Skip to content

Handle Tron USDT broken transfer return value via self approve + transferFrom#124

Open
reednaa wants to merge 10 commits into
mainfrom
feature/api-515-handle-tron-usdt-broken-transfer-return-value-via-solady
Open

Handle Tron USDT broken transfer return value via self approve + transferFrom#124
reednaa wants to merge 10 commits into
mainfrom
feature/api-515-handle-tron-usdt-broken-transfer-return-value-via-solady

Conversation

@reednaa

@reednaa reednaa commented Jun 10, 2026

Copy link
Copy Markdown
Member

No description provided.

reednaa and others added 10 commits May 4, 2026 17:39
- Bump lib/OIF to permit2-virtual (virtual _PERMIT2 fetch)
- InputSettlerEscrowLIFITron overrides _PERMIT2 with the Tron deployment
  TTJxU3P8rHycAyFY4kVtGNfmnMH4ezcuM9 (0xBE365314f2E77FD1257d60C346Bb32DbDa369403)
- Tron test suite etches Permit2 at the Tron address
- Mirror upstream orderStatus claimed-marking in InputSettlerCompactLIFI._resolveLock

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
InputSettlerEscrowLIFITron, OutputSettlerSimple and PolymerOracle
deployed via script/tron/deploy-oif.ts.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
reednaa added a commit that referenced this pull request Jul 15, 2026
* Initial commit

* Initial commit based on LI.FI intent system

* Use relative instead of fixed imports

* Use interfaces for tests to more easily reuse tests externally

* move codecov config into top level

* Move contract implementation into top-level

* fix github action

* Refactor test for better external execution

* expose filled outputs

* consolidate finalise functions into two

* fix tests

* use library address in tests

* fix coverage

* Remove single solver validation code

* Use custom error

* use calldata for solvers

* revert to using memory because of stack too deep error

* revert to using memory instead of calldata

* Standardise chainid maps for oracles (#3)

* Standardize chainid maps for oracles

Implements standardized chainid maps for oracles. This also lets
oracles opt out of mapping in case they conform to a chainid
standardization. This applies to Polymer for EVM chains. The
advantage of non-mapped oracles is that they are ownerless making the
system entirely permissionless and providing a base implementation
that is entirely configless: **One deterministic deployment**

* Fix overwrite implementation of the map in Polymer

* Large refactoring pass to cleanup documentation, variable naming, and more. (#2)

* Initial documentation pass of everything except oracles and input settlers and readme

* typos

* Complete the contracts and libraries

* Update readme

* grammar

* Output chain instaed of destination chain

* Apply suggestions from code review

Co-authored-by: Gustavo Gonzalez <ggonzalezsomer@gmail.com>

* Rename IOIFCallback to IOpenIntentCallback

* Rename inputs callback and fillBatch

* delete unused tests

* review comments: Remove remote references

* update test encoding

---------

Co-authored-by: Gustavo Gonzalez <ggonzalezsomer@gmail.com>

* Upgrade compact version to post audit fixes (#6)

* Initial documentation pass of everything except oracles and input settlers and readme

* typos

* Complete the contracts and libraries

* Update readme

* grammar

* Output chain instaed of destination chain

* Apply suggestions from code review

Co-authored-by: Gustavo Gonzalez <ggonzalezsomer@gmail.com>

* Rename IOIFCallback to IOpenIntentCallback

* Rename inputs callback and fillBatch

* delete unused tests

* Upgrade compact version to post audit fixes

* Apply suggestions from code review

Co-authored-by: jsanmigimeno <8038323+jsanmigimeno@users.noreply.github.com>

---------

Co-authored-by: Gustavo Gonzalez <ggonzalezsomer@gmail.com>
Co-authored-by: jsanmigimeno <8038323+jsanmigimeno@users.noreply.github.com>

* Disallow intents from settler (#7)

* Initial documentation pass of everything except oracles and input settlers and readme

* typos

* Complete the contracts and libraries

* Update readme

* grammar

* Output chain instaed of destination chain

* Apply suggestions from code review

Co-authored-by: Gustavo Gonzalez <ggonzalezsomer@gmail.com>

* Rename IOIFCallback to IOpenIntentCallback

* Rename inputs callback and fillBatch

* delete unused tests

* Upgrade compact version to post audit fixes

* Disallow intents from settler

---------

Co-authored-by: Gustavo Gonzalez <ggonzalezsomer@gmail.com>

* use memory-safe for assembly blocks (#33)

* Move LibAddress to the protocol and use it inside the contracts (#9)

* Refactor LibAddress: Move and enhance address identifier conversion library

* remove ownbale, pausable that cursor added for no reason

* add using for bytes32 and remove unnecesary md file

* fmt

* fix order of using

* use assembly in toIdentifier

* remove unnecesary import

---------

Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Alexander <git@lindgren.xyz>

* Improve naming of message decoding function (#21)

* Fix typos found in audit (#27)

* Remove incorrect natspec comment amount destination of funds based on the set destination (#26)

* 119 minutes is returned instead of 181 minutes if confirmations is 0 for _getProofPeriod (#20)

* Fix stale finalise natsepc comment (#24)

* Correct dublicate typecast in comments (#22)

* Fix order purchase natspec comment (#23)

* remote dublicate SignatureCheckerLib import (#25)

* Optimise output hash (#32)

* Only compute order id once. (#29)

* Check origin chain of order (#17)

* Check topic 0 for polymer oracle (#13)

* Add final amount to OutputFilled event (#34)

* use assembly for boolean accumulator for gas savings (#30)

* use implemented function of MandateOutputEncodingLib instead of re-implementing (#19)

* Only read solver once on optimisticallyVerify (#28)

* Only read solver once

* Simplify dispute check

* Use proper uint32 timestamp for bitcoin (#16)

* Swap bitcoin solver check for consistency and ease of understanding (#18)

* Swap bitcoin solver check for consistency and ease of understanding

* Update gas snapshots

* forge fmt

* Fix typing of the filler to settler (#10)

* Fix typing of the filler to settler

* Update stale old references

* Update documentation formatting pr review

* Cast inputs into bytes32 to avoid order id collision (#14)

* Calldata version of fill encoding (#31)

* Calldata version of fill encoding

* Update src/libs/MandateOutputEncodingLib.sol

Co-authored-by: Luiz Vasconcelos Júnior <64055364+luiz-lvj@users.noreply.github.com>

* properly change xM to xMemory

* Fix merge issues

---------

Co-authored-by: Luiz Vasconcelos Júnior <64055364+luiz-lvj@users.noreply.github.com>

* Disallow filling outputs twice (#12)

* Disallow filling outputs twice

Storage of filled outputs are changed such that only 1 storage map is used with the goal to disable outputs to be filled twice if their oracle differs.

* typo

* Change function typing and fix setAttestation issue.

* fix git merge

* Do not delete solver of claimed order to avoid double claiming (#15)

* do not delete solver of claimed order to avoid double claiming

* Swap validation order for better error catching

* Fix merge

* Regression on check

* Readme update (#50)

* Upgrade compact and set output settler fill record to public (#52)

* Upgrade compact and set output settler fill record to public

* View functions for fillRecord

* implemented virtual _resolveOutput (#71)

* implemented virtual _resolveOutput

* fmt

* Update src/output/BaseOutputSettler.sol

Co-authored-by: Alexander <git@lindgren.xyz>

* reuse fillRecordHash variable

* removed duplicated getMandateOutputHash

* moved outputAmount to optimize stack

* Add documentation and move deadline check as modifier

* moved ExclusiveTo error to OutputSettlerCoin

* fmt

* failing test fix

* adapt CI to allow to prevent stack errors

* Remove stack too deep from test

---------

Co-authored-by: Alexander <git@lindgren.xyz>

* Escrow Input Settler (#69)

* Refactor to prepare for escrow implementation & reduce code size

* Refund for escrow

* Cleanup validation logic & forge coverage fix

* Fix permit2 integration

* fmt

* Cleanup import mess

* Testing of refund function

* Documentation and remove inputs from witness

* Add final documentation, cleanup usage of libAddress, and check dirty upper bits of inputs for Permit2

* Self review changes.

* Review fixes

* Disallow equality in timestamp validation

---------

Co-authored-by: Luiz Vasconcelos Júnior <64055364+luiz-lvj@users.noreply.github.com>

* feat: boolean accumulation library (#73)

* Make Open function 7683 compliant (#80)

* 7683 open functions on escrow

* Add sponsor to the openFor interface

* Update 7683 implemented interfaces

* Remove calldata size validation and docs

* Update IERC7683

* typo

* Support ERC3009 Authorisations for InputSettlerEscrow (#74)

* Support ERC3009 auths for opening intents

* Load bytes array in assembly and fix coverage stack issue

* fmt

* typo

* Remove unused import

* Single open for function

* forge fmt

* Test for 3009 capture

* fmt

* Self review

* Review fixes: Implement unknown signature type error

* resolve merge conflicts

* Fix coverage

* Update and rename local oracles to input oracles and clarify oracle references (#81)

* Rename all "local" oracles to input oracles

* Update src/input/InputSettlerPurchase.sol

Co-authored-by: jsanmigimeno <8038323+jsanmigimeno@users.noreply.github.com>

* Remove local oracle references after merge

---------

Co-authored-by: jsanmigimeno <8038323+jsanmigimeno@users.noreply.github.com>

* Added contributing and PR templates (#83)

* split interface in IOIFCallback (#77)

* split interface in IOIFCallback

* fmt

* Hyperlane Oracle integration (#94)

* forge install: hyperlane-monorepo

main

* forge install: openzeppelin-contracts-4

v4.9.6

* forge install: openzeppelin-contracts-upgradeable-4

v4.9.6

* Update remappings for Hyperlane

* Add HyperlaneOracle

* Remove some unused imports and add test for saving hyperlane oracle gas snapshot

* forge fmt

* Remove added Hyperlane and OZ dependencies

* Add HyperlaneOracle external contracts

* Update HyperlaneOracle for using external contracts instead of removed dependencies

* Change MailboxClient onlyMailbox revert error

* Add MailboxClient unit tests

* Add HyperlaneOracle unit tests

* Ignore Hyperlane external contracts for coverage

* forge fmt

* Add links to extrnal contracts

* Add HyperlaOracle submit with customHook

* Avoid stack too deep on coverage tests

* Add HyperlaneOracle quoteGasPayment with customHook

* forge fmt

* Update MailboxClient license and sol version

* Update snapshots

* Fix build

* Fix comment format

* Remove unused imports (#98)

* Use abi.encodeCall instead of abi.encodeWithSelector for type errors (#101)

* Fix inaccurate comments, outdated comments, and typos (#103)

* Validate input chain on escrow open (#102)

* Load uint256[2][] calldata inputs once per loop instead of twice. (#100)

* Validate input chain for purchases (#105)

* Merge output settlers (#75)

* add 7683 standard to OutputSettlerCoin

* update tests with 7683 fill

* add fillOrderOutputs

* update snapshot

* fmt

* remove unnecessary

* remove duplicated file

* update snapshot

* return bytes32 on fill function

* add fillDeadline to output

* fix typo

* insert fillDeadline at beginning of output

* update test FillOutputTwice

* update test_entire_flow

* update tests to 7683 compliant fill

* update fill function to 7683

* remove unnecessary fill function

* remove unnecessary fillOrderOutputs function

* remove modifier

* add library to handle calldata

* git status

q
quit()
:q

* add license to files

* remove unnecessary

* forge fmt

* remove other files

* fix warnings

* docs for OutputFillLIb

* add fulfiment lib

* add filler data lib

* add docs to BaseOutputSettler

* remove unnecessary

* update snapshots

* working on forge coverage

* improve forge coverage

* add 'removeFillDeadline' to library

* improve forge coverage

* fix stack-too-deep

* update snapshots

* use length

* remove unnecessary function

* make functions virtual

* turn BaseOutputSettler abstract

* rename

* add docs to OutputSettlerResolver

* add fillerData to _fill

* make _resolveOutput modular

* move FillerDataLib

* rename BaseOutputSettler -> OutputSettlerBase

* use LibAddress

* remove unnecessary spaces

* rename OutputSettlerResolver -> OutputSettlerOrderTypes

* rename OutputSettlerOrderTypes -> OutputSettlerSimple

* rename folder orders -> simple

* add length checks on callbackData

* add checks to contextData()

* loading variables when used

* update comment

* explicit check on fulfilmentLength

* update OutputSettlerCoin -> OutputSettlerSimple

* update name

* update hyperlane oracle tests

* reorder imports

* remove call function (#106)

* Rename Proposed Solver to Solver (#107)


* rename proposedSolver -> solver

* Update Dependencies to oz (#112)

* forge install: openzeppelin-contracts

master

* add remappings.txt

* use OZ ERC20 for MockERC20

* remove oz

* forge install: openzeppelin-contracts

master

* update Oz contracts to master

* update MockERC20 to use OpenZeppelin

* update tests for OZ MockERC20

* SafeTransferLib -> SafeERC20

* ReentrancyGuard Solady -> ReentrancyGuard OZ

* Ownable Solady -> Ownable OZ

* FixedPointMathLib Solady -> Math OZ

* SignatureCheckerLib Solady -> SignatureChecker OZ

* EIP712 Solady -> OZ

* LibBytes Solady -> Bytes OZ

* remove solady

* add warning

* up

* Improve naming (#114)

* IPayloadCreator -> IAttester

* rename fn arePayloadsValid -> hasAttested

* rename application -> attester

* forge fmt

* Only allow order purchases on the escrow for opened orders (#104)

* Use own address lib instead of asSanitizedAddress (#97)

* Document why dirty bits are not allowed. (#99)

* Strictly document why dirty bits are not allowed.

* Update snapshots

* Move integrations (#117)

* change bitcoin oracle location

* move hyperlane

* move polymer

* move wormhole

* Use structs in settlers (#121)

* use struct in escrow settler

* use struct in output

* remove unnecessary

* remove unused libs

* Merge `timestamps` and `solvers` on `finalise` functions (#124)

* update snapshots

* use calldata

* use memory here

* use struct

* remove IERC7683 (#125)

* add tests to OutputSettlerBase (#126)

* Move Bitcoin Prism dependency into Bitcoin Oracle (#123)

* move dependendy into oracle

* remove module from core

* typos

* update snapshot

* update action

* update README

* Increase test coverage (#128)

* add multicall handler test

* add more tests

* up

* remove unused functions

* Add Citrea Oracle tests (#127)

* add citrea oracle

* up

* Add tests for Polymer Oracle (#129)

* update polymer oracle

* remove unnecessary

* add external code for Polymer

* test polymer

* add mapped tests

* up

* fix typo

* Feat: output settler support for native asset (#122)

* feat: support native token in fill and batch fill

* test: native asset fill and batch fill

* chore: add foundry.lock to git

* chore: update gas snapshots

* optimization: remove nativeTokenUsed tracking

* refactor: add _refundExcess() function

* chore: typos

* fix conflicts

---------

Co-authored-by: Luiz Vasconcelos Júnior <64055364+luiz-lvj@users.noreply.github.com>

* Improve docs and natspec (#131)

* some docs

* improve docs

* updates for release candidate (#133)

* Add virtual functions to handle EIP712 name and version (#134)

* Fix CI (#144)

* [audit - N-03] Typographical Errors (#139)

* [Audit N-01] remove unused EfficiencyLib (#141)

* [audit - N-04] Naming Issues (#138)

* [Audit N-02] Inconsistent Handling of Dirty Bits in Token Address (#140)

* [Audit L-03] Enforce fillDeadline > expires (#142)

* Update Formatting after Foundry bump (#146)

* [Audit - M01]multi output orders manipulation documentation (#145)

Co-authored-by: Pepe Blasco <pepeblascondc@gmail.com>
Co-authored-by: Francisco Giordano <fg@frang.io>

* Fix Permit2 witness type string (#150)

* Formatting the main branch (#151)

* Rename types to use callbackData instead of call (#152)

* add oz contract audit oct25 (#153)

* Disable coderabbit on this repo (#154)

* Update README for release (#157)

* Formatting files (#158)

* Add Broadcaster Oracle (#147)

* Audit Fix: Potential for Arbitrary Application in Message Verification (#160)

* Fix: Inconsistent Use of Returns in Functions (#161)

* Fix L-02: Lack of Validation for Payload Length (#159)

* Validate number of topics on Polymer Oracle (#165)

* Add order.user to PermitWitness (#168)

* Verify for dirty bytes on output oracle on `_fill` (#169)

* Fix Permit2 witness type stub (#174)

* Fix InputSettlerCompact `purchaseOrder` (#170)

* Enforce minimum fillerData size in FillerDataLib (#173)

* add HyperlaneOracleMapped (#171)

* Limit Bitcoin Multiplier to 8 bytes. (#172)

* Fix transfer for USDT on Tron with Tron specific contracts

* Update snapshot

* Use an overwrite function for transfers

* Set Tron pragma to 0.8.25

* Remove snapshot check from ci

* Tron deployment

* Format files (#182)

* Add address to Permit2Witness struct (#181)

* Track native tokens sent (#177)

* Fix Identifier mismatch on purchase (#176)

* document when Payload Body is too large (#180)

* Validate expiry on purchase (#178)

* Validate zero address on purchase (#179)

* chore: Add audit report for pr

* Add OIF Diff Audit (#183)

* Add deployments addresses (#184)

* Add BSC and Polygon Deployments (#185)

* feat: Override Permit2 address for Tron via OIF permit2-virtual hook

- Bump lib/OIF to permit2-virtual (virtual _PERMIT2 fetch)
- InputSettlerEscrowLIFITron overrides _PERMIT2 with the Tron deployment
  TTJxU3P8rHycAyFY4kVtGNfmnMH4ezcuM9 (0xBE365314f2E77FD1257d60C346Bb32DbDa369403)
- Tron test suite etches Permit2 at the Tron address
- Mirror upstream orderStatus claimed-marking in InputSettlerCompactLIFI._resolveLock

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* chore: add Tron mainnet deployment addresses

InputSettlerEscrowLIFITron, OutputSettlerSimple and PolymerOracle
deployed via script/tron/deploy-oif.ts.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* docs: add HyperlaneOracle mainnet deployments + deploy script (#188)

* Virtual permit2 fetch for chains with different create2 paths. (#187)

Co-authored-by: Pepe Blasco <pepeblascondc@gmail.com>

* feat: add InputSettlerEscrowTron for TRON USDT payouts (#186)

Co-authored-by: Pepe Blasco <pepeblascondc@gmail.com>
Co-authored-by: Pepe Blasco <pepe.blasco@openzeppelin.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fork: regenerate snapshots + consolidate CI (Commit B: behavior/deps)

- snapshots/inputSettler.json: regenerated — gas paths shift now that OIF
  compiles in-tree (other snapshot groups byte-identical). gas-snapshot-check
  passes against the regenerated values.
- CI: drop OIF's evm-test.yml. LIFI's test.yml already runs forge build/test
  over the whole in-tree tree (incl. OIF's tests); evm-test.yml only added
  forge fmt --check + --gas-snapshot-check, which the LIFI team had
  deliberately removed (3cda515 "No fmt check", b1a7f6d "Remove snapshot
  check from ci"). Extend test.yml coverage excludes to OIF's vendored oracle
  externals (integrations/oracles/.*/external).

Verified post-fork: full suite green — 382 tests, 0 failed, 0 skipped;
default + Tron (solc 0.8.35) builds pass.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* fork: restore OIF MIT notice + adopt OIF upstream dependency pins

- Add LICENSE-MIT with upstream OIF's MIT license and copyright notice
  (the notice previously traveled with lib/OIF/LICENSE and was lost when
  the submodule was vendored in-tree); point README's OIF entry at it.
- Align shared dependency pins with OIF main (39df288): forge-std
  77041d2 -> 100b0d7 (v1.11.0), the-compact b9c3b54 -> ac25e50 (V1),
  in both the submodules and foundry.lock.
- the-compact ac25e50 pins pragma =0.8.30, which the Tron profile's
  solc 0.8.35 cannot satisfy. Add a skip list to [profile.tron] for
  the-compact and its dependents, mirroring the --skip flags already
  documented in script/tron/deploy-oif.ts (the Tron deploy never uses
  the compact settler; its artifacts are unaffected).

Verified: forge build (default + tron profiles) and full suite green
(382 tests, 0 failed). Gas snapshots intentionally not regenerated:
local nightly foundry produces materially different values than the
committed baseline; regenerate deliberately on a pinned version.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

* gas

---------

Co-authored-by: Josh Rudolf <jjrudolf@gmail.com>
Co-authored-by: Gustavo Gonzalez <gustavo.gonzalez@openzeppelin.com>
Co-authored-by: Gustavo Gonzalez <ggonzalezsomer@gmail.com>
Co-authored-by: jsanmigimeno <8038323+jsanmigimeno@users.noreply.github.com>
Co-authored-by: Cursor Agent <cursoragent@cursor.com>
Co-authored-by: Luiz Vasconcelos Júnior <64055364+luiz-lvj@users.noreply.github.com>
Co-authored-by: Jim <84038320+0xjim@users.noreply.github.com>
Co-authored-by: Pepe Blasco <pepeblascondc@gmail.com>
Co-authored-by: Lisandro Corbalan <lmcorbalan@gmail.com>
Co-authored-by: Haythem Sellami <17862704+haythemsellami@users.noreply.github.com>
Co-authored-by: Francisco Giordano <fg@frang.io>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: Nahim Terrazas <nahim.terrazas@openzeppelin.com>
Co-authored-by: Pepe Blasco <pepe.blasco@openzeppelin.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants