ccip icon indicating copy to clipboard operation
ccip copied to clipboard
verified publisher icon smartcontractkit

pass token into lockOrBurn

Open RensR opened this issue 1 year ago • 1 comments

Motivation

To add defence in depth, we pass the token to be locked/burned into the pool so it is able to validate the token is supported by the pool.

Solution

Passing in the token also enables creating a token pool which supports multiple tokens. To ensure the correct destination token is minted, the pool should return the source/dest token in the extraData. This can then be read by the dest pool.

We check for isSupportedToken during the setting of a pool for a token. This reduces the odds of a misconfiguration and closes some potential exploit pathways.

The PR also makes all pool IO checks consistent by adding helpers for lockOrBurn and ReleaseOrMint.

Optimizations for the onRamp had to be lowered a bit due to the extra arguments used.

RensR avatar May 23 '24 08:05 RensR

LCOV of commit c597177 during Solidity Foundry #4651

Summary coverage rate:
  lines......: 98.7% (1247 of 1264 lines)
  functions..: 96.4% (268 of 278 functions)
  branches...: 91.8% (518 of 564 branches)

Files changed coverage rate: n/a

github-actions[bot] avatar May 23 '24 08:05 github-actions[bot]