Skip to content

Releases: hyperlane-xyz/hyperlane-monorepo

@hyperlane-xyz/[email protected]

28 Nov 23:06
750303a
Compare
Choose a tag to compare

Patch Changes

@hyperlane-xyz/[email protected]

28 Nov 23:06
750303a
Compare
Choose a tag to compare

Minor Changes

  • df34198: Includes storage gap in Mailbox Client for forwards compatibility

Patch Changes

@hyperlane-xyz/[email protected]

28 Nov 23:06
750303a
Compare
Choose a tag to compare

Minor Changes

  • df69370: Add support for all ISM types in CLI interactive config creation

Patch Changes

@hyperlane-xyz/[email protected]

23 Nov 00:31
203df39
Compare
Choose a tag to compare

@hyperlane-xyz/[email protected]

23 Nov 00:31
203df39
Compare
Choose a tag to compare

Patch Changes

@hyperlane-xyz/[email protected]

23 Nov 00:31
203df39
Compare
Choose a tag to compare

Patch Changes

@hyperlane-xyz/[email protected]

23 Nov 00:31
203df39
Compare
Choose a tag to compare

Patch Changes

V3 Solidity Contracts

04 Dec 23:46
e90ae5a
Compare
Choose a tag to compare

e90ae5a @aroralanuk Remediate Trevor's comments (#2835)
1d18549 @yorhodes Merge main to v3 (#2812)
9168cca @aroralanuk Validator deploy tweaks (#2784)
d69d76a @aroralanuk Aggregation hook deployer (#2769)
a60ec18 @aroralanuk Unify overheardIgp and igp (#2766)
8e4f2bb @yorhodes Make immutable implementation of factories public (#2761)
bf3d3c4 @yorhodes Make recipientIsm more robust (#2767)
c91f589 @yorhodes Add unenroll to Router (#2760)
1ecfc46 @yorhodes v3 Router SDK changes (#2752)
fcfecdf @yorhodes Update router implementations for v3 (#2749)
03c92e1 @aroralanuk Minor internal review remediation (#2748)
f783c4e @aroralanuk Add globalHookMetadata (#2743)
f0e4f2b @aroralanuk Prevent invalid destination griefing for the relayer (#2703)
7312a6f @aroralanuk Add InsertedIntoTree event (#2736)
43ba1b4 @aroralanuk Running forge with latest solc (#2729)
f7dbc71 @yorhodes Update multisig ISMs for merkle hooks (#2722)
7309f77 @yorhodes Add forge test for Mailbox (#2713)
a07a993 @aroralanuk Add aggregation hook for V3 (#2667)
467e01a @yorhodes Add deployed block numbers to indexable contracts (#2672)
2b7ecfc @aroralanuk Add quoteDispatch to IPostDispatchHook (#2660)
6a32287 @aroralanuk Fix forge tests post V3 (#2661)
760dce6 @aroralanuk Converting the OP stack hooks to transient storage version (#2632)
f38660e @aroralanuk Modifying IGP to be a hook (#2638)
0e10306 @aroralanuk Adding Optimism Hook and dispatch with metadata (#2580)
46f5311 @yorhodes Init immutable mailbox v3 and native hooks

Additional Changes from Trail of Bits Audit Remediation:
https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/v3-audit-remediations

V3 Audit Remediation

16 Oct 18:15
e90ae5a
Compare
Choose a tag to compare

Remediations to Trail of Bits Audit

Additional issues discovered

  1. Routers have no way to unenroll a domain and the potential workaround of enrolling the zero address for that domain fails due to EnumerableMap.contains semantics
  2. Mailbox recipientIsm view call reverts if a message recipient does not implement interchainSecurityModule() but has a non-compliant fallback function
  3. Mailbox dispatch reverts with underflow if msg.value is not greater than required value in the Mailbox.dispatch() or possibly allows a user to circumvent required fees with preexisting address(mailbox).balance
  4. AbstractMessageIdAuthorizedIsm (never previously deployed) msg.value could be double spent with consecutive calls to verify

Changes

  • 1ecfc46 v3 Router changes (#2752)

    • Restructured the solidity/ subdirectory for better navigation and readability.
    • Internal _dispatch() function takes in argument _value to pass to the mailbox for MailboxClient and Router contracts.
    • Removed the duplicated local Openzeppelin's CrossChainEnabled library and replaced as a dependency. (Openzeppelin has removed the library from their repo (at release 5.0.0) but our dependency is pointing to the release ^4.8.0 before the removal)
    • Directly calling getAnnouncementDigest() in ValidatorAnnounce (now a MailboxClient) instead of the ValidatorAnnouncements library.
    • Removed the IInterchainAccountRouter and IInterchainQueryRouter interfaces which were previously not being used anywhere except for InterchainAccountRouter and InterchainQueryRouter contracts.
    • HypERC20Collateral, HypNative, and HypERC721Collateral and their subsequent dependents adopt the new constructor signature from TokenRouter and omit the initialize() function made redundant because of their inheritance of MailboxClient__initialize()
    • HypERC721 now correctly transfer ownership to the msg.sender instead of the mailbox.
  • c91f589 Security Patch 1: Add explicit Router unenrollment (#2760)

    • Added a unenrollRemoteRouter() function to the Router contract to allow for removing a remote router from the local router's EnumerableMapExtended registry (useful for non-active routers). Similarily, the remove() has been added to DomainRoutingIsm to allow for removing a domain from the ISM's EnumerableMapExtended registry.
    • DefaultFallbackRoutingIsm also inherits from MailboxClient.
  • bf3d3c4 Security Patch 2: Make recipient security module resilient to non-reverting empty fallback (#2767)

    • Resolve the case when the recipient contract doesn't specify their own ISM by omitting a interchainSecurityModule() function but including a fallback function. In this case, the Mailbox's recipientIsm function reverts by trying to decode empty bytes.
  • 8e4f2bb Make factory implementations verifiable (#2761)

    • Renaming abstract static factories for more clarity and making the implementation() function public on the specific factory contracts for easier offchain querying.
  • a60ec18 Unify overheardIgp and igp (#2766)

    • Consolidating InterchainGasPaymaster and OverheadIgp into a single InterchainGasPaymaster contract to remove the "inner IGP" design making it more accessible to deploy and interact with. DomainGasConfig struct now stores the gas oracle address and the gas overhead (accounting for remote chain's Mailbox.process() and ISM.verify() function calls in the gas calculation).
  • d69d76a Security Patch 3: Underflow in Mailbox dispatch and error messages (#2769)

    • Adding a check on the msg.value to be greater than required value in the Mailbox.dispatch() to throw a more descriptive error in the required hook instead of an underflow in the mailbox. Otherwise, if the mailbox has sufficient msg.value prior to the dispatch and the user overrides the default hook, she can circument paying for the dispatch.
  • e90ae5a Security Patch 4: Fix msg.value replay on AbstractMessageIdAuthorizedIsm.verify() calls

    • Prevents value on AbstractMessageIdAuthorizedIsm from being double-spent by any verify caller, independent of the Mailbox.process message lifecycle
    • An additional issue related to AbstractMessageIdAuthorizedIsm.verify() is captured in #2835.

SDK v1.5.8

16 Oct 14:17
Compare
Choose a tag to compare

Version 1.5.8 introduces a stable beta version of the Hyperlane CLI.

What's Changed

Full Changelog: v.1.5.3...v1.5.8