Component: LedgerImplA
Description
The LedgerImplA contract provides the logic and state updates that power important account operations like deposits, withdrawals, liquidation, and settlement. It ensures these operations are carried out securely and consistently, relying on checks for broker/token allowance, EIP-712 signatures, and safe finalization of withdrawals.
Invariants
Account integrity
Deposits and withdrawals must reference valid
accountId
s that match the broker hash and user address (verified viaUtils.validateAccountId
).If an account does not exist yet, its first deposit automatically registers it.
Balance consistency
When an account deposits, its ledger balance and the corresponding chain balance in VaultManager must both increase by the deposit amount.
When an account withdraws, the withdrawn amount is frozen in both the ledger and the vault until finalization, preventing double-spends or repeated withdrawals.
Authorization
Only the cross-chain manager is allowed to call
accountDeposit
.Only the designated operator can call certain methods, such as
executeWithdrawAction
.Broker, token, and symbol checks must be successful before an operation can proceed (e.g.,
vaultManager.getAllowedBroker
,vaultManager.getAllowedChainToken
).
Signature validity
Methods like
Signature.verifyWithdraw
andSignature.verifyDelegateWithdraw
ensure that any user-initiated withdrawal is backed by a correct EIP-712 signature.These checks safeguard against unauthorized or replayed transactions by requiring a strictly increasing
withdrawNonce
.
Test coverage
Key cases covered
Correct signature validation
Verifies that a valid EIP-712 signature (
verifyWithdraw
) succeeds when thechainId
and signature data match
Signature failure with incorrect
chainId
Checks that providing an incorrect
chainId
causes the withdrawal signature verification to fail, thereby rejecting the transaction
Valid deposit via cross-chain
Simulates a deposit called by the cross-chain manager
Confirms that ledger and VaultManager balances both reflect the deposited amount
Withdrawal approval
Examines
executeWithdrawAction
, ensuring that the user’s ledger balance is frozen and the corresponding vault chain balance is also lockedShows that amounts remain frozen until the withdrawal is finalized on chain
Revert on invalid
accountId
Attempts to deposit with an
accountId
that does not match the user address and broker hash, causing the operation to revert
Withdrawal finalization
Tests finalizing a withdrawal with
accountWithDrawFinish
, verifying that frozen balances are removed from the ledger and vault once the process completesDemonstrates a full cross-chain withdrawal flow from freeze to finish
Attack surface
Signature replay or invalid signature
All user-triggered withdrawals require a valid EIP-712 signature from the correct user and a monotonically increasing
withdrawNonce
. This mitigates replay and spoofing.
Unauthorized calls
Only whitelisted entities can call
accountDeposit
.Only the system’s designated operator can trigger certain ledger actions.
Additional safeguards exist through
vaultManager
checks to ensure only allowed brokers and tokens are utilized.
Frozen-balance manipulation
During a withdrawal, both ledger and vault balances are frozen. Nonces ensure the same amount cannot be unfrozen more than once, preventing any double-spend exploits.