fix(contracts): quote management for L2->L1 hooks

.changeset/cuddly-baboons-drive.md

@@ -0,0 +1,6 @@
+---
+'@hyperlane-xyz/sdk': minor
+'@hyperlane-xyz/core': minor
+---
+
+Checking for sufficient fees in `AbstractMessageIdAuthHook` and refund surplus

.changeset/tidy-meals-add.md

@@ -1,5 +1,5 @@
 ---
-"@hyperlane-xyz/utils": patch
+'@hyperlane-xyz/utils': patch
 ---
 
 Filter undefined/null values in invertKeysAndValues function

solidity/contracts/hooks/ArbL2ToL1Hook.sol

@@ -14,17 +14,16 @@
 @@@@@@@@@       @@@@@@@@*/
 
 // ============ Internal Imports ============
+import {Message} from "../libs/Message.sol";
+import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
 import {AbstractPostDispatchHook} from "./libs/AbstractMessageIdAuthHook.sol";
 import {AbstractMessageIdAuthHook} from "./libs/AbstractMessageIdAuthHook.sol";
-import {Mailbox} from "../Mailbox.sol";
+import {AbstractMessageIdAuthorizedIsm} from "../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
 import {StandardHookMetadata} from "./libs/StandardHookMetadata.sol";
 import {Message} from "../libs/Message.sol";
 import {TypeCasts} from "../libs/TypeCasts.sol";
-import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
-import {MailboxClient} from "../client/MailboxClient.sol";
 
 // ============ External Imports ============
-import {Address} from "@openzeppelin/contracts/utils/Address.sol";
 import {ArbSys} from "@arbitrum/nitro-contracts/src/precompiles/ArbSys.sol";
 
 /**
@@ -35,13 +34,14 @@
  */
 contract ArbL2ToL1Hook is AbstractMessageIdAuthHook {
     using StandardHookMetadata for bytes;
+    using Message for bytes;
 
     // ============ Constants ============
 
     // precompile contract on L2 for sending messages to L1
     ArbSys public immutable arbSys;
-    // Immutable quote amount
-    uint256 public immutable GAS_QUOTE;
+    // child hook to call first
+    IPostDispatchHook public immutable childHook;
 
     // ============ Constructor ============
 
@@ -50,30 +50,41 @@
         uint32 _destinationDomain,
         bytes32 _ism,
         address _arbSys,
-        uint256 _gasQuote
+        address _childHook
     ) AbstractMessageIdAuthHook(_mailbox, _destinationDomain, _ism) {
         arbSys = ArbSys(_arbSys);
-        GAS_QUOTE = _gasQuote;
+        childHook = AbstractPostDispatchHook(_childHook);
     }
 
+    /// @inheritdoc IPostDispatchHook
     function hookType() external pure override returns (uint8) {
         return uint8(IPostDispatchHook.Types.ARB_L2_TO_L1);
     }
 
+    /// @inheritdoc AbstractPostDispatchHook
     function _quoteDispatch(
-        bytes calldata,
-        bytes calldata
+        bytes calldata metadata,
+        bytes calldata message
     ) internal view override returns (uint256) {
-        return GAS_QUOTE;
+        return
+            metadata.msgValue(0) + childHook.quoteDispatch(metadata, message);
     }
 
     // ============ Internal functions ============
 
     /// @inheritdoc AbstractMessageIdAuthHook
     function _sendMessageId(
         bytes calldata metadata,
-        bytes memory payload
+        bytes calldata message
     ) internal override {
+        bytes memory payload = abi.encodeCall(
+            AbstractMessageIdAuthorizedIsm.verifyMessageId,
+            message.id()
+        );
+
+        childHook.postDispatch{
+            value: childHook.quoteDispatch(metadata, message)
+        }(metadata, message);
         arbSys.sendTxToL1{value: metadata.msgValue(0)}(
             TypeCasts.bytes32ToAddress(ism),
             payload

solidity/contracts/hooks/OPL2ToL1Hook.sol

@@ -14,10 +14,13 @@
 @@@@@@@@@       @@@@@@@@*/
 
 // ============ Internal Imports ============
+import {Message} from "../libs/Message.sol";
 import {AbstractPostDispatchHook, AbstractMessageIdAuthHook} from "./libs/AbstractMessageIdAuthHook.sol";
+import {AbstractMessageIdAuthorizedIsm} from "../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
 import {StandardHookMetadata} from "./libs/StandardHookMetadata.sol";
 import {TypeCasts} from "../libs/TypeCasts.sol";
 import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
+import {InterchainGasPaymaster} from "./igp/InterchainGasPaymaster.sol";
 
 // ============ External Imports ============
 import {ICrossDomainMessenger} from "../interfaces/optimism/ICrossDomainMessenger.sol";
@@ -30,13 +33,16 @@
  */
 contract OPL2ToL1Hook is AbstractMessageIdAuthHook {
     using StandardHookMetadata for bytes;
+    using Message for bytes;
 
     // ============ Constants ============
 
     // precompile contract on L2 for sending messages to L1
     ICrossDomainMessenger public immutable l2Messenger;
-    // Immutable quote amount
-    uint32 public immutable GAS_QUOTE;
+    // child hook to call first
+    IPostDispatchHook public immutable childHook;
+    // Minimum gas limit that the message can be executed with - OP specific
+    uint32 public constant MIN_GAS_LIMIT = 300_000;
 
     // ============ Constructor ============
 
@@ -45,10 +51,10 @@
         uint32 _destinationDomain,
         bytes32 _ism,
         address _l2Messenger,
-        uint32 _gasQuote
+        address _childHook
     ) AbstractMessageIdAuthHook(_mailbox, _destinationDomain, _ism) {
-        GAS_QUOTE = _gasQuote;
         l2Messenger = ICrossDomainMessenger(_l2Messenger);
+        childHook = AbstractPostDispatchHook(_childHook);
     }
 
     /// @inheritdoc IPostDispatchHook
@@ -58,27 +64,32 @@
 
     /// @inheritdoc AbstractPostDispatchHook
     function _quoteDispatch(
-        bytes calldata,
-        bytes calldata
+        bytes calldata metadata,
+        bytes calldata message
     ) internal view override returns (uint256) {
-        return GAS_QUOTE;
+        return
+            metadata.msgValue(0) + childHook.quoteDispatch(metadata, message);
     }
 
     // ============ Internal functions ============
 
     /// @inheritdoc AbstractMessageIdAuthHook
     function _sendMessageId(
         bytes calldata metadata,
-        bytes memory payload
+        bytes calldata message
     ) internal override {
-        require(
-            msg.value >= metadata.msgValue(0) + GAS_QUOTE,
-            "OPL2ToL1Hook: insufficient msg.value"
+        bytes memory payload = abi.encodeCall(
+            AbstractMessageIdAuthorizedIsm.verifyMessageId,
+            message.id()
         );
+
+        childHook.postDispatch{
+            value: childHook.quoteDispatch(metadata, message)
+        }(metadata, message);
         l2Messenger.sendMessage{value: metadata.msgValue(0)}(
             TypeCasts.bytes32ToAddress(ism),
             payload,
-            GAS_QUOTE
+            MIN_GAS_LIMIT
         );
     }
 }

solidity/contracts/hooks/OPStackHook.sol

@@ -18,6 +18,7 @@
 import {StandardHookMetadata} from "./libs/StandardHookMetadata.sol";
 import {TypeCasts} from "../libs/TypeCasts.sol";
 import {Message} from "../libs/Message.sol";
+import {AbstractMessageIdAuthorizedIsm} from "../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
 import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
 
 // ============ External Imports ============
@@ -32,6 +33,7 @@
  */
 contract OPStackHook is AbstractMessageIdAuthHook {
     using StandardHookMetadata for bytes;
+    using Message for bytes;
 
     // ============ Constants ============
 
@@ -60,21 +62,22 @@
 
     // ============ Internal functions ============
     function _quoteDispatch(
-        bytes calldata,
+        bytes calldata metadata,
         bytes calldata
     ) internal pure override returns (uint256) {
-        return 0; // gas subsidized by the L2
+        return metadata.msgValue(0); // gas subsidized by the L2
     }
 
     /// @inheritdoc AbstractMessageIdAuthHook
     function _sendMessageId(
         bytes calldata metadata,
-        bytes memory payload
+        bytes calldata message
     ) internal override {
-        require(
-            metadata.msgValue(0) < 2 ** 255,
-            "OPStackHook: msgValue must be less than 2 ** 255"
+        bytes memory payload = abi.encodeCall(
+            AbstractMessageIdAuthorizedIsm.verifyMessageId,
+            message.id()
         );
+
         l1Messenger.sendMessage{value: metadata.msgValue(0)}(
             TypeCasts.bytes32ToAddress(ism),
             payload,

solidity/contracts/hooks/PolygonPosHook.sol

@@ -19,6 +19,7 @@
 import {TypeCasts} from "../libs/TypeCasts.sol";
 import {Message} from "../libs/Message.sol";
 import {IPostDispatchHook} from "../interfaces/hooks/IPostDispatchHook.sol";
+import {AbstractMessageIdAuthorizedIsm} from "../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
 
 // ============ External Imports ============
 import {FxBaseRootTunnel} from "fx-portal/contracts/tunnel/FxBaseRootTunnel.sol";
@@ -31,6 +32,7 @@
  */
 contract PolygonPosHook is AbstractMessageIdAuthHook, FxBaseRootTunnel {
     using StandardHookMetadata for bytes;
+    using Message for bytes;
 
     // ============ Constructor ============
 
@@ -56,22 +58,27 @@
 
     // ============ Internal functions ============
     function _quoteDispatch(
-        bytes calldata,
+        bytes calldata metadata,
         bytes calldata
     ) internal pure override returns (uint256) {
-        return 0;
+        return metadata.msgValue(0);
     }
 
     /// @inheritdoc AbstractMessageIdAuthHook
     function _sendMessageId(
         bytes calldata metadata,
-        bytes memory payload
+        bytes calldata message
     ) internal override {
         require(
             metadata.msgValue(0) == 0,
             "PolygonPosHook: does not support msgValue"
         );
         require(msg.value == 0, "PolygonPosHook: does not support msgValue");
+
+        bytes memory payload = abi.encodeCall(
+            AbstractMessageIdAuthorizedIsm.verifyMessageId,
+            message.id()
+        );
         _sendMessageToChild(payload);
     }
 

solidity/contracts/hooks/aggregation/ERC5164Hook.sol

@@ -15,9 +15,11 @@
 
 // ============ Internal Imports ============
 import {TypeCasts} from "../../libs/TypeCasts.sol";
+import {Message} from "../../libs/Message.sol";
 import {IPostDispatchHook} from "../../interfaces/hooks/IPostDispatchHook.sol";
 import {IMessageDispatcher} from "../../interfaces/hooks/IMessageDispatcher.sol";
 import {AbstractMessageIdAuthHook} from "../libs/AbstractMessageIdAuthHook.sol";
+import {AbstractMessageIdAuthorizedIsm} from "../../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
 
 // ============ External Imports ============
 import {Address} from "@openzeppelin/contracts/utils/Address.sol";
@@ -28,6 +30,8 @@
  * any of the 5164 adapters.
  */
 contract ERC5164Hook is AbstractMessageIdAuthHook {
+    using Message for bytes;
+
     IMessageDispatcher public immutable dispatcher;
 
     constructor(
@@ -55,9 +59,14 @@
     function _sendMessageId(
         bytes calldata,
         /* metadata */
-        bytes memory payload
+        bytes calldata message
     ) internal override {
         require(msg.value == 0, "ERC5164Hook: no value allowed");
+
+        bytes memory payload = abi.encodeCall(
+            AbstractMessageIdAuthorizedIsm.verifyMessageId,
+            message.id()
+        );
         dispatcher.dispatchMessage(
             destinationDomain,
             TypeCasts.bytes32ToAddress(ism),

solidity/contracts/hooks/layer-zero/LayerZeroV2Hook.sol

@@ -18,6 +18,7 @@
 import {Indexed} from "../../libs/Indexed.sol";
 import {IPostDispatchHook} from "../../interfaces/hooks/IPostDispatchHook.sol";
 import {AbstractMessageIdAuthHook} from "../libs/AbstractMessageIdAuthHook.sol";
+import {AbstractMessageIdAuthorizedIsm} from "../../isms/hook/AbstractMessageIdAuthorizedIsm.sol";
 import {StandardHookMetadata} from "../libs/StandardHookMetadata.sol";
 
 struct LayerZeroV2Metadata {
@@ -55,8 +56,13 @@
     /// @inheritdoc AbstractMessageIdAuthHook
     function _sendMessageId(
         bytes calldata metadata,
-        bytes memory payload
+        bytes calldata message
     ) internal override {
+        bytes memory payload = abi.encodeCall(
+            AbstractMessageIdAuthorizedIsm.verifyMessageId,
+            message.id()
+        );
+
         bytes calldata lZMetadata = metadata.getCustomMetadata();
         (
             uint32 eid,
@@ -72,7 +78,9 @@
             options,
             false // payInLzToken
         );
-        lZEndpoint.send{value: msg.value}(msgParams, refundAddress);
+
+        uint256 quote = _quoteDispatch(metadata, message);
+        lZEndpoint.send{value: quote}(msgParams, refundAddress);
     }
 
     /// @dev payInZRO is hardcoded to false because zro tokens should not be directly accepted
@@ -96,7 +104,7 @@
             message.senderAddress()
         );
 
-        return msgFee.nativeFee;
+        return metadata.msgValue(0) + msgFee.nativeFee;
     }
 
     /**