Merge branch 'main' into feat/test-coverage-one

.github/workflows/slither.yml

@@ -0,0 +1,16 @@
+name: Slither Static Analysis
+
+on:
+  - pull_request
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Run Slither
+        uses: crytic/[email protected]

DESIGN.md

@@ -21,19 +21,19 @@ Note that a lot of the design choises were made with supporting non-EVM chains i
 
 ### Canonical Bridges
 
-Most current bridge designs aim to get a pre-existing, popular token to different chains that can benefit from the liquidity. When they do so the resulting token, called [`StandardizedToken`](./contracts/utils/StandardizedToken.sol) in this project, will only have basic functionality that enables users to transfer their token and use it with general use smart contracts like De-Fi applications. This is certainly powerfull, and has the benefit that as long as the pre-existing `ERC20` implemention and the bridge function properly everything run as expected. We wanted to include this design for the `InterchainTokenService` as well, so deployers can deploy a Canonical Bridge for any token they want, and this can be done only once per pre-existing `ERC20`. Who the deployer is does not matter for this, they just need to pay for the deployment gas, but they do not need to be trusted as they have no special powers over this kind of bridge
+Most current bridge designs aim to get a pre-existing, popular token to different chains that can benefit from the liquidity. When they do so the resulting token, called [`StandardizedToken`](./contracts/utils/StandardizedToken.sol) in this project, will only have basic functionality that enables users to transfer their token and use it with general use smart contracts like De-Fi applications. This is certainly powerful, and has the benefit that as long as the pre-existing `ERC20` implementation and the bridge function properly everything run as expected. We wanted to include this design for the `InterchainTokenService` as well, so deployers can deploy a Canonical Bridge for any token they want, and this can be done only once per pre-existing `ERC20`. Who the deployer is does not matter for this, they just need to pay for the deployment gas, but they do not need to be trusted as they have no special powers over this kind of bridge
 
 ### Custom Bridges
 
 Most projects that look to go cross-chain nowadays have more complex needs that the ones covered by Canonical Bridges: they often need custom `ERC20` designs, and will sometimes want to have additional power over the bridge. This is where the `InterchainTokenService` shines, deployers can claim certain `tokenIds` only based on their `address`, and a `salt` they provide, and specify any kind of `TokenManager` to be deployed and either manage an external `ERC20` or a `StandardizedToken`. Users using Custom Bridges need to trust the deployers as they could easily confiscate the funds of users if they wanted to, same as any `ERC20` distributor could confiscate the funds of users. There are currently three kinds of possible `TokenManagers` available, but this number might increase in the future, as we find more potential uses for the `InterchainTokenService`.
 - Lock/Unlock: This `TokenManager` will simply transfer tokens from a user to itself or vice versa to initiate/fulfill cross-chain transfers
-- Mint/Burn: This `TokenManager` will burn/mint tokens from/to the user to initiate/fulfill cross-chain transfers. Tokens used with this kind of `TokenManager` need to be properly permissioned to allow for this behaviour.
-- Liquidity Pool: This `TokenManager` functions exaclty like a Lock/Unlock one, except the balance is kept at a separate, prespecified account. This allows for deployers to have more controll over the bridged funds.
+- Mint/Burn: This `TokenManager` will burn/mint tokens from/to the user to initiate/fulfill cross-chain transfers. Tokens used with this kind of `TokenManager` need to be properly permissioned to allow for this behavior.
+- Liquidity Pool: This `TokenManager` functions exactly like a Lock/Unlock one, except the balance is kept at a separate, pre-specified account. This allows for deployers to have more control over the bridged funds.
 
 ## Linker Router
 
-We plan to finalize the design of the `InterchainTokenService` but we want to be able to support new chains as they get added to the Axelar Network. For this purpose, the service will ask a separate contract, the [`RemoteAddressValidator`](./contracts/remoteAddressValidator/RemoteAddressValidator.sol) to obtain the destination address for outgoing messages, and for validation of incoming messages. This contract might eventually stop being upgradable but it will probalby be able to support new addresses for new chains indefinately.
+We plan to finalize the design of the `InterchainTokenService` but we want to be able to support new chains as they get added to the Axelar Network. For this purpose, the service will ask a separate contract, the [`RemoteAddressValidator`](./contracts/remoteAddressValidator/RemoteAddressValidator.sol) to obtain the destination address for outgoing messages, and for validation of incoming messages. This contract might eventually stop being upgradable but it will probably be able to support new addresses for new chains indefinitely.
 
 ## Interchain Token
 
-We designed an [interface](./contracts/interfaces/IInterchainToken.sol) allong a [example implementation](./contracts/interchainToken/InterchainToken.sol) of an ERC20 that can use the `InterchainTokenService` internally. This has the main benefit that for `TokenManagers` that require user approval (Lock/Unlock and Liquidity Pool typically) the token can provide this approval within the same call, providing better UX for users, and saving them some gas.
+We designed an [interface](./contracts/interfaces/IInterchainToken.sol) along a [example implementation](./contracts/interchainToken/InterchainToken.sol) of an ERC20 that can use the `InterchainTokenService` internally. This has the main benefit that for `TokenManagers` that require user approval (Lock/Unlock and Liquidity Pool typically) the token can provide this approval within the same call, providing better UX for users, and saving them some gas.

contracts/examples/InterchainTokenExecutable.sol

@@ -23,16 +23,18 @@ abstract contract InterchainTokenExecutable is IInterchainTokenExecutable {
         bytes calldata sourceAddress,
         bytes calldata data,
         bytes32 tokenId,
+        address token,
         uint256 amount
     ) external onlyService {
-        _executeWithInterchainToken(sourceChain, sourceAddress, data, tokenId, amount);
+        _executeWithInterchainToken(sourceChain, sourceAddress, data, tokenId, token, amount);
     }
 
     function _executeWithInterchainToken(
         string calldata sourceChain,
         bytes calldata sourceAddress,
         bytes calldata data,
         bytes32 tokenId,
+        address token,
         uint256 amount
     ) internal virtual;
 }

contracts/examples/InterchainTokenExpressExecutable.sol

@@ -13,8 +13,9 @@ abstract contract InterchainTokenExpressExecutable is IInterchainTokenExpressExe
         bytes calldata sourceAddress,
         bytes calldata data,
         bytes32 tokenId,
+        address token,
         uint256 amount
     ) external onlyService {
-        _executeWithInterchainToken(sourceChain, sourceAddress, data, tokenId, amount);
+        _executeWithInterchainToken(sourceChain, sourceAddress, data, tokenId, token, amount);
     }
 }