feat(erc20-bridge): issue TRUF tokens to layer-1#1150
Conversation
WalkthroughAdds two new public admin issuance actions in the ERC20 bridge migration: one for sepolia and one for mainnet. Each action forwards to the corresponding bridge’s issue function with the address and amount cast to NUMERIC(78,0). No existing actions are modified. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Admin
participant DB as DB Actions
participant Sepolia as sepolia_bridge
participant Mainnet as mainnet_bridge
rect rgb(235, 245, 255)
note over Admin,DB: Admin issues tokens (environment-specific)
Admin->>DB: sepolia_admin_issue_tokens(to, amount)
DB->>Sepolia: issue(to, amount::NUMERIC(78,0))
Sepolia-->>DB: ack
DB-->>Admin: result
end
rect rgb(245, 235, 255)
note over Admin,DB: Alternative: mainnet issuance
Admin->>DB: mainnet_admin_issue_tokens(to, amount)
DB->>Mainnet: issue(to, amount::NUMERIC(78,0))
Mainnet-->>DB: ack
DB-->>Admin: result
end
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Suggested reviewers
Pre-merge checks (5 passed)✅ Passed checks (5 passed)
Poem
Tip 👮 Agentic pre-merge checks are now available in preview!Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.
Please see the documentation for more information. Example: reviews:
pre_merge_checks:
custom_checks:
- name: "Undocumented Breaking Changes"
mode: "warning"
instructions: |
Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).Please share your feedback with us on this Discord post. ✨ Finishing Touches🧪 Generate unit tests
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://waps.l3s.uni-hannover.de/live/im_/https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
internal/migrations/erc20-bridge/001-actions.sql (1)
1-8: Doc block is helpful; clarify auth and idempotency in the flow.Please note explicitly that step 2 is an admin-only operation and how double-issue is prevented (e.g., by a unique lock/message ID). Also consider adding a short CLI example showing list_wallet_rewards filtered by namespace and receiver.
Can you confirm the doc reflects the actual guarantees (RBAC + idempotency) of the underlying bridge.issue implementation?
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
internal/migrations/erc20-bridge/001-actions.sql(3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: acceptance-test
- GitHub Check: lint
🔇 Additional comments (5)
internal/migrations/erc20-bridge/001-actions.sql (5)
24-27: Type choice looks correct for uint256-sized amounts.Casting to NUMERIC(78,0) is appropriate for 256-bit integer ranges. LGTM.
Also applies to: 42-43
40-41: No-op formatting change.Nothing to address here.
24-27: Restrict PUBLIC exposure or assert RBAC checks
No policies or grants were found restrictingsepolia_admin_issue_tokensorsepolia_bridge.issue, so this action remains callable by anyone. Either change the action to PRIVATE and grant EXECUTE only to an admin role, or verify and document thatsepolia_bridge.issue(and its mainnet counterpart) enforce proper RBAC internally.
24-27: Idempotency: include a unique message identifier in issue actions
Thesepolia_admin_issue_tokensandmainnet_admin_issue_tokensactions currently don’t accept or propagate any lock/message ID. Confirm whethersepolia_bridge.issue/mainnet_bridge.issuededuplicates internally; if not, extend these actions to take amessage_id(or similar) and return it for safe retry/de-duplication.
24-27: Verify input validation for sepolia_admin_issue_tokens: ensure $amount is a positive integer (no decimals), within the token cap, and $to_address is a non-zero, 0x-prefixed, 42-char address. Confirm whether sepolia_bridge.issue or the UI already enforce these; if not, add pre-cast guards to fail fast with clear errors.
Time Submission Status
|
williamrusdyputra
changed the title
2 participants
Related Problem
resolves: https://github.com/trufnetwork/truf-network/issues/1155
How Has This Been Tested?
Before (look at the CCIP-BnM token)
Lock and Issue tokens to layer-1 (Ethereum)
List Rewards for Claim (at first, the pending status will be true)
After a while, it will be confirmed (pending status false)
After Claim
https://sepolia.etherscan.io/tx/0x1fee4f4c449f4240bae64bd5f5cc485deeffc49b5a01fa7518e86b8218ce575b
https://sepolia.etherscan.io/address/0x2D4f435867066737bA1617ef024E073413909Ad2#events
Summary by CodeRabbit