feat: support l2 plus

[karlem]

Part of #1080

This PR focuses on:

Integration Tests in Solidity (L3-Level Testing)

• Write and run integration tests to cover the following scenarios:
  • Happy Path Scenarios:
    • From root to L3. - DONE
    • From L3 to root. - DONE
    • Between sibling L3 nodes. - DONE
  • Failure Scenarios:
    • Errors at the destination. - DONE
    • Errors midway through execution. Not sure this is really an issue.
  • Edge Case Testing:
    • Supply source mismatches. - This should really not be an issue - as the only cross net messages allowed are Call kind. (not trasfers)
    • Non-existent destinations. - DONE
  • Ensure all error cases propagate correctly. - DONE

Improvements

• Improved visibility by adding new events into the cross-message propagation process. A cross-message ID has been added to each event for better tracking and transparency:
  • CheckpointCommitted
  • NewBottomUpMessage
  • MessageStoredInPostbox
  • MessagePropagatedFromPostbox
• Automated cross-message propagation from the postbox. Previously, this process required an external caller to propagate the message, but now the IPC automatically propagates them after a checkpoint has been committed or after top-down messages have been applied.
• Added a check to verify that the destination address is indeed a contract and not an EOA (Externally Owned Account).
• Changed the behavior when applying messages: instead of reverting when a message is invalid, a result receipt is returned. This ensures that one invalid message does not disrupt the entire checkpoint submission process.
• Extracted message validation into a separate function to ensure validation is completed before committing the message. The validation function does not revert since reversion is only desirable when the message is directly triggered by a user. In scenarios where the message originates from a different subnet (e.g., in the form of a checkpoint), reversion is not appropriate. For the same reason, the commit functions (top-down, bottom-up) should also not revert, as they are triggered by automatic postbox propagation. Instead, validation is performed beforehand.

[raulk]

Some minor comments.

[cryptoAtwill]

applyCrossMessages only handles topdown messages?

[karlem]

Yes, it is only used to apply top-down messages locally after they have been finalized in Fendermint.

[cryptoAtwill]

caller why not just invoke LibGateway directly instead, it's internal anyways.

[karlem]

Raul has suggested a nice syntax sugar update. So I have added it after his comment.

[cryptoAtwill]

is there a reason why it's not reverted? Feels like it's an error that should be handled instead of introducing root = 0 as invalid subnet. Probably in some use cases root: 0, route: [] is a valid use case.

[raulk]

Sounds like this needs multi-return? SubnetID + bool?

[karlem]

The problem here is that if I revert, I lose control elsewhere. The method is also used invalidateCrossMessage, where reverting is not desirable. Additionally, commonParent method here returns the empty subnet ID instead of reverting. But I understand your point—if this were deployed on Ethereum, the root could be zero. Would returning a boolean (indicating whether it was found or not) help?

[cryptoAtwill]

feels like we just need the subnet id as the param

[raulk]

Agree. This also feels unsafe since this function could accidentally modify the subnet state, since it's passed with the storage modifier.

[karlem]

Yeah, I can pass the subnetID down, but then I would need to look up the subnet again with getSubnet(subnetId), since this function actually updates the subnet state (and has been).

[cryptoAtwill]

I still kind of feel CrossMessageValidationOutcome should not be exposed, unless different callers might handle the outcomes differently? Now every call of validateCrossMessage must handle the outcome, dont feel it's necessary though.

[karlem]

unless different callers might handle the outcomes differently? - that's exactly the case :)

[cryptoAtwill]

maybe call this nativeL2Subnet?

[raulk]

Why do we need to pass an empty address[] as the first argument?

[karlem]

@raulk Solved by using the parent route instead.

[cryptoAtwill]

the param amount could exceed the fundSubnet amount?

[karlem]

Good catch!

[cryptoAtwill]

this should be subnetL2.subnetActor? The checkpoint should be propagated to L2 right? Not to L3 subnet actor.

[karlem]

params.subnetL3.subnetActor corresponds to the L2 subnet actor. I agree it can be confusing, but I'm building around the already existing TestSubnetDefinition.

[karlem]

I guess if you find it super confusing I can rename it. But it might affect a lot of files :)

[cryptoAtwill]

the params.subnetL3.subnetActor refers to the SubnetActorDiamond in L2?

[karlem]

Yes.

[cryptoAtwill]

shouldnt this be parent subnet id? How do you know the subnet path before it's created?

[raulk]

I think this is supposed to be the parent subnet path, but it seems redundant since we can just get it from parentId.path?

[karlem]

Yes, good catch. The parent id route can be used.

[cryptoAtwill]

@karlem Another question I have is regarding nonce. Say a bottom up message is created in L3, the nonce will be set by the local network. Then in L2, will the cross network message nonce change? If so, then the id (keccak) will change too?

[raulk]

Some initial comments.

[raulk]

Agree. This also feels unsafe since this function could accidentally modify the subnet state, since it's passed with the storage modifier.

[raulk]

@cryptoAtwill unfortunately Solidity's try/catch is profoundly crippled because it only works for cross-contract calls.

[raulk]

Do you want to test this with receive as well?

[raulk]

Why?

[karlem]

Because it was labeled as a top-down message, but the path (from, to) made it a bottom-up message, the test was incorrect. Since we now have checks ensuring that top-down messages are indeed top-down (as a parent can't send a message to itself), this would cause a revert.

[raulk]

Why do we need to pass an empty address[] as the first argument?

[raulk]

I think this is supposed to be the parent subnet path, but it seems redundant since we can just get it from parentId.path?

[karlem]

@karlem Another question I have is regarding nonce. Say a bottom up message is created in L3, the nonce will be set by the local network. Then in L2, will the cross network message nonce change? If so, then the id (keccak) will change too?

Hmm that's a good point. I will think about how to mitigate this.