Component: LedgerImplC
Description
LedgerImplC is the third extension of the Ledger contract, specifically tailored for supporting Solana-based accounts and withdrawals. It handles deposits and withdrawals associated with Solana public keys, adding them to Ledger’s records in the same way as Ethereum-based accounts. This contract also integrates cross-chain calls for approving and finalizing withdrawals.
Invariants
Solana account integrity
Deposits and withdrawals must reference a valid
accountId
that matches the broker hash and the Solana public key, verified byUtils.validateAccountId
.If an account has never been registered, its first Solana-based deposit automatically registers it with a
pubkey
.
Balance freezing and finalization
Whenever a withdrawal is initiated, the appropriate amount is frozen in both the Ledger and the VaultManager.
Finalizing (or in the case of Solana, immediate finalization) ensures no duplicate withdrawal or double-spend can occur.
Broker and token allowlists
Any broker or token involved in deposits or withdrawals must be on the VaultManager allowlist.
If
vaultManager.getAllowedBroker
orvaultManager.getAllowedChainToken
return false, the transaction reverts.
Signature validation
Solana-specific withdrawals require an EIP-712--like verification by
Signature.verifyWithdrawSol
. This prevents unauthorized parties from initiating a withdrawal.
Test coverage
Key cases covered
EIP-712 verification
Ensures valid
chainId
and signature data pass theSignature.verifyWithdrawSol
check for a Solana-based withdrawal
EIP-712 failure
Demonstrates that incorrect or manipulated signature data fails verification and is rejected
Depositing funds
Verifies that calling
accountDepositSol
correctly registers the Solana public key if unregistered, credits the ledger balance, and increments the vault balance
Withdrawal approval
Confirms that for Solana, an immediate finalization of the withdrawal occurs if all conditions pass — balances are moved into a frozen state then finalized in one step
Broker denial
Reverts if the provided
brokerHash
is disallowed, blocking unapproved brokers from using the system
Fee limits
Fails a withdrawal if the requested fee exceeds the configured max withdrawal fee, preventing users from paying excessive fees and ensuring stable operation
Attack surface
Invalid Solana signatures
Calls to
verifyWithdrawSol
ensure that each Solana-based request is signed by the genuine holder of the associated Solana pubkey. If the signature is invalid, the withdrawal reverts.
Unauthorized broker or token
The system enforces a broker and token allowlist. Any deposit or withdrawal with a disallowed
brokerHash
or token fails.
Frozen-balance manipulation
The ledger and the vault must freeze the same withdrawal amount. If freezing is tampered with, the system would quickly lose track of correct balances. The
onlyLedger
modifier mitigates external tampering.
Cross-chain vulnerabilities
Solana-based operations rely on
ILedgerCrossChainManagerV2
calls. A compromised cross-chain manager could attempt fraudulent withdrawals. However, signature checks, broker checks, and chain token allowlists mitigate this risk.