Merge pull request #98 from 1inch/audits/SC-1216-N02

N02 Add security contact

.gas-snapshot

@@ -9,41 +9,41 @@ EscrowFactoryTest:test_NoUnsafeDeploymentForTaker() (gas: 34474)
 EscrowTest:test_CancelDst() (gas: 116028)
 EscrowTest:test_CancelDstDifferentTarget() (gas: 143286)
 EscrowTest:test_CancelDstWithNativeToken() (gas: 93622)
-EscrowTest:test_CancelPublicSrc() (gas: 165442)
+EscrowTest:test_CancelPublicSrc() (gas: 165457)
 EscrowTest:test_CancelResolverSrc() (gas: 168586)
 EscrowTest:test_CancelResolverSrcReceiver() (gas: 179340)
-EscrowTest:test_NoAnyoneCancelDuringResolverCancelSrc() (gas: 163829)
+EscrowTest:test_NoAnyoneCancelDuringResolverCancelSrc() (gas: 163809)
 EscrowTest:test_NoCallsWithInvalidImmutables() (gas: 286452)
 EscrowTest:test_NoCancelByAnyoneDst() (gas: 121678)
 EscrowTest:test_NoCancelDuringWithdrawalDst() (gas: 121438)
-EscrowTest:test_NoCancelDuringWithdrawalSrc() (gas: 163938)
-EscrowTest:test_NoFailedNativeTokenTransferCancelSrc() (gas: 179280)
+EscrowTest:test_NoCancelDuringWithdrawalSrc() (gas: 163980)
+EscrowTest:test_NoFailedNativeTokenTransferCancelSrc() (gas: 179317)
 EscrowTest:test_NoFailedNativeTokenTransferWithdrawalDst() (gas: 154458)
 EscrowTest:test_NoFailedNativeTokenTransferWithdrawalDstNative() (gas: 83365)
 EscrowTest:test_NoFailedNativeTokenTransferWithdrawalSrc() (gas: 312313)
-EscrowTest:test_NoPublicCancelDuringPrivateCancellationSrc() (gas: 163124)
+EscrowTest:test_NoPublicCancelDuringPrivateCancellationSrc() (gas: 163144)
 EscrowTest:test_NoPublicWithdrawOutsideOfAllowedPeriodDst() (gas: 126855)
 EscrowTest:test_NoPublicWithdrawalOutsideOfAllowedPeriodSrc() (gas: 169069)
 EscrowTest:test_NoRescueFundsByAnyoneDst() (gas: 176275)
-EscrowTest:test_NoRescueFundsByAnyoneSrc() (gas: 209062)
-EscrowTest:test_NoRescueFundsEarlierDst() (gas: 175685)
+EscrowTest:test_NoRescueFundsByAnyoneSrc() (gas: 209077)
+EscrowTest:test_NoRescueFundsEarlierDst() (gas: 175708)
 EscrowTest:test_NoRescueFundsEarlierSrc() (gas: 209019)
-EscrowTest:test_NoWithdrawalByAnyoneSrc() (gas: 160820)
+EscrowTest:test_NoWithdrawalByAnyoneSrc() (gas: 160840)
 EscrowTest:test_NoWithdrawalByNonResolverDst() (gas: 121384)
 EscrowTest:test_NoWithdrawalOutsideOfAllowedPeriodDst() (gas: 126271)
-EscrowTest:test_NoWithdrawalOutsideOfAllowedPeriodSrc() (gas: 169632)
+EscrowTest:test_NoWithdrawalOutsideOfAllowedPeriodSrc() (gas: 169623)
 EscrowTest:test_NoWithdrawalWithWrongSecretDst() (gas: 122749)
 EscrowTest:test_NoWithdrawalWithWrongSecretSrc() (gas: 164438)
-EscrowTest:test_PublicWithdrawSrc() (gas: 181729)
+EscrowTest:test_PublicWithdrawSrc() (gas: 181745)
 EscrowTest:test_RescueFundsDst() (gas: 158179)
 EscrowTest:test_RescueFundsDstNative() (gas: 186642)
 EscrowTest:test_RescueFundsSrc() (gas: 195453)
-EscrowTest:test_RescueFundsSrcNative() (gas: 197721)
+EscrowTest:test_RescueFundsSrcNative() (gas: 197720)
 EscrowTest:test_WithdrawByAnyoneDst() (gas: 141240)
 EscrowTest:test_WithdrawByResolverDst() (gas: 142325)
 EscrowTest:test_WithdrawByResolverDstNative() (gas: 97810)
 EscrowTest:test_WithdrawByResolverPublicDst() (gas: 141671)
-EscrowTest:test_WithdrawSrc() (gas: 186495)
+EscrowTest:test_WithdrawSrc() (gas: 186512)
 EscrowTest:test_WithdrawSrcTo() (gas: 191326)
 IntegrationEscrowFactoryTest:test_DeployCloneForMakerNonWhitelistedResolverInt() (gas: 473480)
 IntegrationEscrowFactoryTest:test_NoInsufficientBalanceDeploymentForMakerInt() (gas: 341110)
@@ -58,13 +58,13 @@ IntegrationResolverMockTest:test_MockRescueFundsSrc() (gas: 382547)
 IntegrationResolverMockTest:test_MockWithdrawDst() (gas: 182848)
 IntegrationResolverMockTest:test_MockWithdrawToSrc() (gas: 354840)
 MerkleStorageInvalidatorIntTest:test_MultipleFillsFillAllExtra() (gas: 923650)
-MerkleStorageInvalidatorIntTest:test_MultipleFillsFillAllFromLast() (gas: 922432)
+MerkleStorageInvalidatorIntTest:test_MultipleFillsFillAllFromLast() (gas: 922425)
 MerkleStorageInvalidatorIntTest:test_MultipleFillsFillAllTwoFills() (gas: 922194)
 MerkleStorageInvalidatorIntTest:test_MultipleFillsFillFirst() (gas: 707686)
-MerkleStorageInvalidatorIntTest:test_MultipleFillsFillFirstTwoFills() (gas: 933080)
+MerkleStorageInvalidatorIntTest:test_MultipleFillsFillFirstTwoFills() (gas: 933078)
 MerkleStorageInvalidatorIntTest:test_MultipleFillsFillLast() (gas: 707236)
-MerkleStorageInvalidatorIntTest:test_MultipleFillsNoDeploymentWithoutValidation() (gas: 301343)
-MerkleStorageInvalidatorIntTest:test_MultipleFillsNoReuseOfSecrets() (gas: 1052541)
+MerkleStorageInvalidatorIntTest:test_MultipleFillsNoDeploymentWithoutValidation() (gas: 301456)
+MerkleStorageInvalidatorIntTest:test_MultipleFillsNoReuseOfSecrets() (gas: 1052543)
 MerkleStorageInvalidatorIntTest:test_MultipleFillsNoSecondDeploymentWithTheSameIndex() (gas: 786044)
 MerkleStorageInvalidatorIntTest:test_MultipleFillsOddDivision() (gas: 443511)
 MerkleStorageInvalidatorIntTest:test_MultipleFillsOneFill() (gas: 707723)

contracts/BaseEscrow.sol

@@ -14,6 +14,7 @@ import { IBaseEscrow } from "./interfaces/IBaseEscrow.sol";
 /**
  * @title Base abstract Escrow contract for cross-chain atomic swap.
  * @dev {IBaseEscrow-withdraw}, {IBaseEscrow-cancel} and _validateImmutables functions must be implemented in the derived contracts.
+ * @custom:security-contact [email protected]
  */
 abstract contract BaseEscrow is IBaseEscrow {
     using AddressLib for Address;

contracts/BaseEscrowFactory.sol

@@ -24,6 +24,7 @@ import { MerkleStorageInvalidator } from "./MerkleStorageInvalidator.sol";
  * @title Abstract contract for escrow factory
  * @notice Contract to create escrow contracts for cross-chain atomic swap.
  * @dev Immutable variables must be set in the constructor of the derived contracts.
+ * @custom:security-contact [email protected]
  */
 abstract contract BaseEscrowFactory is IEscrowFactory, ResolverValidationExtension, MerkleStorageInvalidator {
     using AddressLib for Address;

contracts/Escrow.sol

@@ -13,6 +13,7 @@ import { BaseEscrow } from "./BaseEscrow.sol";
 /**
  * @title Abstract Escrow contract for cross-chain atomic swap.
  * @dev {IBaseEscrow-withdraw} and {IBaseEscrow-cancel} functions must be implemented in the derived contracts.
+ * @custom:security-contact [email protected]
  */
 abstract contract Escrow is BaseEscrow, IEscrow {
     using ImmutablesLib for Immutables;

contracts/EscrowDst.sol

@@ -17,6 +17,7 @@ import { Escrow } from "./Escrow.sol";
  * @notice Contract to initially lock funds and then unlock them with verification of the secret presented.
  * @dev Funds are locked in at the time of contract deployment. For this taker calls the `EscrowFactory.createDstEscrow` function.
  * To perform any action, the caller must provide the same Immutables values used to deploy the clone contract.
+ * @custom:security-contact [email protected]
  */
 contract EscrowDst is Escrow, IEscrowDst {
     using SafeERC20 for IERC20;

contracts/EscrowFactory.sol

@@ -18,6 +18,7 @@ import { MerkleStorageInvalidator } from "./MerkleStorageInvalidator.sol";
 /**
  * @title Escrow Factory contract
  * @notice Contract to create escrow contracts for cross-chain atomic swap.
+ * @custom:security-contact [email protected]
  */
 contract EscrowFactory is BaseEscrowFactory {
     constructor(

contracts/EscrowSrc.sol

@@ -19,6 +19,7 @@ import { Escrow } from "./Escrow.sol";
  * @dev Funds are locked in at the time of contract deployment. For this Limit Order Protocol
  * calls the `EscrowFactory.postInteraction` function.
  * To perform any action, the caller must provide the same Immutables values used to deploy the clone contract.
+ * @custom:security-contact [email protected]
  */
 contract EscrowSrc is Escrow, IEscrowSrc {
     using AddressLib for Address;

contracts/MerkleStorageInvalidator.sol

@@ -14,6 +14,7 @@ import { SRC_IMMUTABLES_LENGTH } from "./EscrowFactoryContext.sol"; // solhint-d
 /**
  * @title Merkle Storage Invalidator contract
  * @notice Contract to invalidate hashed secrets from an order that supports multiple fills.
+ * @custom:security-contact [email protected]
  */
 contract MerkleStorageInvalidator is IMerkleStorageInvalidator, ITakerInteraction {
     using MerkleProof for bytes32[];

contracts/interfaces/IBaseEscrow.sol

@@ -9,6 +9,7 @@ import { Timelocks } from "../libraries/TimelocksLib.sol";
 /**
  * @title Base Escrow interface for cross-chain atomic swap.
  * @notice Interface implies locking funds initially and then unlocking them with verification of the secret presented.
+ * @custom:security-contact [email protected]
  */
 interface IBaseEscrow {
     struct Immutables {

contracts/interfaces/IEscrow.sol

@@ -7,6 +7,7 @@ import { IBaseEscrow } from "./IBaseEscrow.sol";
 /**
  * @title Escrow interface for cross-chain atomic swap.
  * @notice Interface implies locking funds initially and then unlocking them with verification of the secret presented.
+ * @custom:security-contact [email protected]
  */
 interface IEscrow is IBaseEscrow {
     /// @notice Returns the bytecode hash of the proxy contract.

contracts/interfaces/IEscrowDst.sol

@@ -7,6 +7,7 @@ import { IEscrow } from "./IEscrow.sol";
 /**
  * @title Destination Escrow interface for cross-chain atomic swap.
  * @notice Interface implies withdrawing funds initially and then unlocking them with verification of the secret presented.
+ * @custom:security-contact [email protected]
  */
 interface IEscrowDst is IEscrow {
     /**

contracts/interfaces/IEscrowFactory.sol

@@ -11,6 +11,7 @@ import { IBaseEscrow } from "./IBaseEscrow.sol";
 /**
  * @title Escrow Factory interface for cross-chain atomic swap.
  * @notice Interface to deploy escrow contracts for the destination chain and to get the deterministic address of escrow on both chains.
+ * @custom:security-contact [email protected]
  */
 interface IEscrowFactory {
     struct ExtraDataArgs {

contracts/interfaces/IEscrowSrc.sol

@@ -7,6 +7,7 @@ import { IEscrow } from "./IEscrow.sol";
 /**
  * @title Source Escrow interface for cross-chain atomic swap.
  * @notice Interface implies locking funds initially and then unlocking them with verification of the secret presented.
+ * @custom:security-contact [email protected]
  */
 interface IEscrowSrc is IEscrow {
     /**

contracts/interfaces/IMerkleStorageInvalidator.sol

@@ -5,6 +5,7 @@ pragma solidity 0.8.23;
 /**
  * @title Merkle Storage Invalidator interface
  * @notice Interface to invalidate hashed secrets from an order that supports multiple fills.
+ * @custom:security-contact [email protected]
  */
 interface IMerkleStorageInvalidator {
     struct LastValidated {

contracts/interfaces/IResolverExample.sol

@@ -9,6 +9,7 @@ import { IBaseEscrow } from "../interfaces/IBaseEscrow.sol";
 
 /**
  * @title Interface for the sample implementation of a Resolver contract for cross-chain swap.
+ * @custom:security-contact [email protected]
  */
 interface IResolverExample {
     error InvalidLength();

contracts/libraries/ImmutablesLib.sol

@@ -6,6 +6,7 @@ import { IBaseEscrow } from "../interfaces/IBaseEscrow.sol";
 
 /**
  * @title Library for escrow immutables.
+ * @custom:security-contact [email protected]
  */
 library ImmutablesLib {
     uint256 internal constant ESCROW_IMMUTABLES_SIZE = 0x100;

contracts/libraries/ProxyHashLib.sol

@@ -4,6 +4,7 @@ pragma solidity ^0.8.20;
 
 /**
  * @title Library to compute the hash of the proxy bytecode.
+ * @custom:security-contact [email protected]
  */
 library ProxyHashLib {
     /**

contracts/libraries/TimelocksLib.sol

@@ -23,6 +23,8 @@ pragma solidity ^0.8.20;
  * publicWithdrawal: Period when anyone with a secret can withdraw tokens for maker (destination chain).
  * cancellation: Period when escrow can only be cancelled by the taker.
  * publicCancellation: Period when escrow can be cancelled by anyone.
+ * 
+ * @custom:security-contact [email protected]
  */
 type Timelocks is uint256;
 

contracts/mocks/ResolverExample.sol

@@ -17,7 +17,9 @@ import { Timelocks } from "../libraries/TimelocksLib.sol";
  * @title Sample implementation of a Resolver contract for cross-chain swap.
  * @dev It is important when deploying an escrow on the source chain to send the safety deposit and deploy the escrow in the same
  * transaction, since the address of the escrow depends on the block.timestamp.
- * You can find sample code for this in the {ResolverExample-deploySrc}. 
+ * You can find sample code for this in the {ResolverExample-deploySrc}.
+ * 
+ * @custom:security-contact [email protected]
  */
 contract ResolverExample is IResolverExample, Ownable {
     IEscrowFactory private immutable _FACTORY;

contracts/zkSync/EscrowDstZkSync.sol

@@ -5,6 +5,7 @@ pragma solidity 0.8.23;
 import { Escrow, EscrowDst } from "../EscrowDst.sol";
 import { EscrowZkSync } from "./EscrowZkSync.sol";
 
+/// @custom:security-contact [email protected]
 contract EscrowDstZkSync is EscrowDst, EscrowZkSync {
     constructor(uint32 rescueDelay) EscrowDst(rescueDelay) EscrowZkSync() {}
 

contracts/zkSync/EscrowFactoryZkSync.sol

@@ -19,6 +19,7 @@ import { ZkSyncLib } from "./ZkSyncLib.sol";
 /**
  * @title Escrow Factory contract
  * @notice Contract to create escrow contracts for cross-chain atomic swap.
+ * @custom:security-contact [email protected]
  */
 contract EscrowFactoryZkSync is BaseEscrowFactory {
     using ImmutablesLib for IBaseEscrow.Immutables;

contracts/zkSync/EscrowSrcZkSync.sol

@@ -5,6 +5,7 @@ pragma solidity 0.8.23;
 import { Escrow, EscrowSrc } from "../EscrowSrc.sol";
 import { EscrowZkSync } from "./EscrowZkSync.sol";
 
+/// @custom:security-contact [email protected]
 contract EscrowSrcZkSync is EscrowSrc, EscrowZkSync {
     constructor(uint32 rescueDelay) EscrowSrc(rescueDelay) EscrowZkSync() {}
 

contracts/zkSync/EscrowZkSync.sol

@@ -7,6 +7,7 @@ import { BaseEscrow } from "../BaseEscrow.sol";
 import { ImmutablesLib } from "../libraries/ImmutablesLib.sol";
 import { ZkSyncLib } from "./ZkSyncLib.sol";
 
+/// @custom:security-contact [email protected]
 abstract contract EscrowZkSync is BaseEscrow {
     using ImmutablesLib for Immutables;
 

contracts/zkSync/MinimalProxyZkSync.sol

@@ -2,6 +2,7 @@
 
 pragma solidity 0.8.23;
 
+/// @custom:security-contact [email protected]
 contract MinimalProxyZkSync {
     address private immutable _IMPLEMENTATION;
 

contracts/zkSync/ZkSyncLib.sol

@@ -4,6 +4,7 @@ pragma solidity ^0.8.20;
 
 /**
  * @title Library for ZkSync contracts.
+ * @custom:security-contact [email protected]
  */
 library ZkSyncLib {
     // keccak256("zksyncCreate2")