisted funds from L2 | ||
| * @notice Receives a message from L2 if the adapter is deprecated are a user is withdrawing blacklisted funds | ||
| * @dev If the _spender is still blacklisted, the chain operator will be forced to replay this message |
There was a problem hiding this comment.
Why only the chain operator? The user could be able to replay it as well
There was a problem hiding this comment.
Yea your correct just mis worded, will fix
| if (messengerStatus != Status.Deprecated) revert IOpUSDCBridgeAdapter_NotMigrated(); | ||
|
|
||
| // If the spender is still blacklisted, the chain operator will be forced to replay this message |
| @@ -66,7 +66,9 @@ interface IL1OpUSDCBridgeAdapter { | |||
| function resumeMessaging(uint32 _minGasLimit) external; | |||
|
|
|||
| /** | |||
| * @notice Withdraws the blacklisted funds from L2 | |||
| * @notice Withdraws the blacklisted funds from L2 once the adapter is deprecated | |||
| * @dev If the _spender is still blacklisted, the chain operator will be forced to | |||
| * @dev If the mint fails the funds might be recovered by calling withdrawBlacklistedFunds if the user | ||
| * is ever unblacklisted |
There was a problem hiding this comment.
We are handling the more than one line NATSPECs like this:
| * @dev If the mint fails the funds might be recovered by calling withdrawBlacklistedFunds if the user | |
| * is ever unblacklisted | |
| * @dev If the mint fails the funds might be recovered by calling withdrawBlacklistedFunds if the user | |
| * is ever unblacklisted |
| @@ -262,8 +262,7 @@ contract L1OpUSDCBridgeAdapter is IL1OpUSDCBridgeAdapter, OpUSDCBridgeAdapter { | |||
| /** | |||
| * @notice Receive the message from the other chain and mint the bridged representation for the user | |||
There was a problem hiding this comment.
This keep saying mint instead of transfer
| * @notice Receive the message from the other chain and mint the bridged representation for the user | |
| * @notice Receive the message from the other chain and mint the bridged representation for the user |
No description provided.