doc: upd diff and doc for __gap

Certora · Dec 30, 2024 · 59c3763 · 59c3763
1 parent ca12f63
commit 59c3763
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 26 deletions.
diff --git a/contracts/src/v0.8/ccip/pools/GHO/UpgradeableTokenPool.sol b/contracts/src/v0.8/ccip/pools/GHO/UpgradeableTokenPool.sol
@@ -600,5 +600,7 @@ abstract contract UpgradeableTokenPool is IPoolV1, Ownable2StepMsgSender {
     }
   }
 
+  /// @dev This empty reserved space is put in place to allow future versions to add new
+  /// variables without shifting down storage in the inheritance chain.
   uint256[42] private __gap;
 }
diff --git a/contracts/src/v0.8/ccip/pools/GHO/diffs/UpgradeableLockReleaseTokenPool_diff.md b/contracts/src/v0.8/ccip/pools/GHO/diffs/UpgradeableLockReleaseTokenPool_diff.md
@@ -1,9 +1,9 @@
 ```diff
 diff --git a/src/v0.8/ccip/pools/LockReleaseTokenPool.sol b/src/v0.8/ccip/pools/GHO/UpgradeableLockReleaseTokenPool.sol
-index ecc28a14dd..68655c345e 100644
+index ecc28a14dd..5d5e055299 100644
 --- a/src/v0.8/ccip/pools/LockReleaseTokenPool.sol
 +++ b/src/v0.8/ccip/pools/GHO/UpgradeableLockReleaseTokenPool.sol
-@@ -1,25 +1,44 @@
+@@ -1,25 +1,45 @@
  // SPDX-License-Identifier: BUSL-1.1
 -pragma solidity 0.8.24;
 +pragma solidity ^0.8.0;
@@ -39,6 +39,7 @@ index ecc28a14dd..68655c345e 100644
 +/// - Addition of authorized function to update amount of tokens that are currently bridged
 +/// - Modifications from inherited contract (see contract for more details):
 +///    - UpgradeableTokenPool: Remove i_token decimal check in constructor
++///    - Add storage `__gap` for future upgrades.
 +
 +/// @dev Token pool used for tokens on their native chain. This uses a lock and release mechanism.
  /// Because of lock/unlock requiring liquidity, this pool contract also has function to add and remove
@@ -58,7 +59,7 @@ index ecc28a14dd..68655c345e 100644
 
    event LiquidityTransferred(address indexed from, uint256 amount);
 
-@@ -33,30 +52,69 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
+@@ -33,30 +53,69 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
    /// @notice The address of the rebalancer.
    address internal s_rebalancer;
 
@@ -137,7 +138,7 @@ index ecc28a14dd..68655c345e 100644
    }
 
    /// @notice Release tokens from the pool to the recipient
-@@ -64,11 +122,18 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
+@@ -64,11 +123,18 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
    function releaseOrMint(
      Pool.ReleaseOrMintInV1 calldata releaseOrMintIn
    ) external virtual override returns (Pool.ReleaseOrMintOutV1 memory) {
@@ -158,7 +159,7 @@ index ecc28a14dd..68655c345e 100644
 
      // Release to the recipient
      getToken().safeTransfer(releaseOrMintIn.receiver, localAmount);
-@@ -79,9 +144,7 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
+@@ -79,9 +145,7 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
    }
 
    /// @inheritdoc IERC165
@@ -169,7 +170,7 @@ index ecc28a14dd..68655c345e 100644
      return interfaceId == type(ILiquidityContainer).interfaceId || super.supportsInterface(interfaceId);
    }
 
-@@ -93,12 +156,55 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
+@@ -93,12 +157,55 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
 
    /// @notice Sets the LiquidityManager address.
    /// @dev Only callable by the owner.
@@ -228,7 +229,7 @@ index ecc28a14dd..68655c345e 100644
    /// @notice Checks if the pool can accept liquidity.
    /// @return true if the pool can accept liquidity, false otherwise.
    function canAcceptLiquidity() external view returns (bool) {
-@@ -107,9 +213,7 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
+@@ -107,9 +214,7 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
 
    /// @notice Adds liquidity to the pool. The tokens should be approved first.
    /// @param amount The amount of liquidity to provide.
@@ -239,7 +240,7 @@ index ecc28a14dd..68655c345e 100644
      if (!i_acceptLiquidity) revert LiquidityNotAccepted();
      if (s_rebalancer != msg.sender) revert Unauthorized(msg.sender);
 
-@@ -119,9 +223,7 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
+@@ -119,9 +224,7 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
 
    /// @notice Removed liquidity to the pool. The tokens will be sent to msg.sender.
    /// @param amount The amount of liquidity to remove.
@@ -250,7 +251,7 @@ index ecc28a14dd..68655c345e 100644
      if (s_rebalancer != msg.sender) revert Unauthorized(msg.sender);
 
      if (i_token.balanceOf(address(this)) < amount) revert InsufficientLiquidity();
-@@ -141,7 +243,7 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
+@@ -141,7 +244,7 @@ contract LockReleaseTokenPool is TokenPool, ILiquidityContainer, ITypeAndVersion
    /// @param from The address of the old pool.
    /// @param amount The amount of liquidity to transfer.
    function transferLiquidity(address from, uint256 amount) external onlyOwner {

diff --git a/contracts/src/v0.8/ccip/pools/GHO/diffs/UpgradeableTokenPool_diff.md b/contracts/src/v0.8/ccip/pools/GHO/diffs/UpgradeableTokenPool_diff.md
@@ -1,9 +1,9 @@
 ```diff
 diff --git a/src/v0.8/ccip/pools/TokenPool.sol b/src/v0.8/ccip/pools/GHO/UpgradeableTokenPool.sol
-index cd3096f4ef..699b76ec37 100644
+index cd3096f4ef..8c0965a67f 100644
 --- a/src/v0.8/ccip/pools/TokenPool.sol
 +++ b/src/v0.8/ccip/pools/GHO/UpgradeableTokenPool.sol
-@@ -1,26 +1,28 @@
+@@ -1,26 +1,29 @@
  // SPDX-License-Identifier: BUSL-1.1
 -pragma solidity 0.8.24;
 +pragma solidity ^0.8.0;
@@ -42,10 +42,11 @@ index cd3096f4ef..699b76ec37 100644
 -///
 +/// @dev Contract adaptations:
 +///  - Remove i_token decimal check in constructor.
++///  - Add storage `__gap` for future upgrades.
  /// Example:
  /// Assume there is a token with 6 decimals on chain A and 3 decimals on chain B.
  /// - 1.234567 tokens are burned on chain A.
-@@ -29,7 +31,7 @@ import {EnumerableSet} from "../../vendor/openzeppelin-solidity/v5.0.2/contracts
+@@ -29,7 +32,7 @@ import {EnumerableSet} from "../../vendor/openzeppelin-solidity/v5.0.2/contracts
  /// 0.000567 tokens.
  /// In the case of a burnMint pool on chain A, these funds are burned in the pool on chain A.
  /// In the case of a lockRelease pool on chain A, these funds accumulate in the pool on chain A.
@@ -54,7 +55,7 @@ index cd3096f4ef..699b76ec37 100644
    using EnumerableSet for EnumerableSet.Bytes32Set;
    using EnumerableSet for EnumerableSet.AddressSet;
    using EnumerableSet for EnumerableSet.UintSet;
-@@ -117,34 +119,18 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -117,34 +120,18 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    /// @dev Can be address(0) if none is configured.
    address internal s_rateLimitAdmin;
 
@@ -93,7 +94,7 @@ index cd3096f4ef..699b76ec37 100644
      return token == address(i_token);
    }
 
-@@ -168,9 +154,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -168,9 +155,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
 
    /// @notice Sets the pool's Router
    /// @param newRouter The new Router
@@ -104,7 +105,7 @@ index cd3096f4ef..699b76ec37 100644
      if (newRouter == address(0)) revert ZeroAddressNotAllowed();
      address oldRouter = address(s_router);
      s_router = IRouter(newRouter);
-@@ -179,11 +163,11 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -179,11 +164,11 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    }
 
    /// @notice Signals which version of the pool interface is supported
@@ -121,7 +122,7 @@ index cd3096f4ef..699b76ec37 100644
    }
 
    // ================================================================
-@@ -199,9 +183,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -199,9 +184,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    /// @param lockOrBurnIn The input to validate.
    /// @dev This function should always be called before executing a lock or burn. Not doing so would allow
    /// for various exploits.
@@ -132,7 +133,7 @@ index cd3096f4ef..699b76ec37 100644
      if (!isSupportedToken(lockOrBurnIn.localToken)) revert InvalidToken(lockOrBurnIn.localToken);
      if (IRMN(i_rmnProxy).isCursed(bytes16(uint128(lockOrBurnIn.remoteChainSelector)))) revert CursedByRMN();
      _checkAllowList(lockOrBurnIn.originalSender);
-@@ -219,9 +201,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -219,9 +202,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    /// @param releaseOrMintIn The input to validate.
    /// @dev This function should always be called before executing a release or mint. Not doing so would allow
    /// for various exploits.
@@ -143,7 +144,7 @@ index cd3096f4ef..699b76ec37 100644
      if (!isSupportedToken(releaseOrMintIn.localToken)) revert InvalidToken(releaseOrMintIn.localToken);
      if (IRMN(i_rmnProxy).isCursed(bytes16(uint128(releaseOrMintIn.remoteChainSelector)))) revert CursedByRMN();
      _onlyOffRamp(releaseOrMintIn.remoteChainSelector);
-@@ -247,9 +227,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -247,9 +228,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
      return abi.encode(i_tokenDecimals);
    }
 
@@ -154,7 +155,7 @@ index cd3096f4ef..699b76ec37 100644
      // Fallback to the local token decimals if the source pool data is empty. This allows for backwards compatibility.
      if (sourcePoolData.length == 0) {
        return i_tokenDecimals;
-@@ -304,9 +282,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -304,9 +283,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    /// @notice Gets the pool address on the remote chain.
    /// @param remoteChainSelector Remote chain selector.
    /// @dev To support non-evm chains, this value is encoded into bytes
@@ -165,7 +166,7 @@ index cd3096f4ef..699b76ec37 100644
      bytes32[] memory remotePoolHashes = s_remoteChainConfigs[remoteChainSelector].remotePools.values();
 
      bytes[] memory remotePools = new bytes[](remotePoolHashes.length);
-@@ -327,9 +303,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -327,9 +304,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    /// @notice Gets the token address on the remote chain.
    /// @param remoteChainSelector Remote chain selector.
    /// @dev To support non-evm chains, this value is encoded into bytes
@@ -176,7 +177,7 @@ index cd3096f4ef..699b76ec37 100644
      return s_remoteChainConfigs[remoteChainSelector].remoteTokenAddress;
    }
 
-@@ -358,9 +332,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -358,9 +333,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    }
 
    /// @inheritdoc IPoolV1
@@ -187,7 +188,7 @@ index cd3096f4ef..699b76ec37 100644
      return s_remoteChainSelectors.contains(remoteChainSelector);
    }
 
-@@ -379,8 +351,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -379,8 +352,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    /// @notice Sets the permissions for a list of chains selectors. Actual senders for these chains
    /// need to be allowed on the Router to interact with this pool.
    /// @param remoteChainSelectorsToRemove A list of chain selectors to remove.
@@ -197,7 +198,7 @@ index cd3096f4ef..699b76ec37 100644
    /// @dev Only callable by the owner
    function applyChainUpdates(
      uint64[] calldata remoteChainSelectorsToRemove,
-@@ -495,9 +466,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -495,9 +467,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    /// @notice Sets the rate limiter admin address.
    /// @dev Only callable by the owner.
    /// @param rateLimitAdmin The new rate limiter admin address.
@@ -208,7 +209,7 @@ index cd3096f4ef..699b76ec37 100644
      s_rateLimitAdmin = rateLimitAdmin;
      emit RateLimitAdminSet(rateLimitAdmin);
    }
-@@ -566,18 +535,14 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -566,18 +536,14 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
 
    /// @notice Checks whether remote chain selector is configured on this contract, and if the msg.sender
    /// is a permissioned onRamp for the given chain on the Router.
@@ -229,7 +230,7 @@ index cd3096f4ef..699b76ec37 100644
      if (!isSupportedChain(remoteChainSelector)) revert ChainNotAllowed(remoteChainSelector);
      if (!s_router.isOffRamp(remoteChainSelector, msg.sender)) revert CallerIsNotARampOnRouter(msg.sender);
    }
-@@ -586,9 +551,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -586,9 +552,7 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
    // │                          Allowlist                           │
    // ================================================================
 
@@ -240,11 +241,14 @@ index cd3096f4ef..699b76ec37 100644
      if (i_allowlistEnabled) {
        if (!s_allowlist.contains(sender)) {
          revert SenderNotAllowed(sender);
-@@ -635,4 +598,6 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
+@@ -635,4 +599,8 @@ abstract contract TokenPool is IPoolV1, Ownable2StepMsgSender {
        }
      }
    }
 +
++  /// @dev This empty reserved space is put in place to allow future versions to add new
++  /// variables without shifting down storage in the inheritance chain.
 +  uint256[42] private __gap;
  }
+
 ```