Releases: hyperlane-xyz/hyperlane-monorepo
@hyperlane-xyz/[email protected]
Patch Changes
- Updated dependencies [df34198]
- Updated dependencies [df69370]
- @hyperlane-xyz/[email protected]
- @hyperlane-xyz/[email protected]
@hyperlane-xyz/[email protected]
Minor Changes
- df34198: Includes storage gap in Mailbox Client for forwards compatibility
Patch Changes
- @hyperlane-xyz/[email protected]
@hyperlane-xyz/[email protected]
Minor Changes
- df69370: Add support for all ISM types in CLI interactive config creation
Patch Changes
- 433c5aa: Fix error form version command
- Updated dependencies [df69370]
- @hyperlane-xyz/[email protected]
- @hyperlane-xyz/[email protected]
@hyperlane-xyz/[email protected]
@hyperlane-xyz/[email protected]
@hyperlane-xyz/[email protected]
Patch Changes
- Updated dependencies [c9e0aed]
- @hyperlane-xyz/[email protected]
- @hyperlane-xyz/[email protected]
@hyperlane-xyz/[email protected]
Patch Changes
- c9e0aed: Improve client side StandardHookMetadata library interface
- Updated dependencies [c9e0aed]
- @hyperlane-xyz/[email protected]
- @hyperlane-xyz/[email protected]
@hyperlane-xyz/[email protected]
Patch Changes
- c9e0aed: Improve client side StandardHookMetadata library interface
- @hyperlane-xyz/[email protected]
V3 Solidity Contracts
e90ae5a @aroralanuk Remediate Trevor's comments (#2835)
1d18549 @yorhodes Merge main to v3 (#2812)
9168cca @aroralanuk Validator deploy tweaks (#2784)
d69d76a @aroralanuk Aggregation hook deployer (#2769)
a60ec18 @aroralanuk Unify overheardIgp and igp (#2766)
8e4f2bb @yorhodes Make immutable implementation of factories public (#2761)
bf3d3c4 @yorhodes Make recipientIsm more robust (#2767)
c91f589 @yorhodes Add unenroll to Router (#2760)
1ecfc46 @yorhodes v3 Router SDK changes (#2752)
fcfecdf @yorhodes Update router implementations for v3 (#2749)
03c92e1 @aroralanuk Minor internal review remediation (#2748)
f783c4e @aroralanuk Add globalHookMetadata (#2743)
f0e4f2b @aroralanuk Prevent invalid destination griefing for the relayer (#2703)
7312a6f @aroralanuk Add InsertedIntoTree event (#2736)
43ba1b4 @aroralanuk Running forge with latest solc (#2729)
f7dbc71 @yorhodes Update multisig ISMs for merkle hooks (#2722)
7309f77 @yorhodes Add forge test for Mailbox (#2713)
a07a993 @aroralanuk Add aggregation hook for V3 (#2667)
467e01a @yorhodes Add deployed block numbers to indexable contracts (#2672)
2b7ecfc @aroralanuk Add quoteDispatch
to IPostDispatchHook
(#2660)
6a32287 @aroralanuk Fix forge tests post V3 (#2661)
760dce6 @aroralanuk Converting the OP stack hooks to transient storage version (#2632)
f38660e @aroralanuk Modifying IGP to be a hook (#2638)
0e10306 @aroralanuk Adding Optimism Hook and dispatch with metadata (#2580)
46f5311 @yorhodes Init immutable mailbox v3 and native hooks
Additional Changes from Trail of Bits Audit Remediation:
https://github.com/hyperlane-xyz/hyperlane-monorepo/releases/tag/v3-audit-remediations
V3 Audit Remediation
Remediations to Trail of Bits Audit
Additional issues discovered
- Routers have no way to unenroll a domain and the potential workaround of enrolling the zero address for that domain fails due to
EnumerableMap.contains
semantics - Mailbox
recipientIsm
view call reverts if a message recipient does not implementinterchainSecurityModule()
but has a non-compliant fallback function - Mailbox
dispatch
reverts with underflow ifmsg.value
is not greater than required value in theMailbox.dispatch()
or possibly allows a user to circumvent required fees with preexistingaddress(mailbox).balance
- AbstractMessageIdAuthorizedIsm (never previously deployed)
msg.value
could be double spent with consecutive calls toverify
Changes
-
1ecfc46 v3 Router changes (#2752)
- Restructured the
solidity/
subdirectory for better navigation and readability. - Internal
_dispatch()
function takes in argument_value
to pass to the mailbox forMailboxClient
andRouter
contracts. - Removed the duplicated local Openzeppelin's
CrossChainEnabled
library and replaced as a dependency. (Openzeppelin has removed the library from their repo (at release 5.0.0) but our dependency is pointing to the release ^4.8.0 before the removal) - Directly calling
getAnnouncementDigest()
inValidatorAnnounce
(now aMailboxClient
) instead of theValidatorAnnouncements
library. - Removed the
IInterchainAccountRouter
andIInterchainQueryRouter
interfaces which were previously not being used anywhere except forInterchainAccountRouter
andInterchainQueryRouter
contracts. HypERC20Collateral
,HypNative
, andHypERC721Collateral
and their subsequent dependents adopt the new constructor signature fromTokenRouter
and omit theinitialize()
function made redundant because of their inheritance ofMailboxClient__initialize()
HypERC721
now correctly transfer ownership to themsg.sender
instead of the mailbox.
- Restructured the
-
c91f589 Security Patch 1: Add explicit Router unenrollment (#2760)
- Added a
unenrollRemoteRouter()
function to theRouter
contract to allow for removing a remote router from the local router'sEnumerableMapExtended
registry (useful for non-active routers). Similarily, theremove()
has been added toDomainRoutingIsm
to allow for removing a domain from the ISM'sEnumerableMapExtended
registry. DefaultFallbackRoutingIsm
also inherits fromMailboxClient
.
- Added a
-
bf3d3c4 Security Patch 2: Make recipient security module resilient to non-reverting empty fallback (#2767)
- Resolve the case when the recipient contract doesn't specify their own ISM by omitting a
interchainSecurityModule()
function but including a fallback function. In this case, the Mailbox'srecipientIsm
function reverts by trying to decode empty bytes.
- Resolve the case when the recipient contract doesn't specify their own ISM by omitting a
-
8e4f2bb Make factory implementations verifiable (#2761)
- Renaming abstract static factories for more clarity and making the
implementation()
function public on the specific factory contracts for easier offchain querying.
- Renaming abstract static factories for more clarity and making the
-
a60ec18 Unify overheardIgp and igp (#2766)
- Consolidating
InterchainGasPaymaster
andOverheadIgp
into a singleInterchainGasPaymaster
contract to remove the "inner IGP" design making it more accessible to deploy and interact with.DomainGasConfig
struct now stores the gas oracle address and the gas overhead (accounting for remote chain'sMailbox.process()
andISM.verify()
function calls in the gas calculation).
- Consolidating
-
d69d76a Security Patch 3: Underflow in Mailbox dispatch and error messages (#2769)
- Adding a check on the
msg.value
to be greater than required value in theMailbox.dispatch()
to throw a more descriptive error in the required hook instead of an underflow in the mailbox. Otherwise, if the mailbox has sufficientmsg.value
prior to the dispatch and the user overrides the default hook, she can circument paying for the dispatch.
- Adding a check on the
-
e90ae5a Security Patch 4: Fix
msg.value
replay onAbstractMessageIdAuthorizedIsm.verify()
calls- Prevents value on
AbstractMessageIdAuthorizedIsm
from being double-spent by anyverify
caller, independent of theMailbox.process
message lifecycle - An additional issue related to
AbstractMessageIdAuthorizedIsm.verify()
is captured in #2835.
- Prevents value on
SDK v1.5.8
Version 1.5.8 introduces a stable beta version of the Hyperlane CLI.
What's Changed
Full Changelog: v.1.5.3...v1.5.8