RFQ Guard: fixes

[dwasse]

Summary by CodeRabbit

• Enhancements
  • Improved error messages in the Guard service to include transaction IDs, making error diagnosis easier.
  • Added validation in the Relayer service to ensure the relayer matches the signer's address before processing, enhancing security.

[coderabbitai]

Walkthrough

This update focuses on enhancing error reporting and security checks within the Guard and Relayer services. The Guard service now includes transaction-specific details in error messages when retrieving bridge requests fails. Meanwhile, the Relayer service ensures that proofs are only processed if the signer's address matches the Relayer's address, improving security by validating the legitimacy of the signer.

Changes

File Path	Change Summary
services/rfq/guard/service/handlers.go	Enhanced error messages in handleProveCalled to include transaction ID when bridge request retrieval fails.
services/rfq/relayer/service/handlers.go	Added a check in handleProofProvided to ensure the signer’s address matches the Relayer before processing the proof.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant GuardService
    participant RelayerService
    participant Blockchain

    Client->>GuardService: Request bridge proof
    GuardService->>GuardService: handleProveCalled()
    GuardService->>Blockchain: Retrieve bridge request
    Blockchain-->>GuardService: Return bridge request or error
    GuardService-->>Client: Return result with error if failed (includes transaction ID)

    Client->>RelayerService: Provide proof
    RelayerService->>RelayerService: handleProofProvided()
    RelayerService->>RelayerService: Verify signer's address
    alt Signer address matches
        RelayerService->>Blockchain: Post proof on chain
    else Signer address does not match
        RelayerService-->>Client: Return error
    end

Loading

Poem

In the code where data flows,
Errors now with context show,
Proof we check with keen regard,
To guard the trust, we stand on guard.
Secure and clear, our pathways wend,
Improving always, end to end. 🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[greptile-apps]

PR Summary

• Enhanced error messages in services/rfq/guard/service/handlers.go
• Included transaction ID in error output for better debugging

_{1 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings}

[cloudflare-workers-and-pages]

Deploying sanguine-fe with    Cloudflare Pages

Latest commit:	36948f6
Status:	✅  Deploy successful!
Preview URL:	https://ee9edd90.sanguine-fe.pages.dev
Branch Preview URL:	https://feat-guard-fix.sanguine-fe.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

services/rfq/guard/service/handlers.go (2)

Line range hint 1-54: Consider enhancing error messages for better clarity.

The function handleBridgeRequestedLog uses generic error messages which might not provide enough context during debugging. Consider including more specific details related to the operation being performed.

- return fmt.Errorf("could not get correct omnirpc client: %w", err)
+ return fmt.Errorf("failed to retrieve omnirpc client for chain ID %d: %w", chainID, err)

- return fmt.Errorf("could not get correct fast bridge: %w", err)
+ return fmt.Errorf("failed to instantiate FastBridge contract at address %s: %w", req.Raw.Address.Hex(), err)

---

Line range hint 167-223: Refactor suggestion for isProveValid for better readability.

The function isProveValid handles multiple error paths and blockchain interactions, which could be refactored for better clarity and maintainability.

- if errors.Is(err, ethereum.NotFound) {
-     return false, nil
- }
- if err != nil {
-     return false, fmt.Errorf("could not get receipt: %w", err)
- }
+ if err != nil {
+     if errors.Is(err, ethereum.NotFound) {
+         return false, nil
+     }
+     return false, fmt.Errorf("could not get receipt for transaction hash %s on destination chain ID %d: %w", hexutil.Encode(proven.TxHash[:]), bridgeRequest.Transaction.DestChainId, err)
+ }

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 024fdd6 and 71780fa.

Files selected for processing (1)

• services/rfq/guard/service/handlers.go (1 hunks)

Additional comments not posted (2)

services/rfq/guard/service/handlers.go (2)

Line range hint 56-76: LGTM: Clear and concise implementation.

The function handleProofProvidedLog is well-implemented with clear error handling and appropriate use of tracing attributes.

---

Line range hint 78-93: LGTM: Efficient and clear error handling.

The function handleProofDisputedLog effectively updates the status of a disputed proof with good error handling.

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.

Project coverage is 23.56910%. Comparing base (3cd3bf5) to head (36948f6).
Report is 1 commits behind head on master.

Files	Patch %	Lines
services/rfq/relayer/service/handlers.go	0.00000%	3 Missing ⚠️
services/rfq/guard/service/handlers.go	0.00000%	1 Missing ⚠️

Additional details and impacted files

@@                 Coverage Diff                 @@
##              master       #2878         +/-   ##
===================================================
- Coverage   23.72299%   23.56910%   -0.15390%     
===================================================
  Files            683         679          -4     
  Lines          50959       50842        -117     
  Branches         119          80         -39     
===================================================
- Hits           12089       11983        -106     
+ Misses         37547       37536         -11     
  Partials        1323        1323                 

Flag	Coverage Δ
opbot	0.18564% <ø> (ø)
rfq	24.76385% <0.00000%> (-0.03539%)	⬇️
solidity	?

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[greptile-apps]

PR Summary

(updates since last review)

• Added relayer address check in services/rfq/relayer/service/handlers.go to handleProofProvided function to ensure event relevance and security.

_{1 file(s) reviewed, no comment(s)
Edit PR Review Bot Settings}

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 71780fa and 36948f6.

Files selected for processing (1)

• services/rfq/relayer/service/handlers.go (1 hunks)

[coderabbitai]

Security check added to ensure relayer matches the signer's address.

The addition of this check is crucial for ensuring that only authorized relayers can process proofs, which is a significant security improvement. However, it would be beneficial to log or handle cases where this condition fails, as silently returning could make debugging more difficult.

Committable suggestion was skipped due to low confidence.