Update CalldataVerificationFacet [CalldataVerificationFacet v1.3.0]

[0xDEnYO]

Which Jira task belongs to this PR?

Why did I implement it this way?

Checklist before requesting a review

• I have performed a self-review of my code
• This pull request is as small as possible and only tackles one problem
• I have added tests that cover the functionality / test the bug
• For new facets: I have checked all points from this list: https://www.notion.so/lifi/New-Facet-Contract-Checklist-157f0ff14ac78095a2b8f999d655622e
• I have updated any required documentation

Checklist for reviewer (DO NOT DEPLOY and contracts BEFORE CHECKING THIS!!!)

• I have checked that any arbitrary calls to external contracts are validated and or restricted
• I have checked that any privileged calls (i.e. storage modifications) are validated and or restricted
• I have ensured that any new contracts have had AT A MINIMUM 1 preliminary audit conducted on by <company/auditor>

[coderabbitai]

Walkthrough

The pull request updates the version number and refactors the calldata handling logic in the CalldataVerificationFacet contract and its tests. It removes the dependency on the StandardizedCallFacet by eliminating related import statements and conditional checks. Functions for extracting swap and bridge data have been simplified accordingly. Test cases have been adjusted to remove references to the obsolete facet, thus streamlining both contract functionality and associated tests.

Changes

File(s)	Change Summary
src/Facets/CalldataVerificationFacet.sol	- Updated version from 1.2.0 to 1.3.0. - Removed unused imports for AmarokFacet, StargateFacet, and StandardizedCallFacet. - Simplified calldata extraction functions by eliminating StandardizedCallFacet checks.
test/solidity/Facets/CalldataVerificationFacet.t.sol	- Removed import for StandardizedCallFacet. - Deleted test cases and code segments that created standardizedCallData using the StandardizedCallFacet selector, simplifying tests.
audit/auditLog.json	- Added new audit entry "audit20250220" and updated the CalldataVerificationFacet entry to include version 1.3.0 referencing this audit.

Possibly related PRs

• deactivate Git Actions until setup is complete  #768: The changes in the main PR focus on removing dependencies on StandardizedCallFacet in the CalldataVerificationFacet contract and its tests, while the retrieved PR modifies the CalldataVerificationFacet contract to enhance its functionality for handling different types of swap calls, including checks for StandardizedCallFacet, indicating a direct relationship in their modifications to the same contract.
• (fix): adds calldata extraction handling for GenericSwapV3 single swap calls (CallDataVerificationFacet v1.2.0) [CalldataVerificationFacet v1.2.0,IAcrossSpokePool v1.0.0] #767: The changes in the main PR are related to the removal of StandardizedCallFacet handling in the CalldataVerificationFacet, which aligns with the modifications in the retrieved PR that also involve the CalldataVerificationFacet and its tests.

Suggested labels

AuditCompleted

Suggested reviewers

• ezynda3
• maxklenk

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f70466 and 2115b1b.

📒 Files selected for processing (1)

• audit/auditLog.json (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• audit/auditLog.json

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: enforce-min-test-coverage
• GitHub Check: run-unit-tests
• GitHub Check: generate-tag

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

src/Facets/CalldataVerificationFacet.sol (1)

323-381: ⚠️ Potential issue

Remove duplicate AcrossV3 case handling.

The AcrossV3 case handling is duplicated in the validateDestinationCalldata function. The code block from lines 353-381 is identical to the block from lines 323-350. Remove the duplicate block to maintain clean code and prevent potential maintenance issues.

        // Case: AcrossV3
        if (selector == AcrossFacetV3.startBridgeTokensViaAcrossV3.selector) {
            (, AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
                callData.slice(4, callData.length - 4),
                (ILiFi.BridgeData, AcrossFacetV3.AcrossV3Data)
            );

            return
                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
                keccak256(callTo) ==
                keccak256(abi.encode(acrossV3Data.receiverAddress));
        }
        if (
            selector ==
            AcrossFacetV3.swapAndStartBridgeTokensViaAcrossV3.selector
        ) {
            (, , AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
                callData.slice(4, callData.length - 4),
                (
                    ILiFi.BridgeData,
                    LibSwap.SwapData[],
                    AcrossFacetV3.AcrossV3Data
                )
            );
            return
                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
                keccak256(callTo) ==
                keccak256(abi.encode(acrossV3Data.receiverAddress));
        }

-        // ---------------------------------------
-        // Case: AcrossV3
-        if (selector == AcrossFacetV3.startBridgeTokensViaAcrossV3.selector) {
-            (, AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
-                callData.slice(4, callData.length - 4),
-                (ILiFi.BridgeData, AcrossFacetV3.AcrossV3Data)
-            );
-
-            return
-                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
-                keccak256(callTo) ==
-                keccak256(abi.encode(acrossV3Data.receiverAddress));
-        }
-        if (
-            selector ==
-            AcrossFacetV3.swapAndStartBridgeTokensViaAcrossV3.selector
-        ) {
-            (, , AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
-                callData.slice(4, callData.length - 4),
-                (
-                    ILiFi.BridgeData,
-                    LibSwap.SwapData[],
-                    AcrossFacetV3.AcrossV3Data
-                )
-            );
-            return
-                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
-                keccak256(callTo) ==
-                keccak256(abi.encode(acrossV3Data.receiverAddress));
-        }

🧹 Nitpick comments (1)

src/Facets/CalldataVerificationFacet.sol (1)

393-396: Consider adding input validation for data length.

The internal functions _extractBridgeData and _extractSwapData perform abi.decode operations without validating the minimum required length of the input data. While these functions are internal and the contract includes some validation in public functions, it would be good practice to add explicit length checks.

     function _extractBridgeData(
         bytes calldata data
     ) internal pure returns (ILiFi.BridgeData memory bridgeData) {
+        require(data.length >= 4, "Invalid data length");
         bridgeData = abi.decode(data[4:], (ILiFi.BridgeData));
     }

     function _extractSwapData(
         bytes calldata data
     ) internal pure returns (LibSwap.SwapData[] memory swapData) {
+        require(data.length >= 4, "Invalid data length");
         (, swapData) = abi.decode(
             data[4:],
             (ILiFi.BridgeData, LibSwap.SwapData[])
         );
     }

Also applies to: 402-408

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ca93213 and fb535da.

📒 Files selected for processing (2)

• src/Facets/CalldataVerificationFacet.sol (3 hunks)
• test/solidity/Facets/CalldataVerificationFacet.t.sol (0 hunks)

💤 Files with no reviewable changes (1)

• test/solidity/Facets/CalldataVerificationFacet.t.sol

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: run-unit-tests
• GitHub Check: enforce-min-test-coverage
• GitHub Check: generate-tag

🔇 Additional comments (3)

src/Facets/CalldataVerificationFacet.sol (3)

115-124: Consider adding bounds checking in assembly block.

The assembly block in extractNonEVMAddress performs memory operations without explicit bounds checking. While the current implementation appears safe due to the structure of the input data, it's good practice to add explicit bounds checking to prevent potential vulnerabilities.

         if (_extractBridgeData(data).hasSourceSwaps) {
             assembly {
+                let dataLength := mload(callData)
+                let requiredLength := add(mload(add(callData, 0x64)), 0x44)
+                if lt(dataLength, requiredLength) { revert(0, 0) }
                 let offset := mload(add(callData, 0x64))
                 nonEVMAddress := mload(add(callData, add(offset, 0x24)))
             }
         } else {
             assembly {
+                let dataLength := mload(callData)
+                let requiredLength := add(mload(add(callData, 0x44)), 0x44)
+                if lt(dataLength, requiredLength) { revert(0, 0) }
                 let offset := mload(add(callData, 0x44))
                 nonEVMAddress := mload(add(callData, add(offset, 0x24)))
             }
         }

---

421-423: Add explicit size check before memory operations in assembly.

In the _compareBytesToBytes32CallTo function, while there is a length check using require, the assembly block should also include explicit size verification before performing memory operations.

         assembly {
+            // Ensure we have enough memory to read 32 bytes
+            if lt(mload(callTo), 32) { revert(0, 0) }
             callToAddress := mload(add(callTo, 32))
         }

---

17-17: Version update looks good.

The version has been updated from 1.2.0 to 1.3.0, which is appropriate given the removal of StandardizedCallFacet dependency and the simplification of calldata handling logic.

[lifi-action-bot]

Test Coverage Report

Line Coverage: 80.06% (2241 / 2799 lines)
Function Coverage: 85.80% ( 393 / 458 functions)
Branch Coverage: 44.60% ( 244 / 547 branches)
Test coverage (80.06%) is above min threshold (76%). Check passed.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (3)

src/Facets/CalldataVerificationFacet.sol (3)

114-123: 🛠️ Refactor suggestion

Add safety checks for assembly operations.

The assembly block performs direct memory manipulation without bounds checking. Consider adding explicit length checks before accessing memory to prevent potential buffer overflows.

Add length validation before assembly operations:

 function extractNonEVMAddress(
     bytes calldata data
 ) external pure returns (bytes32 nonEVMAddress) {
     bytes memory callData = data;
+    require(callData.length >= 0x84, "Insufficient calldata length");
     
     // Non-EVM address is always the first parameter of bridge specific data
     if (_extractBridgeData(data).hasSourceSwaps) {
         assembly {
             let offset := mload(add(callData, 0x64))
+            require(lt(offset, sub(mload(callData), 0x24)), "Invalid offset")
             nonEVMAddress := mload(add(callData, add(offset, 0x24)))
         }
     } else {
         assembly {
             let offset := mload(add(callData, 0x44))
+            require(lt(offset, sub(mload(callData), 0x24)), "Invalid offset")
             nonEVMAddress := mload(add(callData, add(offset, 0x24)))
         }
     }
 }

---

351-380: ⚠️ Potential issue

Remove duplicate AcrossV3 validation block.

The AcrossV3 validation block is duplicated. The code block from lines 351-380 is identical to the one from lines 321-350.

Remove the duplicate code block:

-        // ---------------------------------------
-        // Case: AcrossV3
-        if (selector == AcrossFacetV3.startBridgeTokensViaAcrossV3.selector) {
-            (, AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
-                callData.slice(4, callData.length - 4),
-                (ILiFi.BridgeData, AcrossFacetV3.AcrossV3Data)
-            );
-
-            return
-                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
-                keccak256(callTo) ==
-                keccak256(abi.encode(acrossV3Data.receiverAddress));
-        }
-        if (
-            selector ==
-            AcrossFacetV3.swapAndStartBridgeTokensViaAcrossV3.selector
-        ) {
-            (, , AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
-                callData.slice(4, callData.length - 4),
-                (
-                    ILiFi.BridgeData,
-                    LibSwap.SwapData[],
-                    AcrossFacetV3.AcrossV3Data
-                )
-            );
-            return
-                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
-                keccak256(callTo) ==
-                keccak256(abi.encode(acrossV3Data.receiverAddress));
-        }

---

419-422: 🛠️ Refactor suggestion

Add bounds checking for assembly operations in _compareBytesToBytes32CallTo.

The assembly block performs direct memory access without proper bounds checking. This could lead to buffer overflows if the input is malformed.

Add explicit bounds checking:

 address callToAddress;
+require(callTo.length >= 32, "Invalid callTo length for address extraction");
 assembly {
     callToAddress := mload(add(callTo, 32))
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb535da and 48427d2.

📒 Files selected for processing (1)

• src/Facets/CalldataVerificationFacet.sol (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: enforce-min-test-coverage
• GitHub Check: run-unit-tests
• GitHub Check: generate-tag

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

src/Facets/CalldataVerificationFacet.sol (1)

351-378: ⚠️ Potential issue

Remove duplicate AcrossV3 validation block.

The code block for AcrossV3 validation is duplicated. Remove the second occurrence to maintain code cleanliness and prevent potential maintenance issues.

-        // ---------------------------------------
-        // Case: AcrossV3
-        if (selector == AcrossFacetV3.startBridgeTokensViaAcrossV3.selector) {
-            (, AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
-                data[4:],
-                (ILiFi.BridgeData, AcrossFacetV3.AcrossV3Data)
-            );
-
-            return
-                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
-                keccak256(callTo) ==
-                keccak256(abi.encode(acrossV3Data.receiverAddress));
-        }
-        if (
-            selector ==
-            AcrossFacetV3.swapAndStartBridgeTokensViaAcrossV3.selector
-        ) {
-            (, , AcrossFacetV3.AcrossV3Data memory acrossV3Data) = abi.decode(
-                data[4:],
-                (
-                    ILiFi.BridgeData,
-                    LibSwap.SwapData[],
-                    AcrossFacetV3.AcrossV3Data
-                )
-            );
-            return
-                keccak256(dstCalldata) == keccak256(acrossV3Data.message) &&
-                keccak256(callTo) ==
-                keccak256(abi.encode(acrossV3Data.receiverAddress));
-        }

🧹 Nitpick comments (2)

src/Facets/CalldataVerificationFacet.sol (2)

110-110: Simplify memory allocation.

The callData variable is only used in assembly blocks. Consider using data directly to avoid unnecessary memory allocation.

-        bytes memory callData = data;
+        bytes calldata callData = data;

---

407-428: Add NatSpec documentation for private helper function.

The _compareBytesToBytes32CallTo function performs critical validation but lacks comprehensive documentation. Consider adding NatSpec comments to explain:

• The purpose of the 20-byte length requirement
• The memory layout assumptions
• The security implications of the comparison

+    /// @notice Compares a bytes array containing an address with a bytes32 value
+    /// @dev Requires the bytes array to be at least 20 bytes (address length)
+    /// @param callTo The bytes array containing the address
+    /// @param callToBytes32 The bytes32 value to compare against
+    /// @return bool True if the addresses match, false otherwise
     function _compareBytesToBytes32CallTo(
         bytes memory callTo,
         bytes32 callToBytes32
     ) private pure returns (bool) {

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 48427d2 and 1268d53.

📒 Files selected for processing (1)

• src/Facets/CalldataVerificationFacet.sol (12 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: 0xDEnYO
PR: lifinance/contracts#1003
File: src/Facets/CalldataVerificationFacet.sol:16-16
Timestamp: 2025-02-19T08:30:20.501Z
Learning: The project does not actively maintain a changelog, and suggestions about adding changelog entries should be avoided.

src/Facets/CalldataVerificationFacet.sol (1)

Learnt from: 0xDEnYO
PR: lifinance/contracts#1003
File: src/Facets/CalldataVerificationFacet.sol:16-16
Timestamp: 2025-02-19T08:30:20.501Z
Learning: The project does not actively maintain a changelog, and suggestions about adding changelog entries should be avoided.

🪛 GitHub Check: Olympix Integrated Security

src/Facets/CalldataVerificationFacet.sol

[notice] 249-249:
Performing a narrowing downcast may result in silent overflow due to bit truncation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unsafe-downcast

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: run-unit-tests
• GitHub Check: enforce-min-test-coverage
• GitHub Check: generate-tag

🔇 Additional comments (2)

src/Facets/CalldataVerificationFacet.sol (2)

16-16: LGTM: Version update to 1.3.0.

The version update reflects the removal of StandardizedCallFacet support.

---

249-249: LGTM: Safe downcast to bytes4.

The downcast to bytes4 is safe here as it's used for function selector matching, which is always 4 bytes.

🧰 Tools

🪛 GitHub Check: Olympix Integrated Security

[notice] 249-249:
Performing a narrowing downcast may result in silent overflow due to bit truncation. For more information, visit: http://detectors.olympixdevsectools.com/article/web3-vulnerability/unsafe-downcast