feat: mutable storage ISMs #4577

yorhodes · 2024-09-26T17:23:48Z

Description

Some chains like zkSync do not support eip1167 (minimal/meta) proxies. This PR adds an alternative storage based multisig and aggregation ISM for use on these chains.

Drive-by changes

Simplify CLI multisig interactive config builder. Remove stale multisig config.

Related issues

None

Backward compatibility

Yes, relayer already supports this module type

Testing

Contract unit tests
Manual CLI tests

changeset-bot · 2024-09-26T17:23:52Z

🦋 Changeset detected

Latest commit: b7a84cd

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages

Name	Type
@hyperlane-xyz/cli	Minor
@hyperlane-xyz/sdk	Minor
@hyperlane-xyz/core	Minor
@hyperlane-xyz/helloworld	Minor
@hyperlane-xyz/infra	Minor
@hyperlane-xyz/widgets	Minor
@hyperlane-xyz/ccip-server	Minor
@hyperlane-xyz/github-proxy	Minor
@hyperlane-xyz/utils	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

solidity/contracts/isms/multisig/AbstractMultisigIsm.sol

solidity/contracts/isms/multisig/StorageMultisigIsm.sol

@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity >=0.8.0;


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+
+abstract contract AbstractStorageMultisigIsm is AbstractMultisigIsm, Ownable {
+    address[] public validators;
+    uint8 public threshold;


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+
+    constructor(
+        address[] memory _validators,
+        uint8 _threshold


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+    AbstractMessageIdMultisigIsm,
+    AbstractStorageMultisigIsm
+{
+    uint8 public constant moduleType =


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+        uint8(IInterchainSecurityModule.Types.MESSAGE_ID_MULTISIG);
+
+    constructor(
+        address[] memory _validators,


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

codecov · 2024-09-26T17:36:27Z

Codecov Report

Attention: Patch coverage is 88.23529% with 4 lines in your changes missing coverage. Please review.

Project coverage is 74.58%. Comparing base (0264f70) to head (b7a84cd).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4577      +/-   ##
==========================================
+ Coverage   74.27%   74.58%   +0.31%     
==========================================
  Files         101      103       +2     
  Lines        1481     1515      +34     
  Branches      192      195       +3     
==========================================
+ Hits         1100     1130      +30     
- Misses        360      364       +4     
  Partials       21       21

Components	Coverage Δ
core	`84.61% <ø> (ø)`
hooks	`77.77% <ø> (ø)`
isms	`79.02% <87.87%> (+1.24%)`	⬆️
token	`89.01% <ø> (ø)`
middlewares	`77.58% <ø> (ø)`

solidity/contracts/interfaces/IThresholdAddressFactory.sol

@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity >=0.8.0;


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+
+    constructor(
+        address[] memory _validators,
+        uint8 _threshold


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+}
+
+contract StorageMerkleRootMultisigIsmFactory is StorageMultisigIsmFactory {
+    address internal immutable _implementation;


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+}
+
+contract StorageMessageIdMultisigIsmFactory is StorageMultisigIsmFactory {
+    address internal immutable _implementation;


typescript/sdk/src/ism/HyperlaneIsmFactory.ts

typescript/cli/src/config/ism.ts

solidity/contracts/isms/multisig/StorageMultisigIsm.sol

nambrot

I mostly did a cursory review, so would like @aroralanuk to take a deeper look for the approval

solidity/contracts/isms/multisig/AbstractMultisigIsm.sol

solidity/test/isms/MultisigIsm.t.sol

typescript/cli/src/tests/multisig.test.ts

solidity/contracts/isms/aggregation/StorageAggregationIsm.sol

@@ -0,0 +1,83 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity >=0.8.0;


solidity/contracts/isms/aggregation/StorageAggregationIsm.sol

+import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+
+contract StorageAggregationIsm is AbstractAggregationIsm, OwnableUpgradeable {
+    address[] public modules;


solidity/contracts/isms/aggregation/StorageAggregationIsm.sol

+    IThresholdAddressFactory,
+    PackageVersioned
+{
+    address public immutable implementation;


aroralanuk

Contracts look good

yorhodes · 2024-11-05T17:05:22Z

Copying audit feedback over

It is recommended to use Ownable2stepUpgradeable instead of OwnableUpgradeable for StorageAggregationIsm and StorageMultisigIsm, as it can prevent transferring ownership to an incorrect address.

It is recommended to emit an event in setModulesAndThreshold() for the values before the change.

StorageAggregationIsm.setModulesAndThreshold() must check that _threshold is not zero. If threshold is set to zero, AbstractAggregationIsm.verify() will always revert.

solidity/contracts/isms/aggregation/StorageAggregationIsm.sol

+    address[] public modules;
+    uint8 public threshold;
+
+    event ModulesAndThresholdSet(address[] modules, uint8 threshold);


solidity/contracts/isms/aggregation/StorageAggregationIsm.sol

+
+    event ModulesAndThresholdSet(address[] modules, uint8 threshold);
+
+    constructor(


solidity/contracts/isms/aggregation/StorageAggregationIsm.sol

+    event ModulesAndThresholdSet(address[] modules, uint8 threshold);
+
+    constructor(
+        address[] memory _modules,


solidity/contracts/isms/aggregation/StorageAggregationIsm.sol

+
+    constructor(
+        address[] memory _modules,
+        uint8 _threshold


solidity/contracts/isms/aggregation/StorageAggregationIsm.sol

+        address[] memory _modules,
+        uint8 _threshold
+    ) public onlyOwner {
+        require(


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+    uint8 public constant moduleType =
+        uint8(IInterchainSecurityModule.Types.MESSAGE_ID_MULTISIG);
+
+    constructor(


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+     * @notice Emitted when a multisig module is deployed
+     * @param module The deployed ISM
+     */
+    event ModuleDeployed(address module);


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+contract StorageMerkleRootMultisigIsmFactory is StorageMultisigIsmFactory {
+    address internal immutable _implementation;
+
+    constructor() {


solidity/contracts/isms/multisig/StorageMultisigIsm.sol

+contract StorageMessageIdMultisigIsmFactory is StorageMultisigIsmFactory {
+    address internal immutable _implementation;
+
+    constructor() {


solidity/contracts/libs/StaticAddressSetFactory.sol

@@ -32,6 +36,10 @@
        address[] calldata _values,
        uint8 _threshold
    ) public returns (address) {
+        require(


### Description - Implements storage-based aggregation ISM ### Drive-by changes - Moves `PackageVersioned` imports from static to abstract aggregation ism ### Backward compatibility Yes ### Testing Unit Tests

github-advanced-security bot found potential problems Sep 26, 2024

View reviewed changes

yorhodes marked this pull request as ready for review September 26, 2024 20:17

yorhodes requested review from jmrossy, ltyu, paulbalaji, tkporter and aroralanuk as code owners September 26, 2024 20:17

yorhodes changed the title ~~feat: storage multisig ISM~~ feat: mutable storage multisig ISM Sep 26, 2024

paulbalaji reviewed Sep 26, 2024

View reviewed changes

typescript/sdk/src/ism/HyperlaneIsmFactory.ts Show resolved Hide resolved

typescript/cli/src/config/ism.ts Show resolved Hide resolved

github-advanced-security bot found potential problems Oct 2, 2024

View reviewed changes

solidity/contracts/isms/multisig/StorageMultisigIsm.sol Fixed Show fixed Hide fixed

nambrot reviewed Oct 22, 2024

View reviewed changes

solidity/contracts/isms/multisig/AbstractMultisigIsm.sol Fixed Show resolved Hide resolved

solidity/test/isms/MultisigIsm.t.sol Show resolved Hide resolved

typescript/cli/src/tests/multisig.test.ts Show resolved Hide resolved

yorhodes force-pushed the storage-multisig-ism branch from ce0e9a7 to b51f1d3 Compare October 22, 2024 20:38

yorhodes changed the base branch from main to audit-q3-2024 October 22, 2024 20:38

yorhodes changed the title ~~feat: mutable storage multisig ISM~~ feat: mutable storage ISMs Oct 23, 2024

github-advanced-security bot found potential problems Oct 23, 2024

View reviewed changes

aroralanuk approved these changes Oct 29, 2024

View reviewed changes

paulbalaji approved these changes Oct 29, 2024

View reviewed changes

github-advanced-security bot found potential problems Nov 5, 2024

View reviewed changes

yorhodes force-pushed the storage-multisig-ism branch from eca30e7 to 13f0c35 Compare November 6, 2024 20:51

yorhodes added 6 commits November 6, 2024 15:55

Implement Storage Multisig ISM

4825bd4

Improve tests

ed59f95

Refactor tests

390429f

Test setValidatorsAndThreshold

cfe3be1

Disable initializers in constructor

51f2944

Increase MAX_VALIDATORS in test

9e8dd7c

yorhodes added 9 commits November 6, 2024 15:55

Deploy storage multisig ISMs atomically

9955f57

Support storage multisig ISMs in CLI

e326904

Remove stale multisig config

f6f8c5b

Test initializable on storage multisig

8958266

Transfer ownership to deployer instead of factory

04fac5f

Fix ISM type

bb702d4

Add changeset

8604931

Add PackageVersioned to storage multisig contracts

dcb3a69

feat: Implement Storage Aggregation ISM (#4731)

5b7f5bc

### Description - Implements storage-based aggregation ISM ### Drive-by changes - Moves `PackageVersioned` imports from static to abstract aggregation ism ### Backward compatibility Yes ### Testing Unit Tests

yorhodes changed the base branch from audit-q3-2024 to main November 6, 2024 20:56

yorhodes added 4 commits November 6, 2024 16:02

Adopt Ownable2Step

ad491a1

Enforce threshold bounds

070584e

Fix invalid threshold in unit tests

0c515ac

Remove .only

b7a84cd

yorhodes force-pushed the storage-multisig-ism branch from 13f0c35 to b7a84cd Compare November 6, 2024 21:03

yorhodes enabled auto-merge November 6, 2024 21:03

yorhodes added this pull request to the merge queue Nov 6, 2024

Merged via the queue into main with commit 8360602 Nov 6, 2024
36 checks passed

yorhodes deleted the storage-multisig-ism branch November 6, 2024 21:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: mutable storage ISMs #4577

feat: mutable storage ISMs #4577

yorhodes commented Sep 26, 2024 •

edited

Loading

changeset-bot bot commented Sep 26, 2024 •

edited

Loading

codecov bot commented Sep 26, 2024 •

edited

Loading

nambrot left a comment

aroralanuk left a comment

yorhodes commented Nov 5, 2024 •

edited

Loading

		@@ -0,0 +1,63 @@
		// SPDX-License-Identifier: MIT OR Apache-2.0
		pragma solidity >=0.8.0;

		@@ -0,0 +1,9 @@
		// SPDX-License-Identifier: MIT OR Apache-2.0
		pragma solidity >=0.8.0;

		@@ -0,0 +1,83 @@
		// SPDX-License-Identifier: MIT OR Apache-2.0
		pragma solidity >=0.8.0;


		event ModulesAndThresholdSet(address[] modules, uint8 threshold);

		constructor(

feat: mutable storage ISMs #4577

feat: mutable storage ISMs #4577

Conversation

yorhodes commented Sep 26, 2024 • edited Loading

Description

Drive-by changes

Related issues

Backward compatibility

Testing

changeset-bot bot commented Sep 26, 2024 • edited Loading

🦋 Changeset detected

codecov bot commented Sep 26, 2024 • edited Loading

Codecov Report

nambrot left a comment

Choose a reason for hiding this comment

aroralanuk left a comment

Choose a reason for hiding this comment

yorhodes commented Nov 5, 2024 • edited Loading

yorhodes commented Sep 26, 2024 •

edited

Loading

changeset-bot bot commented Sep 26, 2024 •

edited

Loading

codecov bot commented Sep 26, 2024 •

edited

Loading

yorhodes commented Nov 5, 2024 •

edited

Loading