diff --git a/.gas-snapshot b/.gas-snapshot index 1a028d3..3b3302e 100644 --- a/.gas-snapshot +++ b/.gas-snapshot @@ -9,41 +9,41 @@ EscrowFactoryTest:test_NoUnsafeDeploymentForTaker() (gas: 34474) EscrowTest:test_CancelDst() (gas: 116028) EscrowTest:test_CancelDstDifferentTarget() (gas: 143286) EscrowTest:test_CancelDstWithNativeToken() (gas: 93622) -EscrowTest:test_CancelPublicSrc() (gas: 165442) +EscrowTest:test_CancelPublicSrc() (gas: 165457) EscrowTest:test_CancelResolverSrc() (gas: 168586) EscrowTest:test_CancelResolverSrcReceiver() (gas: 179340) -EscrowTest:test_NoAnyoneCancelDuringResolverCancelSrc() (gas: 163829) +EscrowTest:test_NoAnyoneCancelDuringResolverCancelSrc() (gas: 163809) EscrowTest:test_NoCallsWithInvalidImmutables() (gas: 286452) EscrowTest:test_NoCancelByAnyoneDst() (gas: 121678) EscrowTest:test_NoCancelDuringWithdrawalDst() (gas: 121438) -EscrowTest:test_NoCancelDuringWithdrawalSrc() (gas: 163938) -EscrowTest:test_NoFailedNativeTokenTransferCancelSrc() (gas: 179280) +EscrowTest:test_NoCancelDuringWithdrawalSrc() (gas: 163980) +EscrowTest:test_NoFailedNativeTokenTransferCancelSrc() (gas: 179317) EscrowTest:test_NoFailedNativeTokenTransferWithdrawalDst() (gas: 154458) EscrowTest:test_NoFailedNativeTokenTransferWithdrawalDstNative() (gas: 83365) EscrowTest:test_NoFailedNativeTokenTransferWithdrawalSrc() (gas: 312313) -EscrowTest:test_NoPublicCancelDuringPrivateCancellationSrc() (gas: 163124) +EscrowTest:test_NoPublicCancelDuringPrivateCancellationSrc() (gas: 163144) EscrowTest:test_NoPublicWithdrawOutsideOfAllowedPeriodDst() (gas: 126855) EscrowTest:test_NoPublicWithdrawalOutsideOfAllowedPeriodSrc() (gas: 169069) EscrowTest:test_NoRescueFundsByAnyoneDst() (gas: 176275) -EscrowTest:test_NoRescueFundsByAnyoneSrc() (gas: 209062) -EscrowTest:test_NoRescueFundsEarlierDst() (gas: 175685) +EscrowTest:test_NoRescueFundsByAnyoneSrc() (gas: 209077) +EscrowTest:test_NoRescueFundsEarlierDst() (gas: 175708) EscrowTest:test_NoRescueFundsEarlierSrc() (gas: 209019) -EscrowTest:test_NoWithdrawalByAnyoneSrc() (gas: 160820) +EscrowTest:test_NoWithdrawalByAnyoneSrc() (gas: 160840) EscrowTest:test_NoWithdrawalByNonResolverDst() (gas: 121384) EscrowTest:test_NoWithdrawalOutsideOfAllowedPeriodDst() (gas: 126271) -EscrowTest:test_NoWithdrawalOutsideOfAllowedPeriodSrc() (gas: 169632) +EscrowTest:test_NoWithdrawalOutsideOfAllowedPeriodSrc() (gas: 169623) EscrowTest:test_NoWithdrawalWithWrongSecretDst() (gas: 122749) EscrowTest:test_NoWithdrawalWithWrongSecretSrc() (gas: 164438) -EscrowTest:test_PublicWithdrawSrc() (gas: 181729) +EscrowTest:test_PublicWithdrawSrc() (gas: 181745) EscrowTest:test_RescueFundsDst() (gas: 158179) EscrowTest:test_RescueFundsDstNative() (gas: 186642) EscrowTest:test_RescueFundsSrc() (gas: 195453) -EscrowTest:test_RescueFundsSrcNative() (gas: 197721) +EscrowTest:test_RescueFundsSrcNative() (gas: 197720) EscrowTest:test_WithdrawByAnyoneDst() (gas: 141240) EscrowTest:test_WithdrawByResolverDst() (gas: 142325) EscrowTest:test_WithdrawByResolverDstNative() (gas: 97810) EscrowTest:test_WithdrawByResolverPublicDst() (gas: 141671) -EscrowTest:test_WithdrawSrc() (gas: 186495) +EscrowTest:test_WithdrawSrc() (gas: 186512) EscrowTest:test_WithdrawSrcTo() (gas: 191326) IntegrationEscrowFactoryTest:test_DeployCloneForMakerNonWhitelistedResolverInt() (gas: 473480) IntegrationEscrowFactoryTest:test_NoInsufficientBalanceDeploymentForMakerInt() (gas: 341110) @@ -58,13 +58,13 @@ IntegrationResolverMockTest:test_MockRescueFundsSrc() (gas: 382547) IntegrationResolverMockTest:test_MockWithdrawDst() (gas: 182848) IntegrationResolverMockTest:test_MockWithdrawToSrc() (gas: 354840) MerkleStorageInvalidatorIntTest:test_MultipleFillsFillAllExtra() (gas: 923650) -MerkleStorageInvalidatorIntTest:test_MultipleFillsFillAllFromLast() (gas: 922432) +MerkleStorageInvalidatorIntTest:test_MultipleFillsFillAllFromLast() (gas: 922425) MerkleStorageInvalidatorIntTest:test_MultipleFillsFillAllTwoFills() (gas: 922194) MerkleStorageInvalidatorIntTest:test_MultipleFillsFillFirst() (gas: 707686) -MerkleStorageInvalidatorIntTest:test_MultipleFillsFillFirstTwoFills() (gas: 933080) +MerkleStorageInvalidatorIntTest:test_MultipleFillsFillFirstTwoFills() (gas: 933078) MerkleStorageInvalidatorIntTest:test_MultipleFillsFillLast() (gas: 707236) -MerkleStorageInvalidatorIntTest:test_MultipleFillsNoDeploymentWithoutValidation() (gas: 301343) -MerkleStorageInvalidatorIntTest:test_MultipleFillsNoReuseOfSecrets() (gas: 1052541) +MerkleStorageInvalidatorIntTest:test_MultipleFillsNoDeploymentWithoutValidation() (gas: 301456) +MerkleStorageInvalidatorIntTest:test_MultipleFillsNoReuseOfSecrets() (gas: 1052543) MerkleStorageInvalidatorIntTest:test_MultipleFillsNoSecondDeploymentWithTheSameIndex() (gas: 786044) MerkleStorageInvalidatorIntTest:test_MultipleFillsOddDivision() (gas: 443511) MerkleStorageInvalidatorIntTest:test_MultipleFillsOneFill() (gas: 707723) diff --git a/contracts/BaseEscrow.sol b/contracts/BaseEscrow.sol index df85286..6333f6b 100644 --- a/contracts/BaseEscrow.sol +++ b/contracts/BaseEscrow.sol @@ -14,6 +14,7 @@ import { IBaseEscrow } from "./interfaces/IBaseEscrow.sol"; /** * @title Base abstract Escrow contract for cross-chain atomic swap. * @dev {IBaseEscrow-withdraw}, {IBaseEscrow-cancel} and _validateImmutables functions must be implemented in the derived contracts. + * @custom:security-contact security@1inch.io */ abstract contract BaseEscrow is IBaseEscrow { using AddressLib for Address; diff --git a/contracts/BaseEscrowFactory.sol b/contracts/BaseEscrowFactory.sol index d312144..214dd11 100644 --- a/contracts/BaseEscrowFactory.sol +++ b/contracts/BaseEscrowFactory.sol @@ -24,6 +24,7 @@ import { MerkleStorageInvalidator } from "./MerkleStorageInvalidator.sol"; * @title Abstract contract for escrow factory * @notice Contract to create escrow contracts for cross-chain atomic swap. * @dev Immutable variables must be set in the constructor of the derived contracts. + * @custom:security-contact security@1inch.io */ abstract contract BaseEscrowFactory is IEscrowFactory, ResolverValidationExtension, MerkleStorageInvalidator { using AddressLib for Address; diff --git a/contracts/Escrow.sol b/contracts/Escrow.sol index 78cefaa..a018c9d 100644 --- a/contracts/Escrow.sol +++ b/contracts/Escrow.sol @@ -13,6 +13,7 @@ import { BaseEscrow } from "./BaseEscrow.sol"; /** * @title Abstract Escrow contract for cross-chain atomic swap. * @dev {IBaseEscrow-withdraw} and {IBaseEscrow-cancel} functions must be implemented in the derived contracts. + * @custom:security-contact security@1inch.io */ abstract contract Escrow is BaseEscrow, IEscrow { using ImmutablesLib for Immutables; diff --git a/contracts/EscrowDst.sol b/contracts/EscrowDst.sol index 5abd37f..19fe2a1 100644 --- a/contracts/EscrowDst.sol +++ b/contracts/EscrowDst.sol @@ -17,6 +17,7 @@ import { Escrow } from "./Escrow.sol"; * @notice Contract to initially lock funds and then unlock them with verification of the secret presented. * @dev Funds are locked in at the time of contract deployment. For this taker calls the `EscrowFactory.createDstEscrow` function. * To perform any action, the caller must provide the same Immutables values used to deploy the clone contract. + * @custom:security-contact security@1inch.io */ contract EscrowDst is Escrow, IEscrowDst { using SafeERC20 for IERC20; diff --git a/contracts/EscrowFactory.sol b/contracts/EscrowFactory.sol index b71e62b..7cd04ce 100644 --- a/contracts/EscrowFactory.sol +++ b/contracts/EscrowFactory.sol @@ -18,6 +18,7 @@ import { MerkleStorageInvalidator } from "./MerkleStorageInvalidator.sol"; /** * @title Escrow Factory contract * @notice Contract to create escrow contracts for cross-chain atomic swap. + * @custom:security-contact security@1inch.io */ contract EscrowFactory is BaseEscrowFactory { constructor( diff --git a/contracts/EscrowSrc.sol b/contracts/EscrowSrc.sol index df78cbe..3dbc7fd 100644 --- a/contracts/EscrowSrc.sol +++ b/contracts/EscrowSrc.sol @@ -19,6 +19,7 @@ import { Escrow } from "./Escrow.sol"; * @dev Funds are locked in at the time of contract deployment. For this Limit Order Protocol * calls the `EscrowFactory.postInteraction` function. * To perform any action, the caller must provide the same Immutables values used to deploy the clone contract. + * @custom:security-contact security@1inch.io */ contract EscrowSrc is Escrow, IEscrowSrc { using AddressLib for Address; diff --git a/contracts/MerkleStorageInvalidator.sol b/contracts/MerkleStorageInvalidator.sol index 689f554..44be454 100644 --- a/contracts/MerkleStorageInvalidator.sol +++ b/contracts/MerkleStorageInvalidator.sol @@ -14,6 +14,7 @@ import { SRC_IMMUTABLES_LENGTH } from "./EscrowFactoryContext.sol"; // solhint-d /** * @title Merkle Storage Invalidator contract * @notice Contract to invalidate hashed secrets from an order that supports multiple fills. + * @custom:security-contact security@1inch.io */ contract MerkleStorageInvalidator is IMerkleStorageInvalidator, ITakerInteraction { using MerkleProof for bytes32[]; diff --git a/contracts/interfaces/IBaseEscrow.sol b/contracts/interfaces/IBaseEscrow.sol index 0e49513..b0af116 100644 --- a/contracts/interfaces/IBaseEscrow.sol +++ b/contracts/interfaces/IBaseEscrow.sol @@ -9,6 +9,7 @@ import { Timelocks } from "../libraries/TimelocksLib.sol"; /** * @title Base Escrow interface for cross-chain atomic swap. * @notice Interface implies locking funds initially and then unlocking them with verification of the secret presented. + * @custom:security-contact security@1inch.io */ interface IBaseEscrow { struct Immutables { diff --git a/contracts/interfaces/IEscrow.sol b/contracts/interfaces/IEscrow.sol index b1673bc..3145851 100644 --- a/contracts/interfaces/IEscrow.sol +++ b/contracts/interfaces/IEscrow.sol @@ -7,6 +7,7 @@ import { IBaseEscrow } from "./IBaseEscrow.sol"; /** * @title Escrow interface for cross-chain atomic swap. * @notice Interface implies locking funds initially and then unlocking them with verification of the secret presented. + * @custom:security-contact security@1inch.io */ interface IEscrow is IBaseEscrow { /// @notice Returns the bytecode hash of the proxy contract. diff --git a/contracts/interfaces/IEscrowDst.sol b/contracts/interfaces/IEscrowDst.sol index ff63e27..e256837 100644 --- a/contracts/interfaces/IEscrowDst.sol +++ b/contracts/interfaces/IEscrowDst.sol @@ -7,6 +7,7 @@ import { IEscrow } from "./IEscrow.sol"; /** * @title Destination Escrow interface for cross-chain atomic swap. * @notice Interface implies withdrawing funds initially and then unlocking them with verification of the secret presented. + * @custom:security-contact security@1inch.io */ interface IEscrowDst is IEscrow { /** diff --git a/contracts/interfaces/IEscrowFactory.sol b/contracts/interfaces/IEscrowFactory.sol index 1e40f61..46f13d5 100644 --- a/contracts/interfaces/IEscrowFactory.sol +++ b/contracts/interfaces/IEscrowFactory.sol @@ -11,6 +11,7 @@ import { IBaseEscrow } from "./IBaseEscrow.sol"; /** * @title Escrow Factory interface for cross-chain atomic swap. * @notice Interface to deploy escrow contracts for the destination chain and to get the deterministic address of escrow on both chains. + * @custom:security-contact security@1inch.io */ interface IEscrowFactory { struct ExtraDataArgs { diff --git a/contracts/interfaces/IEscrowSrc.sol b/contracts/interfaces/IEscrowSrc.sol index 320034f..cc8684f 100644 --- a/contracts/interfaces/IEscrowSrc.sol +++ b/contracts/interfaces/IEscrowSrc.sol @@ -7,6 +7,7 @@ import { IEscrow } from "./IEscrow.sol"; /** * @title Source Escrow interface for cross-chain atomic swap. * @notice Interface implies locking funds initially and then unlocking them with verification of the secret presented. + * @custom:security-contact security@1inch.io */ interface IEscrowSrc is IEscrow { /** diff --git a/contracts/interfaces/IMerkleStorageInvalidator.sol b/contracts/interfaces/IMerkleStorageInvalidator.sol index 610b48f..32a0972 100644 --- a/contracts/interfaces/IMerkleStorageInvalidator.sol +++ b/contracts/interfaces/IMerkleStorageInvalidator.sol @@ -5,6 +5,7 @@ pragma solidity 0.8.23; /** * @title Merkle Storage Invalidator interface * @notice Interface to invalidate hashed secrets from an order that supports multiple fills. + * @custom:security-contact security@1inch.io */ interface IMerkleStorageInvalidator { struct LastValidated { diff --git a/contracts/interfaces/IResolverExample.sol b/contracts/interfaces/IResolverExample.sol index a5610d6..ad03888 100644 --- a/contracts/interfaces/IResolverExample.sol +++ b/contracts/interfaces/IResolverExample.sol @@ -9,6 +9,7 @@ import { IBaseEscrow } from "../interfaces/IBaseEscrow.sol"; /** * @title Interface for the sample implementation of a Resolver contract for cross-chain swap. + * @custom:security-contact security@1inch.io */ interface IResolverExample { error InvalidLength(); diff --git a/contracts/libraries/ImmutablesLib.sol b/contracts/libraries/ImmutablesLib.sol index 1faaa8e..569d856 100644 --- a/contracts/libraries/ImmutablesLib.sol +++ b/contracts/libraries/ImmutablesLib.sol @@ -6,6 +6,7 @@ import { IBaseEscrow } from "../interfaces/IBaseEscrow.sol"; /** * @title Library for escrow immutables. + * @custom:security-contact security@1inch.io */ library ImmutablesLib { uint256 internal constant ESCROW_IMMUTABLES_SIZE = 0x100; diff --git a/contracts/libraries/ProxyHashLib.sol b/contracts/libraries/ProxyHashLib.sol index 307c948..6852154 100644 --- a/contracts/libraries/ProxyHashLib.sol +++ b/contracts/libraries/ProxyHashLib.sol @@ -4,6 +4,7 @@ pragma solidity ^0.8.20; /** * @title Library to compute the hash of the proxy bytecode. + * @custom:security-contact security@1inch.io */ library ProxyHashLib { /** diff --git a/contracts/libraries/TimelocksLib.sol b/contracts/libraries/TimelocksLib.sol index 299cbb6..396c2bc 100644 --- a/contracts/libraries/TimelocksLib.sol +++ b/contracts/libraries/TimelocksLib.sol @@ -23,6 +23,8 @@ pragma solidity ^0.8.20; * publicWithdrawal: Period when anyone with a secret can withdraw tokens for maker (destination chain). * cancellation: Period when escrow can only be cancelled by the taker. * publicCancellation: Period when escrow can be cancelled by anyone. + * + * @custom:security-contact security@1inch.io */ type Timelocks is uint256; diff --git a/contracts/mocks/ResolverExample.sol b/contracts/mocks/ResolverExample.sol index d56f28a..4ec109e 100644 --- a/contracts/mocks/ResolverExample.sol +++ b/contracts/mocks/ResolverExample.sol @@ -17,7 +17,9 @@ import { Timelocks } from "../libraries/TimelocksLib.sol"; * @title Sample implementation of a Resolver contract for cross-chain swap. * @dev It is important when deploying an escrow on the source chain to send the safety deposit and deploy the escrow in the same * transaction, since the address of the escrow depends on the block.timestamp. - * You can find sample code for this in the {ResolverExample-deploySrc}. + * You can find sample code for this in the {ResolverExample-deploySrc}. + * + * @custom:security-contact security@1inch.io */ contract ResolverExample is IResolverExample, Ownable { IEscrowFactory private immutable _FACTORY; diff --git a/contracts/zkSync/EscrowDstZkSync.sol b/contracts/zkSync/EscrowDstZkSync.sol index 69384b7..c075be2 100644 --- a/contracts/zkSync/EscrowDstZkSync.sol +++ b/contracts/zkSync/EscrowDstZkSync.sol @@ -5,6 +5,7 @@ pragma solidity 0.8.23; import { Escrow, EscrowDst } from "../EscrowDst.sol"; import { EscrowZkSync } from "./EscrowZkSync.sol"; +/// @custom:security-contact security@1inch.io contract EscrowDstZkSync is EscrowDst, EscrowZkSync { constructor(uint32 rescueDelay) EscrowDst(rescueDelay) EscrowZkSync() {} diff --git a/contracts/zkSync/EscrowFactoryZkSync.sol b/contracts/zkSync/EscrowFactoryZkSync.sol index b04b9d6..5bb7fca 100644 --- a/contracts/zkSync/EscrowFactoryZkSync.sol +++ b/contracts/zkSync/EscrowFactoryZkSync.sol @@ -19,6 +19,7 @@ import { ZkSyncLib } from "./ZkSyncLib.sol"; /** * @title Escrow Factory contract * @notice Contract to create escrow contracts for cross-chain atomic swap. + * @custom:security-contact security@1inch.io */ contract EscrowFactoryZkSync is BaseEscrowFactory { using ImmutablesLib for IBaseEscrow.Immutables; diff --git a/contracts/zkSync/EscrowSrcZkSync.sol b/contracts/zkSync/EscrowSrcZkSync.sol index 4c8c054..1723679 100644 --- a/contracts/zkSync/EscrowSrcZkSync.sol +++ b/contracts/zkSync/EscrowSrcZkSync.sol @@ -5,6 +5,7 @@ pragma solidity 0.8.23; import { Escrow, EscrowSrc } from "../EscrowSrc.sol"; import { EscrowZkSync } from "./EscrowZkSync.sol"; +/// @custom:security-contact security@1inch.io contract EscrowSrcZkSync is EscrowSrc, EscrowZkSync { constructor(uint32 rescueDelay) EscrowSrc(rescueDelay) EscrowZkSync() {} diff --git a/contracts/zkSync/EscrowZkSync.sol b/contracts/zkSync/EscrowZkSync.sol index 950c6b4..38e62c4 100644 --- a/contracts/zkSync/EscrowZkSync.sol +++ b/contracts/zkSync/EscrowZkSync.sol @@ -7,6 +7,7 @@ import { BaseEscrow } from "../BaseEscrow.sol"; import { ImmutablesLib } from "../libraries/ImmutablesLib.sol"; import { ZkSyncLib } from "./ZkSyncLib.sol"; +/// @custom:security-contact security@1inch.io abstract contract EscrowZkSync is BaseEscrow { using ImmutablesLib for Immutables; diff --git a/contracts/zkSync/MinimalProxyZkSync.sol b/contracts/zkSync/MinimalProxyZkSync.sol index efb9115..7f29bd7 100644 --- a/contracts/zkSync/MinimalProxyZkSync.sol +++ b/contracts/zkSync/MinimalProxyZkSync.sol @@ -2,6 +2,7 @@ pragma solidity 0.8.23; +/// @custom:security-contact security@1inch.io contract MinimalProxyZkSync { address private immutable _IMPLEMENTATION; diff --git a/contracts/zkSync/ZkSyncLib.sol b/contracts/zkSync/ZkSyncLib.sol index d0932da..5ec4121 100644 --- a/contracts/zkSync/ZkSyncLib.sol +++ b/contracts/zkSync/ZkSyncLib.sol @@ -4,6 +4,7 @@ pragma solidity ^0.8.20; /** * @title Library for ZkSync contracts. + * @custom:security-contact security@1inch.io */ library ZkSyncLib { // keccak256("zksyncCreate2")