(feat) Quite a lot of code; we're failing our integration transfer test.

docs/zilbridge.md

@@ -24,4 +24,54 @@ someone needs to remember what the whitelist parameters were, because
 it is a map that does not emit events and we thus can't work out what
 is in it.
 
+## LockProxyTokenManager
 
+There is a `LockProxyTokenManager` which is registered as an extension and interacts with the lock proxy to bridge tokens. 
+
+zilBridge itself doesn't know which tokens are mint/burn and which are
+lock/release - the lockproxy simply transfers tokens to and from
+itself and the contracts it talks to either mint and burn, or don't,
+when they spot that it's the lock proxy asking.
+
+We test it against a stubbed out LockProxyTokenManager which apes what the
+Scilla side will do eventually, but with stubbed interop calls.
+
+## Current outstanding issues
+
+### Parallel ZilBridge operations
+
+If we can't get someone (Polynet?) to install our extension remotely,
+we will have to replace the non-Zilliqa `ccm` and this will break
+ZilBridge. Polynet will have to reset their `ccm` address to recover
+functionality.
+
+If we do replace the non-Zilliqa `ccm`, I suggest that we do so with a
+CCM that doesn't accept cross-chain events; this will make sure that
+old keys from zilbridge/polynet can't compromise us in the future.
+
+### Native ZIL operations
+
+It's not possible to send native tokens via interop calls on
+Zilliqa. Thus, the only way to unwrap wrapped ZIL is natively.
+
+Because signature verification is carried out on chain, we can't easily modify the verifier to make native calls.
+
+So, the best we can do is to:
+
+ * Issue a wrapped ZIL (`wZIL` itself is owned by Jun Hao - we could take over)
+ * Withdraw all the ZIL from the `lockProxy` and deposit it in wZIL
+ * Give that wZIL to the `lockProxy`
+ * Register wZIL as the `lockProxy` corresponding token for wrapped ZIL on other chains.
+ * `lockProxy` will then give you `wZIL` for your wrapped ZIL on other chains and you can issue a native call to get ZIL back for it.
+
+Unfortunately, we have to live (probably permanently unless we can
+think of a way around it) with `lockProxy` accepting ZIL - if you send
+your ZIL to `lockProxy`, we will have to recover it for you with our
+admin rights, because obviously you won't be able to bridge it to
+anywhere else.
+
+
+## TODO
+
+ - Move the test code for zilbrige into `test/`
+ - Refactor out `SafeMath` etc. - we could have only one copy of these (probably!)

smart-contracts/contracts/zilbridge/1/lockProxy.sol

@@ -1201,7 +1201,7 @@ contract LockProxy is ReentrancyGuard {
         bytes txArgs
     );
 
-    constructor(address _ccmProxyAddress, uint64 _counterpartChainId) public {
+    constructor(address _ccmProxyAddress, uint64 _counterpartChainId) {
         require(_counterpartChainId > 0, "counterpartChainId cannot be zero");
         require(_ccmProxyAddress != address(0), "ccmProxyAddress cannot be empty");
         counterpartChainId = _counterpartChainId;

smart-contracts/contracts/zilbridge/2/LockProxyTokenManagerStorage.sol

@@ -0,0 +1,38 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity ^0.8.20;
+
+import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+
+interface ILockProxyTokenManagerStorage {
+  event LockProxyUpdated(address oldLockProxy, address newLockProxy);
+  function getLockProxy() external view returns (address);
+  function setLockProxy(address lockProxy) external;
+}
+
+abstract contract LockProxyTokenManagerStorage is ILockProxyTokenManagerStorage {
+  /// @custom:storage-location erc7201:zilliqa.storage.LockProxyTokenManagerStorage
+  struct LockProxyTokenManagerStorageStruct {
+    address lockProxy;
+  }
+
+  // keccack256(abi.encode(uint256(keccack256("zilliqa.storage.LockProxyTokenManagerStorage"))-1)) & ~bytes32(uint256(0xff))
+  bytes32 private constant Lock_Proxy_Storage_Location = 0xb22af1dfa3d79e3af56bf3b03e8c9cb6d48fc6bbb7ec48dcbfc0dbccf342f800;
+
+  function _getLockProxyTokenManagerStorageStruct() private pure returns (LockProxyTokenManagerStorageStruct storage $)
+  {
+    assembly {
+   $.slot := Lock_Proxy_Storage_Location
+    }
+  }
+
+  function getLockProxy() public view returns (address) {
+    LockProxyTokenManagerStorageStruct storage $ = _getLockProxyTokenManagerStorageStruct();
+    return $.lockProxy;
+  }
+
+  function _setLockProxy(address lockProxy) internal {
+    LockProxyTokenManagerStorageStruct storage $ = _getLockProxyTokenManagerStorageStruct();
+    emit LockProxyUpdated($.lockProxy, lockProxy);
+    $.lockProxy = lockProxy;
+  }
+}

smart-contracts/contracts/zilbridge/2/LockProxyTokenManagerUpgradeable.sol

@@ -0,0 +1,54 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity ^0.8.20;
+
+import {TokenManagerUpgradeable, ITokenManager} from "contracts/periphery/TokenManagerUpgradeable.sol";
+import { ILockProxyTokenManagerStorage, LockProxyTokenManagerStorage } from "contracts/zilbridge/2/LockProxyTokenManagerStorage.sol";
+import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+
+interface ILockProxyTokenManager is ITokenManager {
+  // Args in this order to match other token managers.
+  event SentToLockProxy(address indexed token, address indexed sender, uint amount);
+  event WithdrawnFromLockProxy(address indexed token, address indexed receipient, uint amount);
+  function setLockProxy(address lockProxy) external;
+}
+
+// This contract exists almost entirely to be used in tests to prove upgradeability.
+contract LockProxyTokenManagerUpgradeable is
+    ILockProxyTokenManager,
+  TokenManagerUpgradeable,
+  LockProxyTokenManagerStorage
+{
+    /// @custom:oz-upgrades-unsafe-allow constructor
+    constructor() {
+        _disableInitializers();
+    }
+
+
+    function setLockProxy(address lockProxy) external override(ILockProxyTokenManagerStorage, ILockProxyTokenManager) onlyOwner {
+      _setLockProxy(lockProxy);
+    }
+
+    function initialize(address _gateway, address lockProxy) external initializer {
+        __TokenManager_init(_gateway);
+        // for some reason we can't call setLockProxy() here, so ..
+        _setLockProxy(lockProxy);
+    }
+
+    // Outgoing
+    function _handleTransfer(
+        address /* token */,
+        address /* from */,
+        uint /* amount */
+    ) pure internal override {
+      revert();
+    }
+
+    // Incoming
+    function _handleAccept(
+        address /* token */,
+        address /* recipient */,
+        uint /* amount */
+    ) pure internal override {
+      revert();
+    }
+}

smart-contracts/contracts/zilbridge/2/LockProxyTokenManagerUpgradeableV3.sol

@@ -5,46 +5,53 @@ import {TokenManagerUpgradeableV3, ITokenManager} from "contracts/periphery/Toke
 import {BridgedToken} from "contracts/periphery/BridgedToken.sol";
 import { LockProxy } from "contracts/zilbridge/1/lockProxy.sol";
 import {IERC20} from "contracts/periphery/LockAndReleaseTokenManagerUpgradeable.sol";
+import { ILockProxyTokenManagerStorage, LockProxyTokenManagerStorage } from "contracts/zilbridge/2/LockProxyTokenManagerStorage.sol";
 
-interface ILockProxyTokenManager {
+interface ILockProxyTokenManager is ILockProxyTokenManagerStorage {
   // Args in this order to match other token managers.
   event SentToLockProxy(address indexed token, address indexed sender, uint amount);
   event WithdrawnFromLockProxy(address indexed token, address indexed receipient, uint amount);
 }
 
-contract LockProxyTokenManagerUpgradeableV3 is TokenManagerUpgradeableV3, ILockProxyTokenManager {
-  address _lockProxyAddress;
+// This is the lock proxy token manager that runs on EVM chains. It talks to an EVM LockProxy.
+contract LockProxyTokenManagerUpgradeableV3 is TokenManagerUpgradeableV3, ILockProxyTokenManager, LockProxyTokenManagerStorage {
   address public constant NATIVE_ASSET_HASH = address(0);
 
-  constructor(address lockProxyAddress) {
+  constructor() {
     _disableInitializers();
-    _lockProxyAddress = lockProxyAddress;
   }
 
-  function changeLockProxy(address newLockProxy) public onlyOwner {
-    _lockProxyAddress = newLockProxy;
+  function reinitialize(uint fees) external reinitializer(2) {
+    _setFees(fees);
   }
 
   // Incoming currency - transfer into the lock proxy
   function _handleTransfer(address token, address from, uint amount) internal override {
+    address lockProxyAddress = getLockProxy();
     // Just transfer value to the lock proxy.
     if (token == NATIVE_ASSET_HASH) {
-      (bool success, ) = _lockProxyAddress.call{value: amount}("");
+      (bool success, ) = lockProxyAddress.call{value: amount}("");
       emit SentToLockProxy(token, from, amount);
       require(success, "Transfer failed");
       return;
     }
 
     IERC20 erc20token = IERC20(token);
-    erc20token.transferFrom(from, address(_lockProxyAddress), amount);
+    erc20token.transferFrom(from, address(lockProxyAddress), amount);
     emit SentToLockProxy(token, from, amount);
   }
 
   function _handleAccept(address token, address recipient, uint amount) internal override {
-    LockProxy lp = LockProxy(payable(_lockProxyAddress));
+    address lockProxyAddress = getLockProxy();
+    LockProxy lp = LockProxy(payable(lockProxyAddress));
     // Sadly, extensionTransfer() takes the same arguments as the withdrawn event but in a
     // different order. This will automagically transfer native token if token==0.
     lp.extensionTransfer(recipient, token, amount);
     emit WithdrawnFromLockProxy(token, recipient, amount);
   }
+
+  function setLockProxy(address lockProxy) external onlyOwner {
+    _setLockProxy(lockProxy);
+  }
+
 }

smart-contracts/contracts/zilbridge/2/ZilliqaLockProxyManagerUpgradeableV3.sol

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity ^0.8.20;
+
+import {TokenManagerUpgradeableV3, ITokenManager} from "contracts/periphery/TokenManagerV3/TokenManagerUpgradeableV3.sol";
+import {BridgedToken} from "contracts/periphery/BridgedToken.sol";
+import { LockProxy } from "contracts/zilbridge/1/lockProxy.sol";
+import {IERC20} from "contracts/periphery/LockAndReleaseTokenManagerUpgradeable.sol";
+import { ILockProxyTokenManagerStorage, LockProxyTokenManagerStorage } from "contracts/zilbridge/2/LockProxyTokenManagerStorage.sol";
+
+interface ILockProxyTokenManager is ILockProxyTokenManagerStorage {
+  // Args in this order to match other token managers.
+  event SentToLockProxy(address indexed token, address indexed sender, uint amount);
+  event WithdrawnFromLockProxy(address indexed token, address indexed receipient, uint amount);
+}
+
+// This is the lock proxy token manager that runs on Zilliqa chains. It talks to a Scilla LockProxy via interop.
+contract ZilliqaLockProxyTokenManagerUpgradeableV3 is TokenManagerUpgradeableV3, ILockProxyTokenManager, LockProxyTokenManagerStorage {
+  address public constant NATIVE_ASSET_HASH = address(0);
+
+  constructor() {
+    _disableInitializers();
+  }
+
+  function reinitialize(uint fees) external reinitializer(2) {
+    _setFees(fees);
+  }
+
+  function _handleTransfer(address /*token*/, address /*from*/, uint /*amount*/) internal pure override {
+    revert("Not yet implemented");
+  }
+
+  function _handleAccept(address /* token */, address /*recipient*/, uint /*amount*/) internal pure override {
+    revert("Not yet implemented");
+  }
+
+  function setLockProxy(address lockProxy) external onlyOwner {
+    _setLockProxy(lockProxy);
+  }
+
+}

smart-contracts/contracts/zilbridge/token/libs/LICENSE

@@ -0,0 +1,22 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Smart Contract Solutions, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

smart-contracts/contracts/zilbridge/token/libs/README.md

@@ -0,0 +1,3 @@
+# Lib Contracts
+
+The contracts in this folder were copied from the OpenZeppelin repository at https://github.com/OpenZeppelin/openzeppelin-contracts for ease of reference.