LF-11761 - Implement glacis [GlacisFacet v1.0.0,IGlacisAirlift v1.0.0]

[mirooon]

Which Jira task belongs to this PR?

LF-11761

Why did I implement it this way?

The addLiquidity function was added to TaskBase because, in the case of Glacis, they do not provide routes for stablecoins like USDT or USDC. As a result, I had to work with more custom tokens that lack liquidity on Uniswap V2 and Sushiswap V2. This made it challenging to simulate the swapping process without having sufficient liquidity. To address this, I introduced an abstracted addLiquidity method in the parent TaskBase test suite. This abstraction allows for simulating liquidity addition upfront, enabling proper testing of swap functionality in such scenarios.

Checklist before requesting a review

• I have performed a self-review of my code
• This pull request is as small as possible and only tackles one problem
• I have added tests that cover the functionality / test the bug
• For new facets: I have checked all points from this list: https://www.notion.so/lifi/New-Facet-Contract-Checklist-157f0ff14ac78095a2b8f999d655622e
• I have updated any required documentation

Checklist for reviewer (DO NOT DEPLOY and contracts BEFORE CHECKING THIS!!!)

• I have checked that any arbitrary calls to external contracts are validated and or restricted
• I have checked that any privileged calls (i.e. storage modifications) are validated and or restricted
• I have ensured that any new contracts have had AT A MINIMUM 1 preliminary audit conducted on by <company/auditor>

[coderabbitai]

Warning

Rate limit exceeded

@mirooon has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 13 minutes and 34 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 1bbfb93 and a448bc3.

📒 Files selected for processing (1)

• test/solidity/Facets/GlacisFacet.t.sol (1 hunks)

Walkthrough

This pull request introduces the Glacis Facet, a new smart contract and configuration system designed for cross-chain token bridging. It adds support for bridging tokens across the Arbitrum, Optimism, and Base networks using the Glacis airlift protocol. Key changes include the introduction of a JSON configuration file, deployment scripts, contract implementations, interface definitions, and comprehensive test coverage for the bridging functionality.

Changes

File	Change Summary
config/glacis.json	Added network-specific airlift addresses for Arbitrum, Optimism, and Base.
deployments/_deployments_log_file.json	Added deployment details for GlacisFacet on Arbitrum in the staging environment.
deployments/arbitrum.diamond.staging.json	Added DeBridgeDlnFacet and GlacisFacet, updated proxy addresses.
deployments/arbitrum.staging.json	Added GlacisFacet entry, removed MayanFacet.
docs/GlacisFacet.md	New documentation for Glacis Facet methods and interactions.
src/Facets/GlacisFacet.sol	New smart contract implementing token bridging functionality.
src/Interfaces/IGlacisAirlift.sol	New interface defining cross-chain token transfer methods.
script/deploy/facets/DeployGlacisFacet.s.sol	New deployment script for GlacisFacet.
script/deploy/facets/UpdateGlacisFacet.s.sol	New update script for GlacisFacet.
test/solidity/Facets/GlacisFacet.t.sol	Added comprehensive test suite for GlacisFacet.
test/solidity/utils/Interfaces.sol	Added addLiquidity method to UniswapV2Router02 interface.
test/solidity/utils/TestBase.sol	Added addLiquidity method to TestBase contract.

Possibly related PRs

• Use SafeTransferLib for ETH transfers [GasZipFacet v2.0.1,LibAsset v1.0.2,FeeCollector v1.0.1,GasZipPeriphery v1.0.1,LiFiDEXAggregator v1.5.1,LiFuelFeeCollector v1.0.2,Permit2Proxy v1.0.2,Receiver v2.0.3,ReceiverAcrossV3 v1.0.3,ReceiverStargateV2 v1.0.1,RelayerCelerIM v2.0.1,TokenWrapper v1.0.1] #912: The changes in the main PR regarding the introduction of SafeTransferLib for ETH transfers are related to the updates in the GasZipFacet, FeeCollector, and Receiver contracts, which also implement SafeTransferLib for safer ETH handling.
• Deploy DeBridgeDLNFacet to production #932: The deployment of the DeBridgeDlnFacet to production is relevant as it involves updates to the deployment configurations, which may interact with the changes made in the main PR regarding ETH transfer safety.
• Deploy Across Fix to Prod #914: The deployment of the Across Fix to production includes updates to the AcrossFacetV3, which is related to the main PR's focus on improving the handling of token transfers, including ETH.

Suggested Labels

AuditNotRequired

Suggested Reviewers

• ezynda3
• maxklenk

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 7

🧹 Nitpick comments (6)

src/Interfaces/IGlacisAirlift.sol (2)

32-35: Clarify parameter descriptions in addSelectorsToToken

The parameter descriptions for diamondSelectors and facetSelectors are identical in the comments. Update the descriptions to accurately reflect each parameter's purpose to avoid confusion.

---

79-86: Mark quoteSend function as view

The quoteSend function appears to only read state without modifying it. Marking it as view can optimize gas usage and clarify its intended use.

src/Facets/GlacisFacet.sol (1)

105-105: Simplify address to bytes32 conversion

The conversion bytes32(uint256(uint160(_bridgeData.receiver))) can be simplified to bytes32(uint256(uint160(address(_bridgeData.receiver)))) or even bytes32(uint256(uint160(_bridgeData.receiver))) depending on the context. Ensure that the conversion is clear and concise.

🧰 Tools

🪛 GitHub Actions: Audit Verifier

[error] Could not find a logged audit for contract GlacisFacet in version 1.0.0. This check will not pass until the audit log contains a completed audit for this file.

script/deploy/facets/UpdateGlacisFacet.s.sol (1)

6-13: Align contract name with file name for clarity

The contract is named DeployScript, but the file name is UpdateGlacisFacet.s.sol. For consistency and maintainability, consider renaming the contract to UpdateGlacisFacetScript to match the file name.

test/solidity/Facets/GlacisFacet.t.sol (1)

221-227: Consider parameterizing liquidity amounts.

The hardcoded liquidity amounts should be parameterized to test different scenarios and market conditions.

+    uint256 constant DAI_LIQUIDITY = 100_000 * 10 ** 18;
+    uint256 constant WORMHOLE_LIQUIDITY = 100_000 * 10 ** 18;
+
     addLiquidity(
         ADDRESS_DAI,
         ADDRESS_WORMHOLE_TOKEN,
-        100_000 * 10 ** ERC20(ADDRESS_DAI).decimals(),
-        100_000 * 10 ** wormhole.decimals()
+        DAI_LIQUIDITY,
+        WORMHOLE_LIQUIDITY
     );

docs/GlacisFacet.md (1)

37-37: Fix language and formatting issues.

1. Line 37: Add hyphen to "swap-specific"
2. Line 49: Add comma after "In the following"

Also applies to: 49-49

🧰 Tools

🪛 LanguageTool

[uncategorized] ~37-~37: When ‘swap-specific’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... parameter. Swapping is performed by a swap specific library that expects an array of callda...

(SPECIFIC_HYPHEN)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0179a5b and 804d097.

📒 Files selected for processing (13)

• config/glacis.json (1 hunks)
• deployments/_deployments_log_file.json (2 hunks)
• deployments/arbitrum.diamond.staging.json (2 hunks)
• deployments/arbitrum.staging.json (1 hunks)
• docs/GlacisFacet.md (1 hunks)
• script/demoScripts/demoGlacisAirlift.ts (1 hunks)
• script/deploy/facets/DeployGlacisFacet.s.sol (1 hunks)
• script/deploy/facets/UpdateGlacisFacet.s.sol (1 hunks)
• src/Facets/GlacisFacet.sol (1 hunks)
• src/Interfaces/IGlacisAirlift.sol (1 hunks)
• test/solidity/Facets/GlacisFacet.t.sol (1 hunks)
• test/solidity/utils/Interfaces.sol (1 hunks)
• test/solidity/utils/TestBase.sol (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• config/glacis.json

🧰 Additional context used

🪛 LanguageTool

docs/GlacisFacet.md

[uncategorized] ~37-~37: When ‘swap-specific’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... parameter. Swapping is performed by a swap specific library that expects an array of callda...

(SPECIFIC_HYPHEN)

---

[uncategorized] ~49-~49: Possible missing comma found.
Context: ...alls to interact with the Facet In the following some sample calls are shown that allow ...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 GitHub Actions: Audit Verifier

src/Facets/GlacisFacet.sol

[error] Could not find a logged audit for contract GlacisFacet in version 1.0.0. This check will not pass until the audit log contains a completed audit for this file.

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: run-unit-tests
• GitHub Check: enforce-min-test-coverage

🔇 Additional comments (10)

src/Facets/GlacisFacet.sol (1)

16-112: Ensure the new GlacisFacet contract has undergone a preliminary audit

The pipeline indicates that GlacisFacet has not yet passed an audit. It's important to have the contract audited to ensure security and compliance before deployment.

Run the following script to check for logged audits of GlacisFacet:

✅ Verification successful

The review comment is correct - GlacisFacet has not been audited

The project's audit log shows comprehensive tracking of all audited contracts, and GlacisFacet is not listed among them. While the project maintains regular security reviews with the latest audit completed on January 10, 2025, this new facet requires a security audit before deployment.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Search audit logs for entries related to GlacisFacet version 1.0.0

# Search for GlacisFacet in audit logs
rg 'GlacisFacet' audits/

# Verify if there is an entry for version 1.0.0
rg 'GlacisFacet.*version.*1\.0\.0' audits/

Length of output: 165

---

Script:

#!/bin/bash
# Search for audit and security related files
echo "=== Searching for audit and security files ==="
fd -t f -i "audit|security" --max-depth 3

echo -e "\n=== Checking README and documentation for audit mentions ==="
# Search in markdown files
fd -e md | xargs rg -i "audit|security|glacis"

echo -e "\n=== Checking docs directory ==="
# Check if docs directory exists and search within it
fd -t d "^docs$" --max-depth 2

Length of output: 2752

---

Script:

#!/bin/bash
echo "=== Checking audit log for GlacisFacet ==="
cat audit/auditLog.json

echo -e "\n=== Checking git history for recent GlacisFacet changes ==="
# Check when GlacisFacet was added/modified
git log --oneline --no-merges -- src/Facets/GlacisFacet.sol

Length of output: 9275

🧰 Tools

🪛 GitHub Actions: Audit Verifier

[error] Could not find a logged audit for contract GlacisFacet in version 1.0.0. This check will not pass until the audit log contains a completed audit for this file.

test/solidity/utils/Interfaces.sol (1)

61-70: LGTM! Interface matches Uniswap V2 Router specification.

The addLiquidity function signature correctly matches the Uniswap V2 Router interface specification.

test/solidity/Facets/GlacisFacet.t.sol (1)

147-175: Complete the TODO for fuzzed test implementation.

The fuzzed test implementation needs completion. Consider:

1. Adding more edge cases
2. Testing with different token decimals
3. Testing with various chain IDs

Would you like me to help implement a more comprehensive fuzzed test suite?

deployments/arbitrum.staging.json (1)

53-54: LGTM!

The new facet addresses have been added correctly.

docs/GlacisFacet.md (2)

3-11: Complete the "How it works" section.

The explanation of how the Glacis Facet works is incomplete. Please provide a detailed explanation of:

1. The purpose of the facet
2. The interaction flow between components
3. Any important considerations or limitations

---

15-18: Enhance method documentation.

The method descriptions should include:

1. Parameter descriptions
2. Return values
3. Error conditions
4. Usage examples with code snippets

deployments/arbitrum.diamond.staging.json (2)

141-142: LGTM!

The new facets have been added with correct format and version numbers.

Also applies to: 148-150

---

160-160: LGTM!

The periphery addresses have been updated correctly.

Also applies to: 162-162

deployments/_deployments_log_file.json (2)

26996-26996: Review the optimizer runs value.

The optimizer runs value of 1000000 is unusually high. Standard values typically range between 200-10000. High values can:

• Increase deployment gas costs
• Lead to potential optimization bugs
• Result in longer compilation times

Consider reducing this value unless there's a specific reason for such aggressive optimization.

---

26998-26998: Verify the constructor argument address.

Please verify that 0xe0a049955e18cffd09c826c2c2e965439b6ab272 is the correct Glacis protocol address on Arbitrum.

✅ Verification successful

Constructor argument address is verified correct

The address 0xe0a049955e18cffd09c826c2c2e965439b6ab272 is confirmed as the correct Glacis Airlift contract address on Arbitrum, as evidenced by the official configuration in config/glacis.json and its consistent usage throughout the codebase's implementation.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the constructor argument address matches Glacis protocol

# Search for references to this address in the codebase
echo "Searching for address references in the codebase..."
rg -i "0xe0a049955e18cffd09c826c2c2e965439b6ab272"

# Search for Glacis protocol address constants
echo "Searching for Glacis protocol address constants..."
ast-grep --pattern 'address constant GLACIS_ADDRESS = $_'

Length of output: 520

---

Script:

#!/bin/bash
# Search for documentation files mentioning Glacis
echo "Searching for documentation about Glacis..."
fd -e md -e txt | xargs rg -i "glacis.*address|address.*glacis"

# Search for any deployment or configuration files mentioning Glacis
echo "Searching for deployment/config files..."
fd -e json -e yaml -e toml | xargs rg -i "glacis"

# Search for interface definitions to understand the contract structure
echo "Searching for Glacis interface definitions..."
ast-grep --pattern 'interface IGlacisAirlift'

Length of output: 1069

---

Script:

#!/bin/bash
# Search for contract implementations and imports
echo "Searching for Glacis-related imports and implementations..."
rg -A 5 "import.*Glacis|contract.*Glacis"

# Search for any references to Airlift in the codebase
echo "Searching for Airlift references..."
rg -i "airlift" -A 5

# Look for any deployment scripts specifically related to Glacis
echo "Searching for Glacis deployment scripts..."
fd deploy | xargs rg -i "glacis"

Length of output: 15948

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

script/demoScripts/demoGlacisAirlift.ts (3)

15-16: Add environment variable validation.

Add checks for required environment variables with descriptive error messages.

-  const RPC_URL = process.env.ETH_NODE_URI_ARBITRUM
-  const PRIVATE_KEY = process.env.PRIVATE_KEY
+  const RPC_URL = process.env.ETH_NODE_URI_ARBITRUM
+  if (!RPC_URL) {
+    throw new Error('ETH_NODE_URI_ARBITRUM environment variable is not set')
+  }
+  const PRIVATE_KEY = process.env.PRIVATE_KEY
+  if (!PRIVATE_KEY) {
+    throw new Error('PRIVATE_KEY environment variable is not set')
+  }

---

69-69: Update integrator name.

The integrator name "ACME Devs" should be replaced with a more specific identifier for tracking and monitoring purposes.

-    integrator: 'ACME Devs',
+    integrator: 'LiFi Demo Script',

---

79-81: Use typed contract interface instead of raw ABI array.

Replace the raw ABI array with a proper interface definition for better type safety and maintainability.

-  const airlift = new Contract(config.arbitrum.airlift, [
-    'function quoteSend(address token, uint256 amount, bytes32 receiver, uint256 destinationChainId, address refundAddress, uint256 msgValue) external returns ((uint256, uint256), uint256, uint256, ((uint256, uint256), uint256, uint256))',
-  ])
+  const airlift = IGlacisAirlift__factory.connect(config.arbitrum.airlift, provider)

This requires adding the import:

import { IGlacisAirlift__factory } from '../../typechain'

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 804d097 and 1667306.

📒 Files selected for processing (3)

• script/demoScripts/demoGlacisAirlift.ts (1 hunks)
• src/Interfaces/IGlacisAirlift.sol (1 hunks)
• test/solidity/Facets/GlacisFacet.t.sol (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• test/solidity/Facets/GlacisFacet.t.sol
• src/Interfaces/IGlacisAirlift.sol

🔇 Additional comments (1)

script/demoScripts/demoGlacisAirlift.ts (1)

8-8: Verify staging deployment configuration usage.

The script is using staging deployments. Ensure this is intentional and document any limitations or differences compared to production deployments.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

test/solidity/Facets/GlacisFacet.t.sol (2)

219-225: Ensure liquidity addition is successful before proceeding with swaps

In the testBase_CanSwapAndBridgeTokens test, liquidity is added to the DEX pair for ADDRESS_DAI and ADDRESS_WORMHOLE_TOKEN. Consider adding assertions to verify that the liquidity addition was successful before performing swaps. This can help in diagnosing issues related to insufficient liquidity during testing.

---

66-74: Review function approvals for swap functions involving native tokens

Since the facet does not support bridging of native assets, approving Uniswap functions like swapTokensForExactETH and swapETHForExactTokens may not be necessary for this test suite. Removing these approvals can streamline the setup and focus the tests on supported functionalities.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1667306 and b52931c.

📒 Files selected for processing (3)

• deployments/_deployments_log_file.json (1 hunks)
• script/demoScripts/demoGlacisAirlift.ts (1 hunks)
• test/solidity/Facets/GlacisFacet.t.sol (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• deployments/_deployments_log_file.json
• script/demoScripts/demoGlacisAirlift.ts

🧰 Additional context used

📓 Learnings (1)

test/solidity/Facets/GlacisFacet.t.sol (1)

Learnt from: mirooon
PR: lifinance/contracts#945
File: test/solidity/Facets/GlacisFacet.t.sol:214-262
Timestamp: 2025-01-22T12:36:12.699Z
Learning: The GlacisFacet test suite inherits from TestBaseFacet which already covers various failure scenarios including invalid receiver address, invalid amounts, same chain bridging, and insufficient funds, making additional failure scenario tests redundant.

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: run-unit-tests
• GitHub Check: enforce-min-test-coverage

🔇 Additional comments (3)

test/solidity/Facets/GlacisFacet.t.sol (3)

14-20: Approval functions in test contract are appropriate

The functions addDex and setFunctionApprovalBySignature in TestGlacisFacet effectively set up the testing environment by allowing the addition of DEX addresses and approval of function signatures. This enhances the flexibility and robustness of the tests.

---

37-103: Initialization in setUp function is comprehensive and well-structured

The setUp function thoroughly initializes the test environment, including setting up test contracts, configuring function selectors, approving DEX functions, and preparing valid test data with validGlacisData. This ensures that the tests run in a controlled and predictable environment.

---

262-283: Revert test for insufficient funds is correctly implemented

The testBase_Revert_CallerHasInsufficientFunds function effectively tests the scenario where the caller lacks sufficient tokens to perform the bridge. The use of vm.expectRevert with the appropriate error selector ensures that the contract behaves as expected in this failure case.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (4)

test/solidity/Facets/GlacisFacet.t.sol (1)

79-86: Add assertions to verify successful liquidity addition

After adding liquidity for the DAI-{SOURCE TOKEN} pair, consider adding assertions to confirm that the liquidity has been successfully added to the DEX. This ensures that the swap operations in subsequent tests have the necessary liquidity and can prevent false positives due to inadequate setup.

Example:

     addLiquidity(
         ADDRESS_DAI,
         ADDRESS_SRC_TOKEN,
         100_000 * 10 ** ERC20(ADDRESS_DAI).decimals(),
         100_000 * 10 ** srcToken.decimals()
     );
+    // Assert that liquidity has been added
+    uint256 pairBalance = ERC20(ADDRESS_DAI).balanceOf(ADDRESS_UNISWAP_PAIR);
+    require(pairBalance > 0, "Liquidity addition failed");

Note: Replace ADDRESS_UNISWAP_PAIR with the actual pair address or retrieve it dynamically.

src/Interfaces/IGlacisAirlift.sol (1)

65-78: Add missing parameter description for msgValue

In the quoteSend function, the parameter msgValue lacks a Natspec comment description. Please add a description for msgValue to enhance code documentation and clarity.

docs/GlacisFacet.md (2)

1-16: Documentation clearly explains the Glacis Facet integration.

The integration details and limitations are well documented. However, there's a minor grammatical improvement needed in line 7: "They are custom tokens focused" should be "It focuses on custom tokens" for better clarity.

---

18-51: Method and parameter documentation is comprehensive.

The documentation for public methods, GlacisData struct, and parameters is clear and well-structured.

Consider using a swap-specific instead of "swap specific" in line 42 for better readability.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~42-~42: When ‘swap-specific’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... parameter. Swapping is performed by a swap specific library that expects an array of callda...

(SPECIFIC_HYPHEN)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b52931c and 5cc0d08.

📒 Files selected for processing (9)

• deployments/_deployments_log_file.json (1 hunks)
• deployments/arbitrum.diamond.staging.json (2 hunks)
• deployments/arbitrum.staging.json (1 hunks)
• docs/GlacisFacet.md (1 hunks)
• script/demoScripts/demoGlacisAirlift.ts (1 hunks)
• src/Facets/GlacisFacet.sol (1 hunks)
• src/Interfaces/IGlacisAirlift.sol (1 hunks)
• test/solidity/Facets/GlacisFacet.t.sol (1 hunks)
• test/solidity/utils/TestBase.sol (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (4)

• deployments/arbitrum.staging.json
• deployments/_deployments_log_file.json
• script/demoScripts/demoGlacisAirlift.ts
• deployments/arbitrum.diamond.staging.json

🧰 Additional context used

🪛 LanguageTool

docs/GlacisFacet.md

[uncategorized] ~42-~42: When ‘swap-specific’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... parameter. Swapping is performed by a swap specific library that expects an array of callda...

(SPECIFIC_HYPHEN)

---

[uncategorized] ~54-~54: A comma might be missing here.
Context: ...alls to interact with the Facet In the following some sample calls are shown that allow ...

(AI_EN_LECTOR_MISSING_PUNCTUATION_COMMA)

---

[uncategorized] ~95-~95: Possible missing comma found.
Context: ...er from 30 USDT on Avalanche to USDC on Binance you can execute the following request: ...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 GitHub Actions: SC Core Dev Approval Check

src/Facets/GlacisFacet.sol

[error] Contract GlacisFacet has not undergone a required audit for version 1.0.0

test/solidity/Facets/GlacisFacet.t.sol

[warning] 219-225: Missing assertions to verify successful liquidity addition before performing swaps

🪛 GitHub Actions: Audit Verifier

src/Facets/GlacisFacet.sol

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

🪛 Gitleaks (8.21.2)

test/solidity/Facets/GlacisFacet.t.sol

366-366: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

380-380: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: run-unit-tests
• GitHub Check: enforce-min-test-coverage

🔇 Additional comments (5)

src/Facets/GlacisFacet.sol (2)

99-104: Confirm token allowance and transfer to the 'airlift' contract

Ensure that the contract has the necessary allowance to transfer _bridgeData.sendingAssetId tokens to the airlift contract. Since SafeERC20.safeTransfer is used, the transfer will fail without sufficient allowance. Verify that the allowance is properly set prior to this transfer.

🧰 Tools

🪛 GitHub Actions: SC Core Dev Approval Check

[error] Contract GlacisFacet has not undergone a required audit for version 1.0.0

🪛 GitHub Actions: Audit Verifier

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

---

109-109: Verify the correctness of address to bytes32 conversion

The conversion bytes32(uint256(uint160(_bridgeData.receiver))) is used to cast an address to bytes32. Confirm that this conversion aligns with the expected format of the receiver parameter in airlift.send. Incorrect casting may lead to funds being sent to an unintended address.

🧰 Tools

🪛 GitHub Actions: SC Core Dev Approval Check

[error] Contract GlacisFacet has not undergone a required audit for version 1.0.0

🪛 GitHub Actions: Audit Verifier

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

test/solidity/utils/TestBase.sol (3)

171-181: BASE network addresses follow consistent pattern.

The added constant addresses for the BASE network maintain the same structure as other networks.

---

250-259: BASE network overwrite logic is properly implemented.

The address overwrite logic for BASE network follows the same pattern as other networks and includes all necessary address updates.

---

467-491: Test utility function implementation is correct.

The addLiquidity function correctly implements the liquidity addition process for testing purposes. As per previous feedback, production-level validations are not required in test utility functions.

[coderabbitai]

💡 Codebase verification

⚠️ Potential issue

GlacisFacet requires audit completion before deployment

The review comment is accurate. After examining the audit logs, there is no audit record for the GlacisFacet contract at any version. All other facets in the system have undergone security audits, as evidenced by the comprehensive audit history in audit/auditLog.json. An audit needs to be completed and logged before proceeding with the deployment.

🔗 Analysis chain

Ensure the 'GlacisFacet' contract undergoes the required audit

As indicated in the pipeline failures, the GlacisFacet contract has not undergone the required audit for version 1.0.0. Please complete the audit process and add the necessary audit log entry to pass the pipeline checks.

You can verify the presence of an audit log entry using the following script:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for an audit log entry for 'GlacisFacet' version 1.0.0

# Search for audit entries mentioning 'GlacisFacet' at version 1.0.0
grep -r "GlacisFacet" audits/ | grep "version 1.0.0" || echo "Audit log entry NOT found for GlacisFacet version 1.0.0."

Length of output: 216

---

Script:

#!/bin/bash
# Search for any audit-related files and documentation
echo "=== Searching for audit-related files ==="
fd -i audit

echo -e "\n=== Checking for README files that might contain audit info ==="
fd -i readme -e md -X cat {}

echo -e "\n=== Checking when GlacisFacet.sol was added ==="
git log --diff-filter=A --format="%ad %h %s" --date=short -- src/Facets/GlacisFacet.sol

Length of output: 12191

---

Script:

#!/bin/bash
echo "=== Checking audit log for GlacisFacet entries ==="
cat audit/auditLog.json | jq -r '.[] | select(.contract | contains("GlacisFacet"))'

echo -e "\n=== Checking full audit log structure ==="
cat audit/auditLog.json | jq '.'

Length of output: 9451

🧰 Tools

🪛 GitHub Actions: SC Core Dev Approval Check

[error] Contract GlacisFacet has not undergone a required audit for version 1.0.0

🪛 GitHub Actions: Audit Verifier

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

[maxklenk]

Please check that we are handling the native fee right, e.g. when the user starts with native token, we have to ensure enough native stays in the contract to pay the bridge fee. e.g. check StargateFacetV2

[0xDEnYO]

remember our discussion about the parameter _nativeReserve....if you dont know how to do it, let's do it together

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (10)

src/Facets/GlacisFacet.sol (3)

12-16: Consider clarifying usage in the docstring.

While the docstring references wrapper functionality for native token bridging standards, it might be beneficial to further highlight the reliance on the IGlacisAirlift interface and any assumptions regarding deposit of tokens prior to calling this function.

🧰 Tools

🪛 GitHub Actions: Audit Verifier

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

---

40-60: Validate zero-value edge cases.

The function deposits assets and then calls _startBridge. Consider adding checks handling zero _bridgeData.minAmount. This prevents unintended bridging calls with zero tokens.

🧰 Tools

🪛 GitHub Actions: Audit Verifier

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

---

90-115: Document bridging steps for clarity.

Inline comments are helpful, but adding a bit more context for each step (particularly the SafeERC20.safeTransfer to airlift and the subsequent airlift.send) will make this logic friendlier for reviewers and auditors.

🧰 Tools

🪛 GitHub Actions: Audit Verifier

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

src/Interfaces/IGlacisAirlift.sol (2)

34-49: Ensure correct refund flow on bridging.

The send function references a refundAddress. Confirm that any leftover funds after bridging properly route to the designated address. This helps prevent lock-ups or lost tokens.

---

65-80: Review return data usage.

The quoteSend function returns a complex struct QuoteSendInfo. Ensure consuming contracts interpret and use the airliftFeeInfo fields correctly (e.g. log, user display, fee calculations) to avoid confusion.

docs/GlacisFacet.md (2)

37-37: Use proper hyphenation for clarity.

Replace “swap specific library” with “swap-specific library” to improve readability.

- Swapping is performed by a swap specific library
+ Swapping is performed by a swap-specific library

🧰 Tools

🪛 LanguageTool

[uncategorized] ~37-~37: When ‘swap-specific’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... parameter. Swapping is performed by a swap specific library that expects an array of callda...

(SPECIFIC_HYPHEN)

---

49-49: Consider adding a comma after “In the following”.

A missing comma can slightly reduce clarity. Add a comma to improve flow.

- In the following some sample calls are shown...
+ In the following, some sample calls are shown...

🧰 Tools

🪛 LanguageTool

[uncategorized] ~49-~49: Possible missing comma found.
Context: ...alls to interact with the Facet In the following some sample calls are shown that allow ...

(AI_HYDRA_LEO_MISSING_COMMA)

test/solidity/Facets/GlacisFacet.t.sol (3)

32-32: Consider adding a detailed comment explaining the payableAmount value.

The payableAmount value of 1 ether is used for fee estimation in the quoteSend function. While there's a brief explanation in the comments below, it would be helpful to document why this specific value was chosen and any implications of using a different value.

---

128-130: Add explicit revert tests for native token operations.

Instead of leaving these test functions empty with comments, consider adding explicit tests that verify the contract correctly rejects native token operations.

 function testBase_CanBridgeNativeTokens() public virtual override {
-    // facet does not support bridging of native assets
+    bridgeData.sendingAssetId = address(0);
+    
+    vm.startPrank(USER_SENDER);
+    vm.expectRevert("GlacisFacet: Native asset not supported");
+    initiateBridgeTxWithFacet(false);
+    vm.stopPrank();
 }

Also applies to: 193-195

---

368-369: Add comments explaining the network context for hardcoded addresses.

Consider adding detailed comments that explain:

1. The network context (Arbitrum, Base)
2. Why these specific tokens were chosen for testing
3. Links to block explorers for reference

-    ADDRESS_SRC_TOKEN = 0xB0fFa8000886e57F86dd5264b9582b2Ad87b2b91; // address of W token on Arbitrum network
+    // W token on Arbitrum network
+    // Reference: https://arbiscan.io/token/0xB0fFa8000886e57F86dd5264b9582b2Ad87b2b91
+    ADDRESS_SRC_TOKEN = 0xB0fFa8000886e57F86dd5264b9582b2Ad87b2b91;

Also applies to: 382-383

🧰 Tools

🪛 Gitleaks (8.21.2)

368-368: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5cc0d08 and 9a82d83.

📒 Files selected for processing (5)

• config/glacis.json (1 hunks)
• docs/GlacisFacet.md (1 hunks)
• src/Facets/GlacisFacet.sol (1 hunks)
• src/Interfaces/IGlacisAirlift.sol (1 hunks)
• test/solidity/Facets/GlacisFacet.t.sol (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• config/glacis.json

🧰 Additional context used

🪛 LanguageTool

docs/GlacisFacet.md

[uncategorized] ~37-~37: When ‘swap-specific’ is used as a modifier, it is usually spelled with a hyphen.
Context: ... parameter. Swapping is performed by a swap specific library that expects an array of callda...

(SPECIFIC_HYPHEN)

---

[uncategorized] ~49-~49: Possible missing comma found.
Context: ...alls to interact with the Facet In the following some sample calls are shown that allow ...

(AI_HYDRA_LEO_MISSING_COMMA)

🪛 GitHub Actions: Audit Verifier

src/Facets/GlacisFacet.sol

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

🪛 Gitleaks (8.21.2)

test/solidity/Facets/GlacisFacet.t.sol

368-368: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

382-382: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: run-unit-tests
• GitHub Check: enforce-min-test-coverage

🔇 Additional comments (5)

src/Facets/GlacisFacet.sol (1)

62-86: Review swap error handling.

For the swap path, ensure you handle scenarios where the swap might fail or return less than expected. Consider clarifying whether partial fills are allowed or if the function reverts on insufficient output after the swap.

🧰 Tools

🪛 GitHub Actions: Audit Verifier

[error] Missing audit log entry for contract GlacisFacet version 1.0.0. An audit log entry must be added before the check can pass.

src/Interfaces/IGlacisAirlift.sol (2)

5-21: Minimize interface surface if possible.

Review whether all fields in these structs (QuoteSendInfo, AirliftFeeInfo, Fee) are absolutely necessary. Reducing interface bloat can streamline the codebase and make audits more manageable.

---

23-33: Validate external calls.

The addSelectorsToToken method can introduce complexity if unverified or untrusted facets get whitelisted. Consider strict contract verification or access control checks prior to registering new facets for tokens.

docs/GlacisFacet.md (1)

5-5: Validate description accuracy.

Double-check that the references to GMP (General Message Passing) align with the actual bridging logic. The text emphasizes GMP, but Glacis primarily focuses on token bridging. Align phrasing with the actual capabilities of Glacis.

test/solidity/Facets/GlacisFacet.t.sol (1)

1-386: Overall implementation looks good!

The test suite is well-structured with comprehensive coverage of the GlacisFacet functionality. It includes:

• Proper setup and configuration
• Thorough test cases for both success and failure scenarios
• Network-specific test implementations

🧰 Tools

🪛 Gitleaks (8.21.2)

368-368: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

382-382: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

test/solidity/Facets/GlacisFacet.t.sol (2)

10-21: Add contract documentation.

Consider adding NatSpec documentation to describe the purpose and functionality of the TestGlacisFacet contract and its methods.

 // Stub GlacisFacet Contract
+/// @title TestGlacisFacet
+/// @notice Test helper contract that extends GlacisFacet with additional methods for testing
+/// @dev Provides methods to manage allowed contracts and function selectors
 contract TestGlacisFacet is GlacisFacet {
     constructor(IGlacisAirlift _airlift) GlacisFacet(_airlift) {}

+    /// @notice Adds a DEX contract to the allowed list
+    /// @param _dex Address of the DEX to allow
     function addDex(address _dex) external {
         LibAllowList.addAllowedContract(_dex);
     }

+    /// @notice Adds a function selector to the allowed list
+    /// @param _signature Function selector to allow
     function setFunctionApprovalBySignature(bytes4 _signature) external {
         LibAllowList.addAllowedSelector(_signature);
     }
 }

---

368-394: Document the hardcoded addresses.

The contract addresses are valid blockchain addresses, not API keys. However, consider adding more detailed comments explaining:

1. The purpose of each contract address
2. Why these specific networks were chosen
3. The significance of the block numbers used for forking

 contract GlacisFacetWormholeTest is GlacisFacetTestBase {
     function setUp() public virtual override {
+        // Arbitrum network configuration
+        // Block number chosen to ensure stable state for testing
         customRpcUrlForForking = "ETH_NODE_URI_ARBITRUM";
         customBlockNumberForForking = 298468086;

+        // Glacis Airlift contract on Arbitrum
         airliftContract = IGlacisAirlift(
             0xE0A049955E18CFfd09C826C2c2e965439B6Ab272
         );
+        // W token on Arbitrum, chosen for its liquidity and compatibility
         ADDRESS_SRC_TOKEN = 0xB0fFa8000886e57F86dd5264b9582b2Ad87b2b91;
+        // Optimism chain ID for cross-chain testing
         destinationChainId = 10;
         super.setUp();
     }
 }

 contract GlacisFacetLINKTest is GlacisFacetTestBase {
     function setUp() public virtual override {
+        // Base network configuration
+        // Block number chosen to ensure stable state for testing
         customRpcUrlForForking = "ETH_NODE_URI_BASE";
         customBlockNumberForForking = 25427676;

+        // Glacis Airlift contract on Base
         airliftContract = IGlacisAirlift(
             0x56E20A6260644CC9F0B7d79a8C8E1e3Fabc15CEA
         );
+        // LINK token on Base, chosen for its liquidity and compatibility
         ADDRESS_SRC_TOKEN = 0x88Fb150BDc53A65fe94Dea0c9BA0a6dAf8C6e196;
+        // Mode chain ID for cross-chain testing
         destinationChainId = 34443;
         super.setUp();
     }
 }

🧰 Tools

🪛 Gitleaks (8.21.2)

376-376: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

390-390: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 GitHub Actions: SC Core Dev Approval Check

[warning] 380-380: Detected a Generic API Key, potentially exposing access to various services and sensitive operations

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dc333c4 and 1bbfb93.

📒 Files selected for processing (1)

• test/solidity/Facets/GlacisFacet.t.sol (1 hunks)

🧰 Additional context used

📓 Learnings (1)

test/solidity/Facets/GlacisFacet.t.sol (1)

Learnt from: mirooon
PR: lifinance/contracts#945
File: test/solidity/Facets/GlacisFacet.t.sol:0-0
Timestamp: 2025-01-28T11:29:09.566Z
Learning: Empty test methods with explanatory comments are acceptable in test classes when the feature being tested (e.g., native token bridging) is not supported by the implementation.

🪛 Gitleaks (8.21.2)

test/solidity/Facets/GlacisFacet.t.sol

376-376: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

---

390-390: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.

(generic-api-key)

🪛 GitHub Actions: SC Core Dev Approval Check

test/solidity/Facets/GlacisFacet.t.sol

[warning] 219-225: Missing assertions to verify successful liquidity addition before performing swaps

---

[warning] 366-366: Detected a Generic API Key, potentially exposing access to various services and sensitive operations

---

[warning] 380-380: Detected a Generic API Key, potentially exposing access to various services and sensitive operations

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: run-unit-tests
• GitHub Check: enforce-min-test-coverage
• GitHub Check: generate-tag
• GitHub Check: analyze

🔇 Additional comments (2)

test/solidity/Facets/GlacisFacet.t.sol (2)

136-138: Empty test methods are appropriate here.

The empty test methods with explanatory comments are acceptable since the facet does not support bridging of native assets, as indicated in the retrieved learnings.

Also applies to: 201-203

---

83-88: Add assertions to verify successful liquidity addition.

The liquidity addition is crucial for the test setup, but there are no assertions to verify it was successful. Consider adding balance checks before and after the liquidity addition.

+        uint256 daiBalanceBefore = ERC20(ADDRESS_DAI).balanceOf(address(this));
+        uint256 srcTokenBalanceBefore = srcToken.balanceOf(address(this));
+
         addLiquidity(
             ADDRESS_DAI,
             ADDRESS_SRC_TOKEN,
             100_000 * 10 ** ERC20(ADDRESS_DAI).decimals(),
             100_000 * 10 ** srcToken.decimals()
         );
+
+        uint256 daiBalanceAfter = ERC20(ADDRESS_DAI).balanceOf(address(this));
+        uint256 srcTokenBalanceAfter = srcToken.balanceOf(address(this));
+        
+        require(
+            daiBalanceBefore > daiBalanceAfter &&
+            srcTokenBalanceBefore > srcTokenBalanceAfter,
+            "Liquidity addition failed"
+        );