feat: support oft tokens with non-zero bridge fees#1227
Merged
grasphoper merged 7 commits intofaisal/perp-destination-dexfrom Feb 2, 2026
Merged
feat: support oft tokens with non-zero bridge fees#1227grasphoper merged 7 commits intofaisal/perp-destination-dexfrom
grasphoper merged 7 commits intofaisal/perp-destination-dexfrom
Conversation
grasphoper
requested review from
bmzig,
mrice32,
nicholaspai and
pxrl
as code owners
Signed-off-by: Ihor Farion <ihor@umaproject.org>
Signed-off-by: Ihor Farion <ihor@umaproject.org>
Signed-off-by: Ihor Farion <ihor@umaproject.org>
grasphoper
force-pushed
the
if/poc-usdt0-with-fees
branch
from
2f99282 to
92f9e84
Compare
tbwebb22
approved these changes
Dec 19, 2025
fusmanii
added
need to audit
fusmanii
added a commit
that referenced
this pull request
Feb 3, 2026
* feat: Perp destination dex support Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * depositFor for USDC Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * fixed tests Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * trust api with destination dex Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * set spot as source Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * add helper funcs Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * fixed data indexes Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * updated cctp min msg length Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * updated oft min msg length Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * feat: `HyperCore` account creation from user funds (#1224) * plan out the code Signed-off-by: Ihor Farion <ihor@umaproject.org> * dst side impl Signed-off-by: Ihor Farion <ihor@umaproject.org> * remove redundant var Signed-off-by: Ihor Farion <ihor@umaproject.org> * add account creation mode to encoded / decoded data Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix tests and build Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * correct read indicies + add test Signed-off-by: Ihor Farion <ihor@umaproject.org> * update cctp min msg length Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * updated SponsoredDepositForBurn with new fields Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * remove duplicate check from 2 places Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix params.commonParams.amountInEVM == 0 edge case Signed-off-by: Ihor Farion <ihor@umaproject.org> * add return after falling back to EVM flow Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix account activation amounts logic for when finalizing the swap flow Signed-off-by: Ihor Farion <ihor@umaproject.org> * simplify if conditions Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix some problems and introduce a stack-too-deep :) Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix stack too deep Signed-off-by: Ihor Farion <ihor@umaproject.org> * smh fix Signed-off-by: Ihor Farion <ihor@umaproject.org> * improve sweepOnCore and fix transferCoreToCore (#1270) Signed-off-by: Ihor Farion <ihor@umaproject.org> * improve: address L-02 & L-03 (#1268) * add early revert instead of implicit revert Signed-off-by: Ihor Farion <ihor@umaproject.org> * adjust test behavior Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * adjust interfaces and comments (#1269) Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix: Address L01 (#1271) * fix: Address L01 Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * refactor: Use toUint256() with casting instead of specialized functions Replace toUint8FromWord, toUint16FromWord, and toUint32FromWord with direct casting from toUint256() for a cleaner and more minimal diff. Co-authored-by: Faisal Usmani <fusmanii@users.noreply.github.com> --------- Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Faisal Usmani <fusmanii@users.noreply.github.com> * fix: revert on invalid signature in receiveMessage to prevent griefing (#1255) * fix: revert on invalid signature in receiveMessage to prevent griefing This fix addresses ACP-27 where an attacker could grief users by front-running receiveMessage with valid CCTP message/attestation but an invalid signature. Previously, this would cause the transaction to succeed with fallback behavior, consuming the CCTP nonce and causing the user to lose sponsorship and custom EVM actions. Changes: - Replace _isQuoteValid() with _validateQuoteOrRevert() that reverts with specific errors (InvalidSignature, InvalidNonce, InvalidDeadline) - Remove conditional fallback logic since validation now reverts - Update tests to expect reverts instead of fallback behavior - Add griefing attack prevention tests Now when an attacker submits an invalid signature, the entire transaction reverts, preserving the CCTP nonce so the legitimate caller can still submit with the correct signature. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix comp error Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> * remove extra sload Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> --------- Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * feat: support oft tokens with non-zero bridge fees (#1227) * impl Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix tests Signed-off-by: Ihor Farion <ihor@umaproject.org> * comments Signed-off-by: Ihor Farion <ihor@umaproject.org> * interim better Signed-off-by: Ihor Farion <ihor@umaproject.org> * almost there Signed-off-by: Ihor Farion <ihor@umaproject.org> * better Signed-off-by: Ihor Farion <ihor@umaproject.org> * polish to a more auditable state Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Ihor Farion <ihor@umaproject.org> * remove deadline data from oft cross-chain message Signed-off-by: Ihor Farion <ihor@umaproject.org> * add maxUserSlippageBps to the signed parameters (#1288) Signed-off-by: Ihor Farion <ihor@umaproject.org> * fix createLighterDeposit.s.sol script Signed-off-by: Ihor Farion <ihor@umaproject.org> --------- Signed-off-by: Faisal Usmani <faisal.of.usmani@gmail.com> Signed-off-by: Ihor Farion <ihor@umaproject.org> Co-authored-by: Ihor Farion <65650773+grasphoper@users.noreply.github.com> Co-authored-by: Ihor Farion <ihor@umaproject.org> Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com> Co-authored-by: Faisal Usmani <fusmanii@users.noreply.github.com> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.