[EVM] Add bridging interface to EVM contract - stable cadence port

engine/execution/state/bootstrap/bootstrap_test.go

@@ -53,7 +53,7 @@ func TestBootstrapLedger(t *testing.T) {
 }
 
 func TestBootstrapLedger_ZeroTokenSupply(t *testing.T) {
-	expectedStateCommitmentBytes, _ := hex.DecodeString("87002823a7d14ddd8cd71296433ff1fe6ee139a0318dcb7b5fa7a320047ae43b")
+	expectedStateCommitmentBytes, _ := hex.DecodeString("e6f94b1e9887b475720aa2277300f9838d2c8c7bff619ce27d54be4788d9851e")
 	expectedStateCommitment, err := flow.ToStateCommitment(expectedStateCommitmentBytes)
 	require.NoError(t, err)
 

fvm/evm/stdlib/contract.cdc

@@ -12,6 +12,7 @@ contract EVM {
     access(all) entitlement Call
     access(all) entitlement Deploy
     access(all) entitlement Owner
+    access(all) entitlement Bridge
 
     access(all)
     event CadenceOwnedAccountCreated(addressBytes: [UInt8; 20])
@@ -322,21 +323,21 @@ contract EVM {
         access(all)
         fun depositNFT(
             nft: @{NonFungibleToken.NFT},
-            feeProvider: &{FungibleToken.Provider}
+            feeProvider: auth(FungibleToken.Withdraw) &{FungibleToken.Provider}
         ) {
             EVM.borrowBridgeAccessor().depositNFT(nft: <-nft, to: self.address(), feeProvider: feeProvider)
         }
 
         /// Bridges the given NFT from the EVM environment, requiring a Provider from which to withdraw a fee to fulfill
         /// the bridge request. Note: the caller should own the requested NFT in EVM
-        access(all)
+        access(Owner | Bridge)
         fun withdrawNFT(
             type: Type,
             id: UInt256,
-            feeProvider: &{FungibleToken.Provider}
+            feeProvider: auth(FungibleToken.Withdraw) &{FungibleToken.Provider}
         ): @{NonFungibleToken.NFT} {
             return <- EVM.borrowBridgeAccessor().withdrawNFT(
-                caller: &self as &CadenceOwnedAccount,
+                caller: &self as auth(Call) &CadenceOwnedAccount,
                 type: type,
                 id: id,
                 feeProvider: feeProvider
@@ -348,26 +349,22 @@ contract EVM {
         access(all)
         fun depositTokens(
             vault: @{FungibleToken.Vault},
-            feeProvider: &{FungibleToken.Provider}
+            feeProvider: auth(FungibleToken.Withdraw) &{FungibleToken.Provider}
         ) {
-            EVM.borrowBridgeAccessor().depositTokens(
-                vault: <-vault,
-                to: self.address(),
-                feeProvider: feeProvider
-            )
+            EVM.borrowBridgeAccessor().depositTokens(vault: <-vault, to: self.address(), feeProvider: feeProvider)
         }
 
         /// Bridges the given fungible tokens from the EVM environment, requiring a Provider from which to withdraw a
         /// fee to fulfill the bridge request. Note: the caller should own the requested tokens & sufficient balance of
         /// requested tokens in EVM
-        access(all)
+        access(Owner | Bridge)
         fun withdrawTokens(
             type: Type,
             amount: UInt256,
-            feeProvider: &{FungibleToken.Provider}
+            feeProvider: auth(FungibleToken.Withdraw) &{FungibleToken.Provider}
         ): @{FungibleToken.Vault} {
             return <- EVM.borrowBridgeAccessor().withdrawTokens(
-                caller: &self as &CadenceOwnedAccount,
+                caller: &self as auth(Call) &CadenceOwnedAccount,
                 type: type,
                 amount: amount,
                 feeProvider: feeProvider
@@ -582,37 +579,37 @@ contract EVM {
     resource interface BridgeAccessor {
 
         /// Endpoint enabling the bridging of an NFT to EVM
-        access(all)
+        access(Bridge)
         fun depositNFT(
             nft: @{NonFungibleToken.NFT},
             to: EVMAddress,
-            feeProvider: &{FungibleToken.Provider}
+            feeProvider: auth(FungibleToken.Withdraw) &{FungibleToken.Provider}
         )
 
         /// Endpoint enabling the bridging of an NFT from EVM
-        access(all)
+        access(Bridge)
         fun withdrawNFT(
-            caller: &CadenceOwnedAccount,
+            caller: auth(Call) &CadenceOwnedAccount,
             type: Type,
             id: UInt256,
-            feeProvider: &{FungibleToken.Provider}
+            feeProvider: auth(FungibleToken.Withdraw) &{FungibleToken.Provider}
         ): @{NonFungibleToken.NFT}
 
         /// Endpoint enabling the bridging of a fungible token vault to EVM
-        access(all)
+        access(Bridge)
         fun depositTokens(
             vault: @{FungibleToken.Vault},
             to: EVMAddress,
-            feeProvider: &{FungibleToken.Provider}
+            feeProvider: auth(FungibleToken.Withdraw) &{FungibleToken.Provider}
         )
 
         /// Endpoint enabling the bridging of fungible tokens from EVM
-        access(all)
+        access(Bridge)
         fun withdrawTokens(
-            caller: &CadenceOwnedAccount,
+            caller: auth(Call) &CadenceOwnedAccount,
             type: Type,
             amount: UInt256,
-            feeProvider: &{FungibleToken.Provider}
+            feeProvider: auth(FungibleToken.Withdraw) &{FungibleToken.Provider}
         ): @{FungibleToken.Vault}
     }
 
@@ -621,20 +618,28 @@ contract EVM {
     resource interface BridgeRouter {
 
         /// Returns a reference to the BridgeAccessor designated for internal bridge requests
-        access(all) view fun borrowBridgeAccessor(): &{BridgeAccessor}
+        access(Bridge) view fun borrowBridgeAccessor(): auth(Bridge) &{BridgeAccessor}
 
         /// Sets the BridgeAccessor Capability in the BridgeRouter
-        access(all) fun setBridgeAccessor(_ accessor: Capability<&{BridgeAccessor}>) {
+        access(Bridge) fun setBridgeAccessor(_ accessor: Capability<auth(Bridge) &{BridgeAccessor}>) {
             pre {
                 accessor.check(): "Invalid BridgeAccessor Capability provided"
+                emit BridgeAccessorUpdated(
+                    routerType: self.getType(),
+                    routerUUID: self.uuid,
+                    routerAddress: self.owner?.address ?? panic("Router must have an owner to be identified"),
+                    accessorType: accessor.borrow()!.getType(),
+                    accessorUUID: accessor.borrow()!.uuid,
+                    accessorAddress: accessor.address
+                )
             }
         }
     }
 
     /// Returns a reference to the BridgeAccessor designated for internal bridge requests
     access(self)
-    view fun borrowBridgeAccessor(): &{BridgeAccessor} {
-        return self.account.storage.borrow<&{BridgeRouter}>(from: /storage/evmBridgeRouter)
+    view fun borrowBridgeAccessor(): auth(Bridge) &{BridgeAccessor} {
+        return self.account.storage.borrow<auth(Bridge) &{BridgeRouter}>(from: /storage/evmBridgeRouter)
             ?.borrowBridgeAccessor()
             ?? panic("Could not borrow reference to the EVM bridge")
     }

utils/unittest/execution_state.go

@@ -23,7 +23,7 @@ const ServiceAccountPrivateKeySignAlgo = crypto.ECDSAP256
 const ServiceAccountPrivateKeyHashAlgo = hash.SHA2_256
 
 // Pre-calculated state commitment with root account with the above private key
-const GenesisStateCommitmentHex = "3083504c73c70c527903726c7e1811e3f767b8d83da2d0c1aa433cd0c97a4f3b"
+const GenesisStateCommitmentHex = "92ca07adaa707b88b5904184bdfa61ec73510095460bb18cae087fc3fd3d5d16"
 
 var GenesisStateCommitment flow.StateCommitment
 
@@ -87,10 +87,10 @@ func genesisCommitHexByChainID(chainID flow.ChainID) string {
 		return GenesisStateCommitmentHex
 	}
 	if chainID == flow.Testnet {
-		return "4bd716d5d5aa783b3020c8e9d9094d11dfd9103a899d50f75a3cb0ce7bc2b83b"
+		return "b85eb5e6c4c4b011f0d69ce114cd18375d2a50ab3e8cf57665662f2d196b4ded"
 	}
 	if chainID == flow.Sandboxnet {
 		return "e1c08b17f9e5896f03fe28dd37ca396c19b26628161506924fbf785834646ea1"
 	}
-	return "25854b600d6f84010acb5877842375605340cfc1ba7be9ba7f5830acb5c1b19e"
+	return "065bc6c49a12fcacb7c7f2289bf4432a02c1057d77f14e0b01c2899f40b4199e"
 }