test: XERC20 and XERC20 Lockbox integration tests (#3849)

.changeset/sweet-pandas-brush.md

@@ -0,0 +1,5 @@
+---
+"@hyperlane-xyz/core": patch
+---
+
+fix: make XERC20 and XERC20 Lockbox proxy-able

solidity/contracts/test/ERC20Test.sol

@@ -3,6 +3,7 @@ pragma solidity >=0.8.0;
 
 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
 
+import "../token/interfaces/IXERC20Lockbox.sol";
 import "../token/interfaces/IXERC20.sol";
 import "../token/interfaces/IFiatToken.sol";
 
@@ -66,15 +67,50 @@ contract XERC20Test is ERC20Test, IXERC20 {
         _burn(account, amount);
     }
 
-    function setLimits(
-        address _bridge,
-        uint256 _mintingLimit,
-        uint256 _burningLimit
-    ) external {
-        require(false);
+    function setLimits(address, uint256, uint256) external pure {
+        assert(false);
     }
 
-    function owner() external returns (address) {
+    function owner() external pure returns (address) {
         return address(0x0);
     }
 }
+
+contract XERC20LockboxTest is IXERC20Lockbox {
+    IXERC20 public immutable XERC20;
+    IERC20 public immutable ERC20;
+
+    constructor(
+        string memory name,
+        string memory symbol,
+        uint256 totalSupply,
+        uint8 __decimals
+    ) {
+        ERC20Test erc20 = new ERC20Test(name, symbol, totalSupply, __decimals);
+        erc20.transfer(msg.sender, totalSupply);
+        ERC20 = erc20;
+        XERC20 = new XERC20Test(name, symbol, 0, __decimals);
+    }
+
+    function depositTo(address _user, uint256 _amount) public {
+        ERC20.transferFrom(msg.sender, address(this), _amount);
+        XERC20.mint(_user, _amount);
+    }
+
+    function deposit(uint256 _amount) external {
+        depositTo(msg.sender, _amount);
+    }
+
+    function depositNativeTo(address) external payable {
+        assert(false);
+    }
+
+    function withdrawTo(address _user, uint256 _amount) public {
+        XERC20.burn(msg.sender, _amount);
+        ERC20Test(address(ERC20)).mintTo(_user, _amount);
+    }
+
+    function withdraw(uint256 _amount) external {
+        withdrawTo(msg.sender, _amount);
+    }
+}

solidity/contracts/token/extensions/HypXERC20Lockbox.sol

@@ -17,18 +17,39 @@ contract HypXERC20Lockbox is HypERC20Collateral {
     ) HypERC20Collateral(address(IXERC20Lockbox(_lockbox).ERC20()), _mailbox) {
         lockbox = IXERC20Lockbox(_lockbox);
         xERC20 = lockbox.XERC20();
+        approveLockbox();
+    }
 
-        // grant infinite approvals to lockbox
+    /**
+     * @notice Approve the lockbox to spend the wrapped token and xERC20
+     * @dev This function is idempotent and need not be access controlled
+     */
+    function approveLockbox() public {
         require(
-            IERC20(wrappedToken).approve(_lockbox, MAX_INT),
+            IERC20(wrappedToken).approve(address(lockbox), MAX_INT),
             "erc20 lockbox approve failed"
         );
         require(
-            xERC20.approve(_lockbox, MAX_INT),
+            xERC20.approve(address(lockbox), MAX_INT),
             "xerc20 lockbox approve failed"
         );
     }
 
+    /**
+     * @notice Initialize the contract
+     * @param _hook The address of the hook contract
+     * @param _ism The address of the interchain security module
+     * @param _owner The address of the owner
+     */
+    function initialize(
+        address _hook,
+        address _ism,
+        address _owner
+    ) public override initializer {
+        approveLockbox();
+        _MailboxClient_initialize(_hook, _ism, _owner);
+    }
+
     function _transferFromSender(
         uint256 _amount
     ) internal override returns (bytes memory) {

solidity/coverage.sh

@@ -14,7 +14,7 @@ fi
 lcov --version
 
 # exclude FastTokenRouter until https://github.com/hyperlane-xyz/hyperlane-monorepo/issues/2806
-EXCLUDE="*test* *mock* *node_modules* *FastHyp*"
+EXCLUDE="*test* *mock* *node_modules* *script* *FastHyp*"
 lcov \
     --rc lcov_branch_coverage=1 \
     --remove lcov.info $EXCLUDE \

solidity/foundry.toml

@@ -14,7 +14,11 @@ fs_permissions = [
     { access = "read", path = "./script/avs/"},
     { access = "write", path = "./fixtures" }
 ]
-ignored_warnings_from = ['fx-portal']
+ignored_warnings_from = [
+    'lib',
+    'test',
+    'contracts/test'
+]
 
 [profile.ci]
 verbosity = 4

solidity/lib/forge-std

@@ -1 +1 @@
-Subproject commit e8a047e3f40f13fa37af6fe14e6e06283d9a060e
+Subproject commit 52715a217dc51d0de15877878ab8213f6cbbbab5

solidity/script/xerc20/.env.blast

@@ -0,0 +1,4 @@
+export ROUTER_ADDRESS=0xA34ceDf9068C5deE726C67A4e1DCfCc2D6E2A7fD
+export ERC20_ADDRESS=0x2416092f143378750bb29b79eD961ab195CcEea5
+export XERC20_ADDRESS=0x2416092f143378750bb29b79eD961ab195CcEea5
+export RPC_URL="https://rpc.blast.io"

solidity/script/xerc20/.env.ethereum

@@ -0,0 +1,5 @@
+export ROUTER_ADDRESS=0x8dfbEA2582F41c8C4Eb25252BbA392fd3c09449A
+export ADMIN_ADDRESS=0xa5B0D537CeBE97f087Dc5FE5732d70719caaEc1D
+export ERC20_ADDRESS=0xbf5495Efe5DB9ce00f80364C8B423567e58d2110
+export XERC20_ADDRESS=0x2416092f143378750bb29b79eD961ab195CcEea5
+export RPC_URL="https://eth.merkle.io"

solidity/script/xerc20/ApproveLockbox.s.sol

@@ -0,0 +1,50 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity >=0.8.0;
+
+import "forge-std/Script.sol";
+
+import {AnvilRPC} from "test/AnvilRPC.sol";
+import {TypeCasts} from "contracts/libs/TypeCasts.sol";
+
+import {ITransparentUpgradeableProxy} from "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";
+
+import {ProxyAdmin} from "contracts/upgrade/ProxyAdmin.sol";
+
+import {HypXERC20Lockbox} from "contracts/token/extensions/HypXERC20Lockbox.sol";
+import {IXERC20Lockbox} from "contracts/token/interfaces/IXERC20Lockbox.sol";
+import {IXERC20} from "contracts/token/interfaces/IXERC20.sol";
+import {IERC20} from "contracts/token/interfaces/IXERC20.sol";
+
+// source .env.<CHAIN>
+// forge script ApproveLockbox.s.sol --broadcast --rpc-url localhost:XXXX
+contract ApproveLockbox is Script {
+    address router = vm.envAddress("ROUTER_ADDRESS");
+    address admin = vm.envAddress("ADMIN_ADDRESS");
+    uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
+
+    ITransparentUpgradeableProxy proxy = ITransparentUpgradeableProxy(router);
+    HypXERC20Lockbox old = HypXERC20Lockbox(router);
+    address lockbox = address(old.lockbox());
+    address mailbox = address(old.mailbox());
+    ProxyAdmin proxyAdmin = ProxyAdmin(admin);
+
+    function run() external {
+        assert(proxyAdmin.getProxyAdmin(proxy) == admin);
+
+        vm.startBroadcast(deployerPrivateKey);
+        HypXERC20Lockbox logic = new HypXERC20Lockbox(lockbox, mailbox);
+        proxyAdmin.upgradeAndCall(
+            proxy,
+            address(logic),
+            abi.encodeCall(HypXERC20Lockbox.approveLockbox, ())
+        );
+        vm.stopBroadcast();
+
+        vm.expectRevert("Initializable: contract is already initialized");
+        HypXERC20Lockbox(address(proxy)).initialize(
+            address(0),
+            address(0),
+            mailbox
+        );
+    }
+}

solidity/script/xerc20/GrantLimits.s.sol

@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity >=0.8.0;
+
+import "forge-std/Script.sol";
+
+import {AnvilRPC} from "test/AnvilRPC.sol";
+
+import {IXERC20Lockbox} from "contracts/token/interfaces/IXERC20Lockbox.sol";
+import {IXERC20} from "contracts/token/interfaces/IXERC20.sol";
+import {IERC20} from "contracts/token/interfaces/IXERC20.sol";
+
+// source .env.<CHAIN>
+// anvil --fork-url $RPC_URL --port XXXX
+// forge script GrantLimits.s.sol --broadcast --unlocked --rpc-url localhost:XXXX
+contract GrantLimits is Script {
+    address tester = 0xa7ECcdb9Be08178f896c26b7BbD8C3D4E844d9Ba;
+    uint256 amount = 1 gwei;
+
+    address router = vm.envAddress("ROUTER_ADDRESS");
+    IERC20 erc20 = IERC20(vm.envAddress("ERC20_ADDRESS"));
+    IXERC20 xerc20 = IXERC20(vm.envAddress("XERC20_ADDRESS"));
+
+    function runFrom(address account) internal {
+        AnvilRPC.setBalance(account, 1 ether);
+        AnvilRPC.impersonateAccount(account);
+        vm.broadcast(account);
+    }
+
+    function run() external {
+        address owner = xerc20.owner();
+        runFrom(owner);
+        xerc20.setLimits(router, amount, amount);
+
+        runFrom(address(erc20));
+        erc20.transfer(tester, amount);
+    }
+}

solidity/script/xerc20/ezETH.s.sol

@@ -0,0 +1,127 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity >=0.8.0;
+
+import "forge-std/Script.sol";
+
+import {IXERC20Lockbox} from "../../contracts/token/interfaces/IXERC20Lockbox.sol";
+import {IXERC20} from "../../contracts/token/interfaces/IXERC20.sol";
+import {IERC20} from "../../contracts/token/interfaces/IXERC20.sol";
+import {HypXERC20Lockbox} from "../../contracts/token/extensions/HypXERC20Lockbox.sol";
+import {HypERC20Collateral} from "../../contracts/token/HypERC20Collateral.sol";
+import {HypXERC20} from "../../contracts/token/extensions/HypXERC20.sol";
+import {TransparentUpgradeableProxy} from "../../contracts/upgrade/TransparentUpgradeableProxy.sol";
+import {ProxyAdmin} from "../../contracts/upgrade/ProxyAdmin.sol";
+
+import {TypeCasts} from "../../contracts/libs/TypeCasts.sol";
+import {TokenMessage} from "../../contracts/token/libs/TokenMessage.sol";
+
+contract ezETH is Script {
+    using TypeCasts for address;
+
+    string ETHEREUM_RPC_URL = vm.envString("ETHEREUM_RPC_URL");
+    string BLAST_RPC_URL = vm.envString("BLAST_RPC_URL");
+
+    uint256 ethereumFork;
+    uint32 ethereumDomainId = 1;
+    address ethereumMailbox = 0xc005dc82818d67AF737725bD4bf75435d065D239;
+    address ethereumLockbox = 0xC8140dA31E6bCa19b287cC35531c2212763C2059;
+
+    uint256 blastFork;
+    uint32 blastDomainId = 81457;
+    address blastXERC20 = 0x2416092f143378750bb29b79eD961ab195CcEea5;
+    address blastMailbox = 0x3a867fCfFeC2B790970eeBDC9023E75B0a172aa7;
+
+    uint256 amount = 100;
+
+    function setUp() public {
+        ethereumFork = vm.createFork(ETHEREUM_RPC_URL);
+        blastFork = vm.createFork(BLAST_RPC_URL);
+    }
+
+    function run() external {
+        address deployer = address(this);
+        bytes32 recipient = deployer.addressToBytes32();
+        bytes memory tokenMessage = TokenMessage.format(recipient, amount, "");
+        vm.selectFork(ethereumFork);
+        HypXERC20Lockbox hypXERC20Lockbox = new HypXERC20Lockbox(
+            ethereumLockbox,
+            ethereumMailbox
+        );
+        ProxyAdmin ethAdmin = new ProxyAdmin();
+        TransparentUpgradeableProxy ethProxy = new TransparentUpgradeableProxy(
+            address(hypXERC20Lockbox),
+            address(ethAdmin),
+            abi.encodeCall(
+                HypXERC20Lockbox.initialize,
+                (address(0), address(0), deployer)
+            )
+        );
+        hypXERC20Lockbox = HypXERC20Lockbox(address(ethProxy));
+
+        vm.selectFork(blastFork);
+        HypXERC20 hypXERC20 = new HypXERC20(blastXERC20, blastMailbox);
+        ProxyAdmin blastAdmin = new ProxyAdmin();
+        TransparentUpgradeableProxy blastProxy = new TransparentUpgradeableProxy(
+                address(hypXERC20),
+                address(blastAdmin),
+                abi.encodeCall(
+                    HypERC20Collateral.initialize,
+                    (address(0), address(0), deployer)
+                )
+            );
+        hypXERC20 = HypXERC20(address(blastProxy));
+        hypXERC20.enrollRemoteRouter(
+            ethereumDomainId,
+            address(hypXERC20Lockbox).addressToBytes32()
+        );
+
+        // grant `amount` mint and burn limit to warp route
+        vm.prank(IXERC20(blastXERC20).owner());
+        IXERC20(blastXERC20).setLimits(address(hypXERC20), amount, amount);
+
+        // test sending `amount` on warp route
+        vm.prank(0x7BE481D464CAD7ad99500CE8A637599eB8d0FCDB); // ezETH whale
+        IXERC20(blastXERC20).transfer(address(this), amount);
+        IXERC20(blastXERC20).approve(address(hypXERC20), amount);
+        uint256 value = hypXERC20.quoteGasPayment(ethereumDomainId);
+        hypXERC20.transferRemote{value: value}(
+            ethereumDomainId,
+            recipient,
+            amount
+        );
+
+        // test receiving `amount` on warp route
+        vm.prank(blastMailbox);
+        hypXERC20.handle(
+            ethereumDomainId,
+            address(hypXERC20Lockbox).addressToBytes32(),
+            tokenMessage
+        );
+
+        vm.selectFork(ethereumFork);
+        hypXERC20Lockbox.enrollRemoteRouter(
+            blastDomainId,
+            address(hypXERC20).addressToBytes32()
+        );
+
+        // grant `amount` mint and burn limit to warp route
+        IXERC20 ethereumXERC20 = hypXERC20Lockbox.xERC20();
+        vm.prank(ethereumXERC20.owner());
+        ethereumXERC20.setLimits(address(hypXERC20Lockbox), amount, amount);
+
+        // test sending `amount` on warp route
+        IERC20 erc20 = IXERC20Lockbox(ethereumLockbox).ERC20();
+        vm.prank(ethereumLockbox);
+        erc20.transfer(address(this), amount);
+        erc20.approve(address(hypXERC20Lockbox), amount);
+        hypXERC20Lockbox.transferRemote(blastDomainId, recipient, amount);
+
+        // test receiving `amount` on warp route
+        vm.prank(ethereumMailbox);
+        hypXERC20Lockbox.handle(
+            blastDomainId,
+            address(hypXERC20).addressToBytes32(),
+            tokenMessage
+        );
+    }
+}

solidity/test/AnvilRPC.sol

@@ -0,0 +1,107 @@
+// SPDX-License-Identifier: MIT OR Apache-2.0
+pragma solidity >=0.8.0;
+
+import "forge-std/Vm.sol";
+import {Strings} from "@openzeppelin/contracts/utils/Strings.sol";
+
+// see https://book.getfoundry.sh/reference/anvil/#supported-rpc-methods
+library AnvilRPC {
+    using Strings for address;
+    using Strings for uint256;
+
+    using AnvilRPC for string;
+    using AnvilRPC for string[1];
+    using AnvilRPC for string[2];
+    using AnvilRPC for string[3];
+
+    Vm private constant vm =
+        Vm(address(uint160(uint256(keccak256("hevm cheat code")))));
+
+    string private constant OPEN_ARRAY = "[";
+    string private constant CLOSE_ARRAY = "]";
+    string private constant COMMA = ",";
+    string private constant EMPTY_ARRAY = "[]";
+
+    function escaped(
+        string memory value
+    ) internal pure returns (string memory) {
+        return string.concat(ESCAPED_QUOTE, value, ESCAPED_QUOTE);
+    }
+
+    function toString(
+        string[1] memory values
+    ) internal pure returns (string memory) {
+        return string.concat(OPEN_ARRAY, values[0], CLOSE_ARRAY);
+    }
+
+    function toString(
+        string[2] memory values
+    ) internal pure returns (string memory) {
+        return
+            string.concat(OPEN_ARRAY, values[0], COMMA, values[1], CLOSE_ARRAY);
+    }
+
+    function toString(
+        string[3] memory values
+    ) internal pure returns (string memory) {
+        return
+            string.concat(
+                OPEN_ARRAY,
+                values[0],
+                COMMA,
+                values[1],
+                COMMA,
+                values[2],
+                CLOSE_ARRAY
+            );
+    }
+
+    function impersonateAccount(address account) internal {
+        vm.rpc(
+            "anvil_impersonateAccount",
+            [account.toHexString().escaped()].toString()
+        );
+    }
+
+    function setBalance(address account, uint256 balance) internal {
+        vm.rpc(
+            "anvil_setBalance",
+            [account.toHexString().escaped(), balance.toString()].toString()
+        );
+    }
+
+    function setCode(address account, bytes memory code) internal {
+        vm.rpc(
+            "anvil_setCode",
+            [account.toHexString().escaped(), string(code).escaped()].toString()
+        );
+    }
+
+    function setStorageAt(
+        address account,
+        uint256 slot,
+        uint256 value
+    ) internal {
+        vm.rpc(
+            "anvil_setStorageAt",
+            [
+                account.toHexString().escaped(),
+                slot.toHexString(),
+                value.toHexString()
+            ].toString()
+        );
+    }
+
+    function resetFork(string memory rpcUrl) internal {
+        string memory obj = string.concat(
+            // solhint-disable-next-line quotes
+            '{"forking":{"jsonRpcUrl":',
+            string(rpcUrl).escaped(),
+            "}}"
+        );
+        vm.rpc("anvil_reset", [obj].toString());
+    }
+}
+
+// here to prevent syntax highlighting from breaking
+string constant ESCAPED_QUOTE = '"';

solidity/test/token/HypERC20.t.sol

@@ -19,13 +19,14 @@ import {TransparentUpgradeableProxy} from "@openzeppelin/contracts/proxy/transpa
 import {Mailbox} from "../../contracts/Mailbox.sol";
 import {TypeCasts} from "../../contracts/libs/TypeCasts.sol";
 import {TestMailbox} from "../../contracts/test/TestMailbox.sol";
-import {XERC20Test, FiatTokenTest, ERC20Test} from "../../contracts/test/ERC20Test.sol";
+import {XERC20LockboxTest, XERC20Test, FiatTokenTest, ERC20Test} from "../../contracts/test/ERC20Test.sol";
 import {TestPostDispatchHook} from "../../contracts/test/TestPostDispatchHook.sol";
 import {TestInterchainGasPaymaster} from "../../contracts/test/TestInterchainGasPaymaster.sol";
 import {GasRouter} from "../../contracts/client/GasRouter.sol";
 
 import {HypERC20} from "../../contracts/token/HypERC20.sol";
 import {HypERC20Collateral} from "../../contracts/token/HypERC20Collateral.sol";
+import {HypXERC20Lockbox} from "../../contracts/token/extensions/HypXERC20Lockbox.sol";
 import {IXERC20} from "../../contracts/token/interfaces/IXERC20.sol";
 import {IFiatToken} from "../../contracts/token/interfaces/IFiatToken.sol";
 import {HypXERC20} from "../../contracts/token/extensions/HypXERC20.sol";
@@ -442,6 +443,80 @@ contract HypXERC20Test is HypTokenTest {
     }
 }
 
+contract HypXERC20LockboxTest is HypTokenTest {
+    using TypeCasts for address;
+    HypXERC20Lockbox internal xerc20Lockbox;
+
+    function setUp() public override {
+        super.setUp();
+
+        XERC20LockboxTest lockbox = new XERC20LockboxTest(
+            NAME,
+            SYMBOL,
+            TOTAL_SUPPLY,
+            DECIMALS
+        );
+        primaryToken = ERC20Test(address(lockbox.ERC20()));
+
+        localToken = new HypXERC20Lockbox(
+            address(lockbox),
+            address(localMailbox)
+        );
+        xerc20Lockbox = HypXERC20Lockbox(address(localToken));
+
+        xerc20Lockbox.enrollRemoteRouter(
+            DESTINATION,
+            address(remoteToken).addressToBytes32()
+        );
+
+        primaryToken.transfer(ALICE, 1000e18);
+
+        _enrollRemoteTokenRouter();
+    }
+
+    uint256 constant MAX_INT = 2 ** 256 - 1;
+
+    function testApproval() public {
+        assertEq(
+            xerc20Lockbox.xERC20().allowance(
+                address(localToken),
+                address(xerc20Lockbox.lockbox())
+            ),
+            MAX_INT
+        );
+        assertEq(
+            xerc20Lockbox.wrappedToken().allowance(
+                address(localToken),
+                address(xerc20Lockbox.lockbox())
+            ),
+            MAX_INT
+        );
+    }
+
+    function testRemoteTransfer() public {
+        uint256 balanceBefore = localToken.balanceOf(ALICE);
+
+        vm.prank(ALICE);
+        primaryToken.approve(address(localToken), TRANSFER_AMT);
+        vm.expectCall(
+            address(xerc20Lockbox.xERC20()),
+            abi.encodeCall(IXERC20.burn, (address(localToken), TRANSFER_AMT))
+        );
+        _performRemoteTransferWithEmit(REQUIRED_VALUE, TRANSFER_AMT, 0);
+        assertEq(localToken.balanceOf(ALICE), balanceBefore - TRANSFER_AMT);
+    }
+
+    function testHandle() public {
+        uint256 balanceBefore = localToken.balanceOf(ALICE);
+        vm.expectCall(
+            address(xerc20Lockbox.xERC20()),
+            abi.encodeCall(IXERC20.mint, (address(localToken), TRANSFER_AMT))
+        );
+        _handleLocalTransfer(TRANSFER_AMT);
+        assertEq(localToken.balanceOf(ALICE), balanceBefore + TRANSFER_AMT);
+    }
+}
+
 contract HypFiatTokenTest is HypTokenTest {
     using TypeCasts for address;
     HypFiatToken internal fiatToken;