cloudwalk · igorsenych-cw · Nov 4, 2024 · Oct 24, 2024 · Oct 24, 2024 · Oct 28, 2024
@@ -377,7 +377,7 @@ contract Cashier is
      * - If the cash-out operation has the `Reversed` status its `account` field must equal the `account` argument.
      */
     function forceCashOut(
-        address account,
+        address account, // Tools: This comment prevents Prettier from formatting into a single line.
         uint256 amount,
         bytes32 txId
     ) external whenNotPaused onlyRole(CASHIER_ROLE) {
@@ -417,6 +417,7 @@ contract Cashier is
 
         uint256 count = shards.length;
         for (uint256 i; i < count; i++) {
+            _validateShardContract(shards[i]);
             _shards.push(ICashierShard(shards[i]));
             emit ShardAdded(shards[i]);
         }
@@ -445,6 +446,7 @@ contract Cashier is
             uint256 k = fromIndex + i;
             address oldShard = address(_shards[k]);
             address newShard = shards[i];
+            _validateShardContract(newShard);
             _shards[k] = ICashierShard(newShard);
             emit ShardReplaced(newShard, oldShard);
         }
@@ -633,6 +635,13 @@ contract Cashier is
         return _cashOutHookConfigs[txId];
     }
 
+    // ------------------ Pure functions -------------------------- //
+
+    /**
+     * @inheritdoc ICashierPrimary
+     */
+    function proveCashierRoot() external pure {}
+
     // ------------------ Internal functions ---------------------- //
 
     /**
@@ -742,6 +751,42 @@ contract Cashier is
         _validateReleaseTime(releaseTime);
     }
 
+    /**
+     * @dev Validates the provided shard.
+     * @param shard The cashier shard contract address.
+     */
+    function _validateShardContract(address shard) internal view {
+        if (shard == address(0)) {
+            revert Cashier_ShardAddressZero();
+        }
+
+        if (shard.code.length == 0) {
+            revert Cashier_ShardAddressNotContract();
+        }
+
+        try ICashierShard(shard).proveCashierShard() {} catch {
+            revert Cashier_ContractNotShard();
+        }
+    }
+
+    /**
+     * @dev Validates the provided root.
+     * @param root The cashier root contract address.
+     */
+    function _validateRootContract(address root) internal view {
+        if (root == address(0)) {
+            revert Cashier_RootAddressZero();
+        }
+
+        if (root.code.length == 0) {
+            revert Cashier_RootAddressNotContract();
+        }
+
+        try ICashier(root).proveCashierRoot() {} catch {
+            revert Cashier_ContractNotRoot();
+        }
+    }
+
     /**
      * @dev Checks the error code returned by the shard contract and reverts with the appropriate error message.
      * @param err The error code returned by the shard contract.
@@ -838,6 +883,7 @@ contract Cashier is
      * @param newImplementation The address of the new implementation.
      */
     function _authorizeUpgrade(address newImplementation) internal view override onlyRole(OWNER_ROLE) {
+        _validateRootContract(newImplementation);
         newImplementation; // Suppresses a compiler warning about the unused variable.
     }
 
@@ -856,10 +902,6 @@ contract Cashier is
      * @param newImplementation The address of the new shard implementation.
      */
     function upgradeShardsTo(address newImplementation) external onlyRole(OWNER_ROLE) {
-        if (newImplementation == address(0)) {
-            revert Cashier_ShardAddressZero();
-        }
-
         for (uint256 i = 0; i < _shards.length; i++) {
             _shards[i].upgradeTo(newImplementation);
         }
@@ -871,15 +913,7 @@ contract Cashier is
      * @param newShardImplementation The address of the new shard implementation.
      */
     function upgradeRootAndShardsTo(address newRootImplementation, address newShardImplementation) external {
-        if (newRootImplementation == address(0)) {
-            revert Cashier_RootAddressZero();
-        }
-        if (newShardImplementation == address(0)) {
-            revert Cashier_ShardAddressZero();
-        }
-
         upgradeToAndCall(newRootImplementation, "");
-
         for (uint256 i = 0; i < _shards.length; i++) {
             _shards[i].upgradeTo(newShardImplementation);
         }

@@ -281,6 +281,13 @@ contract CashierShard is CashierShardStorage, OwnableUpgradeable, UUPSUpgradeabl
         return cashOutOperations;
     }
 
+    // ------------------ Pure functions -------------------------- //
+
+    /**
+     * @inheritdoc ICashierShardPrimary
+     */
+    function proveCashierShard() external pure {}
+
     // ------------------ Internal functions ---------------------- //
 
     /**
@@ -322,9 +329,28 @@ contract CashierShard is CashierShardStorage, OwnableUpgradeable, UUPSUpgradeabl
      * @param newImplementation The address of the new implementation.
      */
     function _authorizeUpgrade(address newImplementation) internal view override onlyOwnerOrAdmin {
+        _validateShardContract(newImplementation);
         newImplementation; // Suppresses a compiler warning about the unused variable.
     }
 
+    /**
+     * @dev Validates the provided shard.
+     * @param shard The cashier shard contract address.
+     */
+    function _validateShardContract(address shard) internal view {
+        if (shard == address(0)) {
+            revert CashierShard_ShardAddressZero();
+        }
+
+        if (shard.code.length == 0) {
+            revert CashierShard_ShardAddressNotContract();
+        }
+
+        try ICashierShard(shard).proveCashierShard() {} catch {
+            revert CashierShard_ContractNotShard();
+        }
+    }
+
     // ------------------ Service functions ----------------------- //
 
     /**

@@ -19,18 +19,6 @@ interface ICashierErrors {
     /// @dev Thrown if the provided amount is zero.
     error Cashier_AmountZero();
 
-    /// @dev The same hook flags for an operation are already configured.
-    error Cashier_HookFlagsAlreadyRegistered();
-
-    /// @dev The provided bit flags to configure the hook logic are invalid.
-    error Cashier_HookFlagsInvalid();
-
-    /// @dev The provided address of the callable contract with the hook function is non-zero but must be.
-    error Cashier_HookCallableContractAddressNonZero();
-
-    /// @dev The provided address of the callable contract with the hook function is zero but must not be.
-    error Cashier_HookCallableContractAddressZero();
-
     /// @dev Thrown if the cash-in operation with the provided txId is already executed.
     error Cashier_CashInAlreadyExecuted();
 
@@ -43,12 +31,36 @@ interface ICashierErrors {
     /// @dev Thrown if the cash-out operation with the provided txId has an inappropriate status.
     error Cashier_CashOutStatusInappropriate();
 
+    /// @dev Thrown if the contract is not a cashier root contract.
+    error Cashier_ContractNotRoot();
+
+    /// @dev Thrown if the contract is not a cashier shard contract.
+    error Cashier_ContractNotShard();
+
+    /// @dev The provided address of the callable contract with the hook function is non-zero but must be.
+    error Cashier_HookCallableContractAddressNonZero();
+
+    /// @dev The provided address of the callable contract with the hook function is zero but must not be.
+    error Cashier_HookCallableContractAddressZero();
+
+    /// @dev The same hook flags for an operation are already configured.
+    error Cashier_HookFlagsAlreadyRegistered();
+
+    /// @dev The provided bit flags to configure the hook logic are invalid.
+    error Cashier_HookFlagsInvalid();
+
     /// @dev Thrown if the provided release time for the premint operation is inappropriate.
     error Cashier_PremintReleaseTimeInappropriate();
 
+    /// @dev Thrown if the provided root address is not a contract.
+    error Cashier_RootAddressNotContract();
+
     /// @dev Thrown if the provided root address is zero.
     error Cashier_RootAddressZero();
 
+    /// @dev Thrown if the provided shard address is not a contract.
+    error Cashier_ShardAddressNotContract();
+
     /// @dev Thrown if the provided shard address is zero.
     error Cashier_ShardAddressZero();
 
@@ -175,7 +187,7 @@ interface ICashierPrimary is ICashierTypes {
      * @param amount The amount of tokens to cash-out.
      */
     event ForcedCashOut(
-        address indexed account,
+        address indexed account, // Tools: This comment prevents Prettier from formatting into a single line.
         bytes32 indexed txId,
         uint256 amount
     );
@@ -327,7 +339,7 @@ interface ICashierPrimary is ICashierTypes {
      * @param txId The off-chain transaction identifier of the related operation.
      */
     function forceCashOut(
-        address account,
+        address account, // Tools: This comment prevents Prettier from formatting into a single line.
         uint256 amount,
         bytes32 txId
     ) external;
@@ -395,6 +407,11 @@ interface ICashierPrimary is ICashierTypes {
      * @dev Returns the address of the underlying token.
      */
     function underlyingToken() external view returns (address);
+
+    /**
+     * @dev Proves that the contract is the cashier root contract.
+     */
+    function proveCashierRoot() external pure;
 }
 
 /**

@@ -10,10 +10,18 @@ import { ICashierTypes } from "./ICashierTypes.sol";
  * @dev Defines the custom errors used in the cashier shard contract.
  */
 interface ICashierShardErrors {
+    /// @dev Thrown if the contract is not a cashier shard contract.
+    error CashierShard_ContractNotShard();
+
+    /// @dev Thrown if the provided shard address is not a contract.
+    error CashierShard_ShardAddressNotContract();
+
+    /// @dev Thrown if the provided shard address is zero.
+    error CashierShard_ShardAddressZero();
+
     /// @dev Thrown if the caller is not an admin.
     error CashierShard_Unauthorized();
 }
-
 /**
  * @title ICashierShardPrimary interface
  * @author CloudWalk Inc. (See https://www.cloudwalk.io)
@@ -168,6 +176,11 @@ interface ICashierShardPrimary is ICashierTypes {
      * @return operations The data of the cash-out operations in the form of a structure.
      */
     function getCashOuts(bytes32[] memory txIds) external view returns (CashOutOperation[] memory operations);
+
+    /**
+     * @dev Proves that the contract is the cashier shard contract.
+     */
+    function proveCashierShard() external pure;
 }
 
 /**

@@ -33,4 +33,9 @@ contract CashierShardMock is ICashierTypes {
         targetStatus; // Silence the compilation warning about unused variable
         err = REGISTER_OPERATION_UNEXPECTED_ERROR;
     }
+
+    /**
+     * @dev Simulates real CashierShard contract.
+     */
+    function proveCashierShard() external pure {}
 }