feat(solidity): add makeMessageHash interface for message validation

[zakir-code]

Summary by CodeRabbit

• New Features

  • Introduced a new function to generate a message hash based on specific parameters, enhancing the IBridgeFeeQuote contract's capabilities.
  • Updated the ABI to include the new makeMessageHash function, allowing users to compute hashes without altering the contract's state.

• Bug Fixes

  • No bug fixes included in this release.

• Documentation

  • Updated documentation to reflect the addition of the new function and its parameters.

[coderabbitai]

Walkthrough

The pull request introduces a new function, MakeMessageHash, to the IBridgeFeeQuote contract and its corresponding interface, IBridgeFeeQuote. This function generates a bytes32 hash based on parameters such as _chainName, _tokenName, _fee, _gasLimit, and _expiry. The ABI for IBridgeFeeQuoteMetaData has been updated to reflect this addition. Existing functions in the contract and interface remain unchanged, ensuring that the overall structure and functionality are preserved.

Changes

File Path	Change Summary
contract/ibridge_fee_quote.sol.go	Added MakeMessageHash function with three variations for caller, session, and caller session.
solidity/contracts/bridge/IBridgeFee.sol	Added makeMessageHash function to IBridgeFeeQuote interface, defined as external and pure.

Possibly related PRs

• feat(solidity): add interface for querying data #786: The addition of the makeMessageHash function in the IBridgeFeeQuote interface is directly related to the new MakeMessageHash function introduced in the main PR, as both functions serve the same purpose of generating a hash based on similar parameters.

🐰 In the meadow, where the bunnies play,
A new hash function hops in today!
With names and fees, it weaves a spell,
Generating hashes, oh so well!
In contracts it dances, pure and bright,
A joyful addition, a coder's delight! 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (2)

solidity/contracts/bridge/IBridgeFee.sol (2)

60-66: Add NatSpec documentation for the makeMessageHash function.

The function would benefit from detailed documentation explaining:

• The purpose and use case of the message hash
• The exact hash computation method
• How it relates to quote validation
• Parameter requirements and constraints

Add NatSpec documentation above the function:

+    /// @notice Computes a message hash for quote validation
+    /// @param _chainName The name of the chain
+    /// @param _tokenName The name of the token
+    /// @param _fee The fee amount
+    /// @param _gasLimit The gas limit
+    /// @param _expiry The expiration timestamp
+    /// @return bytes32 The computed message hash
     function makeMessageHash(
         string memory _chainName,
         string memory _tokenName,
         uint256 _fee,
         uint256 _gasLimit,
         uint256 _expiry
     ) external pure returns (bytes32);

---

60-66: Consider adding parameter validation requirements.

The interface should specify any validation requirements for the parameters (e.g., non-empty strings, minimum/maximum values for numeric fields).

Consider adding:

1. A view function to get minimum/maximum bounds for fee and gasLimit
2. Documentation specifying format requirements for chainName and tokenName
3. Requirements for the expiry timestamp (e.g., minimum future window)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 8098b16 and c52aa5b.

📒 Files selected for processing (2)

• contract/ibridge_fee_quote.sol.go (2 hunks)
• solidity/contracts/bridge/IBridgeFee.sol (1 hunks)

🔇 Additional comments (3)

solidity/contracts/bridge/IBridgeFee.sol (1)

60-66: Verify integration with quote validation flow.

The function parameters match fields in the QuoteInput struct, suggesting it's used for signature verification. Let's verify this integration.

✅ Verification successful

Integration with quote validation flow is properly implemented

The makeMessageHash function is correctly integrated into the signature verification flow:

1. The quote function processes quote inputs and calls verifySignature
2. Inside verifySignature:
   • makeMessageHash is used to generate the message hash from input parameters
   • The signature is verified using ECDSA recovery to ensure it matches the oracle's address
   • Failed verification reverts with VerifySignatureFailed

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for signature verification using makeMessageHash
ast-grep --pattern 'makeMessageHash($_chainName, $_tokenName, $_fee, $_gasLimit, $_expiry)'

# Look for ECDSA or similar signature verification
rg -l "ECDSA" --type solidity

# Find implementations of this interface
fd -e sol | xargs rg "contract.*is.*IBridgeFeeQuote"

Length of output: 211

---

Script:

#!/bin/bash
# Search for makeMessageHash usage and implementation
rg "makeMessageHash" -A 5

# Look for ECDSA usage
rg "ECDSA" -A 3

# Find implementations of IBridgeFee
rg "contract.*implements.*IBridgeFee|contract.*is.*IBridgeFee" -A 3

# Find QuoteInput struct definition and usage
rg "struct.*QuoteInput" -A 10

Length of output: 21627

---

Script:

#!/bin/bash
# Let's look at the quote function implementation to see how makeMessageHash is used
rg "function quote" -A 20 solidity/contracts/bridge/BridgeFeeQuote.sol

# Look for signature verification in BridgeFeeQuote
rg "verify|recover" -A 5 solidity/contracts/bridge/BridgeFeeQuote.sol

Length of output: 1799

contract/ibridge_fee_quote.sol.go (2)

63-63: LGTM! ABI updated correctly for the new makeMessageHash function.

The ABI addition properly defines the function signature with correct parameter types and return value.

---

336-365: LGTM! MakeMessageHash bindings implemented correctly.

The implementation follows the standard Go binding patterns with proper:

• Error handling
• Type conversions
• Documentation
• Pure function semantics

Let's verify the function signature matches the Solidity interface:

✅ Verification successful

Verified: MakeMessageHash implementation is correct

The Go bindings match the Solidity contract implementation perfectly:

• Function signature matches exactly including parameter names and types
• Pure function modifier is preserved
• Return type (bytes32) is correctly mapped to [32]byte in Go
• Implementation in Solidity uses keccak256(abi.encode()) which is correctly handled by the Go ABI encoding

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the makeMessageHash function signature in the Solidity interface
# matches the implementation.

# Search for the function definition in Solidity files
ast-grep --pattern 'function makeMessageHash(string memory $_chainName, string memory $_tokenName, uint256 $_fee, uint256 $_gasLimit, uint256 $_expiry) external pure returns (bytes32)'

Length of output: 186

---

Script:

#!/bin/bash
# Let's try a different approach to find the Solidity interface definition
# First, let's find any Solidity files that might contain the interface
fd -e sol | xargs cat

# As a backup, let's also search for the function signature in a more lenient way
ast-grep --pattern 'function makeMessageHash(string $_chainName, string $_tokenName, uint256 $_fee, uint256 $_gasLimit, uint256 $_expiry)'

# And let's also check if there are any other files referencing this function
rg "makeMessageHash" -A 2 -B 2

Length of output: 158419

---

Script:

#!/bin/bash
# Let's verify the implementation of makeMessageHash in the Solidity contract
# to ensure it matches the Go bindings

# Search for the makeMessageHash implementation in BridgeFeeQuote.sol
rg -A 10 "function makeMessageHash\(" solidity/contracts/bridge/BridgeFeeQuote.sol

Length of output: 423