Indexing payments management audit fix

packages/contracts-test/tests/unit/rewards/rewards-interface.test.ts

@@ -54,11 +54,11 @@ describe('RewardsManager interfaces', () => {
     })
 
     it('IIssuanceTarget should have stable interface ID', () => {
-      expect(IIssuanceTarget__factory.interfaceId).to.equal('0xaee4dc43')
+      expect(IIssuanceTarget__factory.interfaceId).to.equal('0x19f6601a')
     })
 
     it('IRewardsManager should have stable interface ID', () => {
-      expect(IRewardsManager__factory.interfaceId).to.equal('0x337b092e')
+      expect(IRewardsManager__factory.interfaceId).to.equal('0x8469b577')
     })
   })
 

packages/contracts/contracts/rewards/RewardsManager.sol

@@ -173,24 +173,25 @@ contract RewardsManager is
      * Note that the IssuanceAllocator can be set to the zero address to disable use of an allocator, and
      * use the local `issuancePerBlock` variable instead to control issuance.
      */
-    function setIssuanceAllocator(address newIssuanceAllocator) external override onlyGovernor {
-        if (address(issuanceAllocator) != newIssuanceAllocator) {
+    function setIssuanceAllocator(IIssuanceAllocationDistribution newIssuanceAllocator) external override onlyGovernor {
+        if (issuanceAllocator != newIssuanceAllocator) {
             // Update rewards calculation before changing the issuance allocator
             updateAccRewardsPerSignal();
 
             // Check that the contract supports the IIssuanceAllocationDistribution interface
             // Allow zero address to disable the allocator
-            if (newIssuanceAllocator != address(0)) {
+            if (address(newIssuanceAllocator) != address(0)) {
                 // solhint-disable-next-line gas-small-strings
                 require(
-                    IERC165(newIssuanceAllocator).supportsInterface(type(IIssuanceAllocationDistribution).interfaceId),
+                    IERC165(address(newIssuanceAllocator)).supportsInterface(
+                        type(IIssuanceAllocationDistribution).interfaceId
+                    ),
                     "Contract does not support IIssuanceAllocationDistribution interface"
                 );
             }
 
-            address oldIssuanceAllocator = address(issuanceAllocator);
-            issuanceAllocator = IIssuanceAllocationDistribution(newIssuanceAllocator);
-            emit IssuanceAllocatorSet(oldIssuanceAllocator, newIssuanceAllocator);
+            emit IssuanceAllocatorSet(issuanceAllocator, newIssuanceAllocator);
+            issuanceAllocator = newIssuanceAllocator;
         }
     }
 
@@ -325,7 +326,7 @@ contract RewardsManager is
     }
 
     /**
-     * @inheritdoc IRewardsManager
+     * @inheritdoc IIssuanceTarget
      */
     function getIssuanceAllocator() external view override returns (IIssuanceAllocationDistribution) {
         return issuanceAllocator;

packages/deployment/lib/abis.ts

@@ -17,12 +17,12 @@ function loadAbi(artifactPath: string): Abi {
   return artifact.abi as Abi
 }
 
-// Interface IDs - these match the generated values from TypeChain factories
-// Verified by tests: packages/issuance/testing/tests/allocate/InterfaceIdStability.test.ts
-// and packages/contracts-test/tests/unit/rewards/rewards-interface.test.ts
+// Interface IDs - these mirror the values the compiler derives from the
+// corresponding ABI. Cross-checked by test/interface-id-stability.test.ts;
+// update both together whenever an interface changes.
 export const IERC165_INTERFACE_ID = '0x01ffc9a7' as const
-export const IISSUANCE_TARGET_INTERFACE_ID = '0xaee4dc43' as const
-export const IREWARDS_MANAGER_INTERFACE_ID = '0xa0a2f219' as const
+export const IISSUANCE_TARGET_INTERFACE_ID = '0x19f6601a' as const
+export const IREWARDS_MANAGER_INTERFACE_ID = '0x8469b577' as const
 
 export const REWARDS_MANAGER_ABI = loadAbi(
   '@graphprotocol/interfaces/artifacts/contracts/contracts/rewards/IRewardsManager.sol/IRewardsManager.json',

packages/deployment/test/interface-id-stability.test.ts

@@ -0,0 +1,34 @@
+import { expect } from 'chai'
+import type { Abi } from 'viem'
+import { toFunctionSelector } from 'viem'
+
+import {
+  IERC165_ABI,
+  IERC165_INTERFACE_ID,
+  IISSUANCE_TARGET_INTERFACE_ID,
+  IREWARDS_MANAGER_INTERFACE_ID,
+  ISSUANCE_TARGET_ABI,
+  REWARDS_MANAGER_ABI,
+} from '../lib/abis.js'
+
+function computeInterfaceId(abi: Abi): `0x${string}` {
+  const xor = abi
+    .filter((item): item is Extract<(typeof abi)[number], { type: 'function' }> => item.type === 'function')
+    .map((f) => Number.parseInt(toFunctionSelector(f).slice(2), 16) >>> 0)
+    .reduce((a, s) => (a ^ s) >>> 0, 0)
+  return `0x${xor.toString(16).padStart(8, '0')}`
+}
+
+describe('Interface ID Stability', function () {
+  it('IERC165_INTERFACE_ID matches the IERC165 ABI', function () {
+    expect(IERC165_INTERFACE_ID).to.equal(computeInterfaceId(IERC165_ABI))
+  })
+
+  it('IISSUANCE_TARGET_INTERFACE_ID matches the IIssuanceTarget ABI', function () {
+    expect(IISSUANCE_TARGET_INTERFACE_ID).to.equal(computeInterfaceId(ISSUANCE_TARGET_ABI))
+  })
+
+  it('IREWARDS_MANAGER_INTERFACE_ID matches the IRewardsManager ABI', function () {
+    expect(IREWARDS_MANAGER_INTERFACE_ID).to.equal(computeInterfaceId(REWARDS_MANAGER_ABI))
+  })
+})

packages/horizon/contracts/mocks/CallbackGasProbe.sol

@@ -0,0 +1,57 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+pragma solidity ^0.8.27;
+
+import { IProviderEligibility } from "@graphprotocol/interfaces/contracts/issuance/eligibility/IProviderEligibility.sol";
+
+/**
+ * @title CallbackGasProbe
+ * @author Edge & Node
+ * @notice Test-only contract that replicates the precheck + STATICCALL pattern used by
+ * `RecurringCollector._preCollectCallbacks` for the eligibility path. Exists so that
+ * Hardhat-side tests can verify, on a real EIP-2929-applying EVM (foundry's REVM in this
+ * project does not differentiate cold/warm in `gasleft()`-derived measurements), that
+ * `CALLBACK_GAS_OVERHEAD` covers the cold-account access cost on the staticcall.
+ *
+ * @dev MUST be kept in sync with the equivalent block in `RecurringCollector.sol`. If the
+ * production constants (`MAX_PAYER_CALLBACK_GAS`, `CALLBACK_GAS_OVERHEAD`) or the precheck /
+ * staticcall sequence change, mirror the change here. This probe is not deployed to any
+ * production network.
+ */
+contract CallbackGasProbe {
+    uint256 internal constant MAX_PAYER_CALLBACK_GAS = 1_500_000;
+    uint256 internal constant CALLBACK_GAS_OVERHEAD = 3_000;
+
+    error CallbackGasProbeInsufficientCallbackGas();
+    error CallbackGasProbeNotEligible();
+
+    /**
+     * @notice Re-runs the eligibility precheck + STATICCALL exactly as
+     * `RecurringCollector._preCollectCallbacks` does, against `payer`. Reverts with
+     * `CallbackGasProbeInsufficientCallbackGas` if the precheck blocks, or
+     * `CallbackGasProbeNotEligible` if the staticcall returned an explicit `false` (i.e.
+     * the forwarded gas was below whatever the payer mock requires). Used by the
+     * boundary test to discriminate "precheck is the gate" (overhead healthy) from
+     * "precheck passed but forwarded < threshold" (overhead insufficient for cold δ).
+     * @param payer The contract to staticcall for eligibility.
+     * @param provider The provider address passed through to `isEligible`.
+     */
+    function probeEligibility(address payer, address provider) external view {
+        if (gasleft() < (MAX_PAYER_CALLBACK_GAS * 64) / 63 + CALLBACK_GAS_OVERHEAD) {
+            revert CallbackGasProbeInsufficientCallbackGas();
+        }
+        bytes memory cd = abi.encodeCall(IProviderEligibility.isEligible, (provider));
+        bool success;
+        uint256 returnLen;
+        uint256 result;
+        // solhint-disable-next-line no-inline-assembly
+        assembly {
+            success := staticcall(MAX_PAYER_CALLBACK_GAS, payer, add(cd, 0x20), mload(cd), 0x00, 0x20)
+            returnLen := returndatasize()
+            result := mload(0x00)
+        }
+        if (success && !(returnLen < 32) && result == 0) {
+            revert CallbackGasProbeNotEligible();
+        }
+    }
+}

packages/horizon/contracts/mocks/GasReportingEligibilityMock.sol

@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+pragma solidity ^0.8.27;
+
+import { IProviderEligibility } from "@graphprotocol/interfaces/contracts/issuance/eligibility/IProviderEligibility.sol";
+import { IERC165 } from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
+
+/**
+ * @title GasReportingEligibilityMock
+ * @author Edge & Node
+ * @notice Test-only mock that returns `gasleft() >= MIN_REQUIRED_GASLEFT` from `isEligible`.
+ * Encoding the budget check into the return value is the only signal a STATICCALL
+ * callee can give (no state writes, no logs), so the boundary discriminator at the
+ * caller side is "precheck reverted" vs "got false return → eligibility revert".
+ */
+contract GasReportingEligibilityMock is IProviderEligibility, IERC165 {
+    /// @notice Minimum forwarded `gasleft()` required for `isEligible` to return true.
+    uint256 public immutable MIN_REQUIRED_GASLEFT;
+
+    constructor(uint256 minRequiredGasleft_) {
+        MIN_REQUIRED_GASLEFT = minRequiredGasleft_;
+    }
+
+    /// @inheritdoc IProviderEligibility
+    function isEligible(address) external view override returns (bool) {
+        return !(gasleft() < MIN_REQUIRED_GASLEFT);
+    }
+
+    /// @inheritdoc IERC165
+    function supportsInterface(bytes4 interfaceId) external pure override returns (bool) {
+        return interfaceId == type(IProviderEligibility).interfaceId || interfaceId == type(IERC165).interfaceId;
+    }
+}