fix: some fixes for medium-interop review + ERC7786 compatibility changes (#1556)

Co-authored-by: nikitastupin-matterlabs <[email protected]>

Author: 0xValera

.gitmodules

@@ -15,3 +15,6 @@
 [submodule "lib/@matterlabs/zksync-contracts"]
 	path = lib/@matterlabs/zksync-contracts
 	url = https://github.com/matter-labs/v2-testnet-contracts
+[submodule "l1-contracts/lib/openzeppelin-contracts-master"]
+	path = l1-contracts/lib/openzeppelin-contracts-master
+	url = https://github.com/OpenZeppelin/openzeppelin-contracts.git

l1-contracts/contracts/bridge/L2SharedBridgeLegacy.sol

@@ -16,7 +16,7 @@ import {IL2AssetRouter} from "./asset-router/IL2AssetRouter.sol";
 import {IL2NativeTokenVault} from "./ntv/IL2NativeTokenVault.sol";
 
 import {IL2SharedBridgeLegacy} from "./interfaces/IL2SharedBridgeLegacy.sol";
-import {AmountMustBeGreaterThanZero, DeployFailed, EmptyBytes32, Unauthorized, ZeroAddress, InvalidCaller} from "../common/L1ContractErrors.sol";
+import {AmountMustBeGreaterThanZero, DeployFailed, EmptyBytes32, Unauthorized, ZeroAddress} from "../common/L1ContractErrors.sol";
 
 /// @author Matter Labs
 /// @custom:security-contact [email protected]
@@ -113,7 +113,7 @@ contract L2SharedBridgeLegacy is IL2SharedBridgeLegacy, Initializable {
             AddressAliasHelper.undoL1ToL2Alias(msg.sender) != l1Bridge &&
             AddressAliasHelper.undoL1ToL2Alias(msg.sender) != l1SharedBridge
         ) {
-            revert InvalidCaller(msg.sender);
+            revert Unauthorized(msg.sender);
         }
 
         IL2AssetRouter(L2_ASSET_ROUTER_ADDR).finalizeDepositLegacyBridge({

l1-contracts/contracts/bridge/asset-router/AssetRouterBase.sol

@@ -109,14 +109,14 @@ abstract contract AssetRouterBase is IAssetRouterBase, Ownable2StepUpgradeable,
         bytes32 _assetId,
         address _originalCaller,
         uint256 _amount
-    ) public payable virtual;
+    ) external payable virtual;
 
     function _bridgehubDepositBaseToken(
         uint256 _chainId,
         bytes32 _assetId,
         address _originalCaller,
         uint256 _amount
-    ) public payable virtual {
+    ) internal virtual {
         address assetHandler = assetHandlerAddress[_assetId];
         require(assetHandler != address(0), AssetHandlerDoesNotExist(_assetId));
 
@@ -220,7 +220,7 @@ abstract contract AssetRouterBase is IAssetRouterBase, Ownable2StepUpgradeable,
     //////////////////////////////////////////////////////////////*/
 
     /// @inheritdoc IAssetRouterBase
-    function finalizeDeposit(uint256 _chainId, bytes32 _assetId, bytes calldata _transferData) public payable virtual;
+    function finalizeDeposit(uint256 _chainId, bytes32 _assetId, bytes calldata _transferData) external payable virtual;
 
     function _finalizeDeposit(
         uint256 _chainId,

l1-contracts/contracts/bridge/asset-router/IL1AssetRouter.sol

@@ -8,7 +8,7 @@ import {IAssetRouterBase} from "./IAssetRouterBase.sol";
 import {L2TransactionRequestTwoBridgesInner} from "../../bridgehub/IBridgehub.sol";
 import {IL1SharedBridgeLegacy} from "../interfaces/IL1SharedBridgeLegacy.sol";
 import {IL1ERC20Bridge} from "../interfaces/IL1ERC20Bridge.sol";
-import {IL1CrossChainSender} from "./IL1CrossChainSender.sol";
+import {IL1CrossChainSender} from "../interfaces/IL1CrossChainSender.sol";
 
 /// @title L1 Bridge contract interface
 /// @author Matter Labs

l1-contracts/contracts/bridge/asset-router/IL2AssetRouter.sol

@@ -3,11 +3,11 @@
 pragma solidity ^0.8.20;
 
 import {IAssetRouterBase} from "./IAssetRouterBase.sol";
-import {InteropCallStarter} from "../../common/Messaging.sol";
+import {IL2CrossChainSender} from "../interfaces/IL2CrossChainSender.sol";
 
 /// @author Matter Labs
 /// @custom:security-contact [email protected]
-interface IL2AssetRouter is IAssetRouterBase {
+interface IL2AssetRouter is IAssetRouterBase, IL2CrossChainSender {
     event WithdrawalInitiatedAssetRouter(
         uint256 chainId,
         address indexed l2Sender,
@@ -37,19 +37,4 @@ interface IL2AssetRouter is IAssetRouterBase {
     /// a legacy asset.
     /// @param _assetId The assetId of the legacy token.
     function setLegacyTokenAssetHandler(bytes32 _assetId) external;
-
-    /// @notice Function that returns an InteropCallStarter corresponding to the interop call. Effectively this initiates bridging,
-    ///         BH part is processed within this function via `_bridgehubDeposit` call which also returns the data for an l2 call
-    ///         on the destination chain (which will be processed with the returned InteropCallStarter from this function).
-    /// @param _chainId Destination chain ID.
-    /// @param _originalCaller The `msg.sender` address from the external call that initiated current one.
-    /// @param _value The `msg.value` to be deposited on the target chain.
-    /// @param _data The calldata for the second bridge deposit.
-    /// @return interopCallStarter InteropCallStarter corresponding to the second bridge call.
-    function interopCenterInitiateBridge(
-        uint256 _chainId,
-        address _originalCaller,
-        uint256 _value,
-        bytes calldata _data
-    ) external payable returns (InteropCallStarter memory interopCallStarter);
 }

l1-contracts/contracts/bridge/asset-router/L1AssetRouter.sol

@@ -9,6 +9,7 @@ import {IL1AssetRouter} from "./IL1AssetRouter.sol";
 import {IL2AssetRouter} from "./IL2AssetRouter.sol";
 import {IAssetRouterBase, LEGACY_ENCODING_VERSION, SET_ASSET_HANDLER_COUNTERPART_ENCODING_VERSION} from "./IAssetRouterBase.sol";
 import {AssetRouterBase} from "./AssetRouterBase.sol";
+import {IL1CrossChainSender} from "../interfaces/IL1CrossChainSender.sol";
 
 import {IL1AssetHandler} from "../interfaces/IL1AssetHandler.sol";
 import {IL1ERC20Bridge} from "../interfaces/IL1ERC20Bridge.sol";
@@ -195,7 +196,7 @@ contract L1AssetRouter is AssetRouterBase, IL1AssetRouter, ReentrancyGuard {
         _bridgehubDepositBaseToken(_chainId, _assetId, _originalCaller, _amount);
     }
 
-    /// @inheritdoc IL1AssetRouter
+    /// @inheritdoc IL1CrossChainSender
     function bridgehubDeposit(
         uint256 _chainId,
         address _originalCaller,

l1-contracts/contracts/bridge/asset-router/L2AssetRouter.sol

@@ -3,6 +3,7 @@
 pragma solidity 0.8.28;
 
 import {IL2AssetRouter} from "./IL2AssetRouter.sol";
+import {IL2CrossChainSender} from "../interfaces/IL2CrossChainSender.sol";
 import {IAssetRouterBase} from "./IAssetRouterBase.sol";
 import {AssetRouterBase} from "./AssetRouterBase.sol";
 
@@ -20,15 +21,16 @@ import {InteropCallStarter} from "../../common/Messaging.sol";
 import {L2_BRIDGEHUB_ADDR, L2_INTEROP_CENTER_ADDR, L2_NATIVE_TOKEN_VAULT_ADDR} from "../../common/l2-helpers/L2ContractAddresses.sol";
 import {L2ContractHelper} from "../../common/l2-helpers/L2ContractHelper.sol";
 import {DataEncoding} from "../../common/libraries/DataEncoding.sol";
-import {AmountMustBeGreaterThanZero, AssetIdNotSupported, EmptyAddress, InvalidCaller, Unauthorized, TokenNotLegacy, InvalidSelector, PayloadTooShort, ExecuteMessageFailed} from "../../common/L1ContractErrors.sol";
-import {IERC7786Receiver} from "../../interop/IERC7786Receiver.sol";
+import {AmountMustBeGreaterThanZero, AssetIdNotSupported, EmptyAddress, Unauthorized, TokenNotLegacy, InvalidSelector, PayloadTooShort, ExecuteMessageFailed} from "../../common/L1ContractErrors.sol";
+import {IERC7786Recipient} from "../../interop/IERC7786Recipient.sol";
 import {IERC7786Attributes} from "../../interop/IERC7786Attributes.sol";
+import {InteroperableAddress} from "@openzeppelin/contracts-master/utils/draft-InteroperableAddress.sol";
 
 /// @author Matter Labs
 /// @custom:security-contact [email protected]
 /// @notice The "default" bridge implementation for the ERC20 tokens. Note, that it does not
 /// support any custom token logic, i.e. rebase tokens' functionality is not supported.
-contract L2AssetRouter is AssetRouterBase, IL2AssetRouter, ReentrancyGuard, IERC7786Receiver {
+contract L2AssetRouter is AssetRouterBase, IL2AssetRouter, ReentrancyGuard, IERC7786Recipient {
     /// @dev The address of the L2 legacy shared bridge.
     address public immutable L2_LEGACY_SHARED_BRIDGE;
 
@@ -42,9 +44,9 @@ contract L2AssetRouter is AssetRouterBase, IL2AssetRouter, ReentrancyGuard, IERC
     modifier onlyAssetRouterCounterpart(uint256 _originChainId) {
         if (_originChainId == L1_CHAIN_ID) {
             // Only the L1 Asset Router counterpart can initiate and finalize the deposit.
-            require(AddressAliasHelper.undoL1ToL2Alias(msg.sender) == L1_ASSET_ROUTER, InvalidCaller(msg.sender));
+            require(AddressAliasHelper.undoL1ToL2Alias(msg.sender) == L1_ASSET_ROUTER, Unauthorized(msg.sender));
         } else {
-            revert InvalidCaller(msg.sender); // xL2 messaging not supported for now
+            revert Unauthorized(msg.sender);
         }
         _;
     }
@@ -53,27 +55,25 @@ contract L2AssetRouter is AssetRouterBase, IL2AssetRouter, ReentrancyGuard, IERC
     modifier onlyAssetRouterCounterpartOrSelf(uint256 _chainId) {
         if (_chainId == L1_CHAIN_ID) {
             // Only the L1 Asset Router counterpart can initiate and finalize the deposit.
-            if (
-                (AddressAliasHelper.undoL1ToL2Alias(msg.sender) != L1_ASSET_ROUTER) &&
-                msg.sender != address(this) &&
-                (AddressAliasHelper.undoL1ToL2Alias(msg.sender) != address(this))
-            ) {
-                revert InvalidCaller(msg.sender);
+            if ((AddressAliasHelper.undoL1ToL2Alias(msg.sender) != L1_ASSET_ROUTER) && msg.sender != address(this)) {
+                revert Unauthorized(msg.sender);
             }
         } else {
-            revert InvalidCaller(msg.sender); // xL2 messaging not supported for now
+            if (msg.sender != address(this)) {
+                revert Unauthorized(msg.sender);
+            }
         }
         _;
     }
 
     /// @notice Checks that the message sender is the legacy L2 bridge.
     modifier onlyLegacyBridge() {
-        require(msg.sender == L2_LEGACY_SHARED_BRIDGE, InvalidCaller(msg.sender));
+        require(msg.sender == L2_LEGACY_SHARED_BRIDGE, Unauthorized(msg.sender));
         _;
     }
 
     modifier onlyNTV() {
-        require(msg.sender == L2_NATIVE_TOKEN_VAULT_ADDR, InvalidCaller(msg.sender));
+        require(msg.sender == L2_NATIVE_TOKEN_VAULT_ADDR, Unauthorized(msg.sender));
         _;
     }
 
@@ -130,42 +130,32 @@ contract L2AssetRouter is AssetRouterBase, IL2AssetRouter, ReentrancyGuard, IERC
     }
 
     /// @notice Executes cross-chain interop messages following ERC-7786 standard
-    /// @param messageId Gateway-specific message identifier (currently unused)
-    /// @param sourceChain CAIP-2 chain identifier where the message originated
-    /// @param sender CAIP-10 account address that initiated the cross-chain message
+    /// @param sender ERC-7930 Address of the message sender
     /// @param payload Encoded function call data (must be finalizeDeposit)
-    /// @param attributes ERC-7786 message attributes (currently unused)
     /// @return Function selector confirming successful execution per ERC-7786
-    function executeMessage(
-        // kl todo: change back to strings
-        // solhint-disable-next-line no-unused-vars
-        bytes32 messageId, // Gateway-specific message identifier
-        uint256 sourceChain, // [CAIP-2] chain identifier
-        address sender, // [CAIP-10] account address
-        bytes calldata payload,
-        // solhint-disable-next-line no-unused-vars
-        bytes[] calldata attributes
+    function receiveMessage(
+        bytes32 /* receiveId */, // Unique identifier
+        bytes calldata sender, // ERC-7930 address
+        bytes calldata payload
     ) external payable returns (bytes4) {
         // This function serves as the L2AssetRouter's entry point for processing cross-chain bridge operations
         // initiated through the InteropCenter system. It implements critical security validations:
-        // - L1->L2 calls: Only L1_ASSET_ROUTER can send messages from L1_CHAIN_ID
+        // - L1->L2 calls: Currently Interop can only be initiated on L2, so this case shouldn't be covered.
         // - L2->L2 calls: Only this contract (L2AssetRouter) can send messages from other L2 chains
         //
         // This dual validation prevents attackers from spoofing cross-chain messages by requiring
         // both correct source chain ID and authorized sender address.
         //
         // INDIRECT CALL PATTERN (L2->L2 interop flow):
         // 1. User calls InteropCenter on source L2
-        // 2. InteropCenter calls interopCenterInitiateBridge() on source chain's L2AssetRouter
+        // 2. InteropCenter calls initiateBridging() on source chain's L2AssetRouter
         // 3. Source L2AssetRouter becomes the "sender" for the destination L2 call
-        // 4. Destination L2 validates sender == address(this) for non-L1 sources
+        // 4. Destination L2 validates senderAddress == address(this) for non-L1 sources
         //    (L2AssetRouter address is equal for all ZKsync chains)
 
-        require(
-            (sourceChain == L1_CHAIN_ID && sender == L1_ASSET_ROUTER) ||
-                (sourceChain != L1_CHAIN_ID && sender == address(this)),
-            InvalidCaller(sender)
-        );
+        (uint256 senderChainId, address senderAddress) = InteroperableAddress.parseEvmV1Calldata(sender);
+
+        require((senderChainId != L1_CHAIN_ID && senderAddress == address(this)), Unauthorized(senderAddress));
 
         // The payload must contain a valid finalizeDeposit selector to ensure only legitimate
         // bridge operations are executed. This prevents arbitrary function calls through the interop system.
@@ -177,7 +167,7 @@ contract L2AssetRouter is AssetRouterBase, IL2AssetRouter, ReentrancyGuard, IERC
 
         (bool success, ) = address(this).call(payload);
         require(success, ExecuteMessageFailed());
-        return IERC7786Receiver.executeMessage.selector;
+        return IERC7786Recipient.receiveMessage.selector;
     }
 
     /*//////////////////////////////////////////////////////////////
@@ -219,13 +209,13 @@ contract L2AssetRouter is AssetRouterBase, IL2AssetRouter, ReentrancyGuard, IERC
         emit DepositFinalizedAssetRouter(_originChainId, _assetId, _transferData);
     }
 
-    /// @inheritdoc IL2AssetRouter
-    function interopCenterInitiateBridge(
+    /// @inheritdoc IL2CrossChainSender
+    function initiateBridging(
         uint256 _chainId,
         address _originalCaller,
         uint256 _value,
         bytes calldata _data
-    ) external payable returns (InteropCallStarter memory interopCallStarter) {
+    ) external payable onlyL2InteropCenter returns (InteropCallStarter memory interopCallStarter) {
         // This function is called by the InteropCenter when processing indirect interop calls.
         // It prepares the bridge operation for cross-chain execution through these steps:
         // 1. Processing the deposit through the standard bridgehub flow
@@ -252,7 +242,7 @@ contract L2AssetRouter is AssetRouterBase, IL2AssetRouter, ReentrancyGuard, IERC
         bytes[] memory attributes = new bytes[](1);
         attributes[0] = abi.encode(IERC7786Attributes.interopCallValue.selector, _value);
         interopCallStarter = InteropCallStarter({
-            nextContract: request.l2Contract,
+            to: request.l2Contract,
             data: request.l2Calldata,
             callAttributes: attributes
         });

l1-contracts/contracts/bridge/asset-tracker/AssetTracker.sol

@@ -11,7 +11,7 @@ import {L2_ASSET_ROUTER_ADDR, L2_ASSET_TRACKER_ADDR, L2_INTEROP_CENTER_ADDR, L2_
 import {DataEncoding} from "../../common/libraries/DataEncoding.sol";
 import {IAssetRouterBase} from "../asset-router/IAssetRouterBase.sol";
 import {INativeTokenVault} from "../ntv/INativeTokenVault.sol";
-import {InsufficientChainBalanceAssetTracker, InvalidInteropCalldata, InvalidMessage, InvalidProof, ReconstructionMismatch, Unauthorized, ChainIdNotRegistered} from "../../common/L1ContractErrors.sol";
+import {InsufficientChainBalanceAssetTracker, InvalidInteropCalldata, InvalidMessage, InvalidProof, ReconstructionMismatch, Unauthorized, ChainIdNotRegistered, InvalidChainId} from "../../common/L1ContractErrors.sol";
 import {IMessageRoot} from "../../bridgehub/IMessageRoot.sol";
 import {ProcessLogsInput} from "../../state-transition/chain-interfaces/IExecutor.sol";
 import {DynamicIncrementalMerkleMemory} from "../../common/libraries/DynamicIncrementalMerkleMemory.sol";
@@ -24,7 +24,7 @@ import {FinalizeL1DepositParams} from "../../bridge/interfaces/IL1Nullifier.sol"
 import {TransientPrimitivesLib} from "../../common/libraries/TransientPrimitves/TransientPrimitives.sol";
 import {AddressAliasHelper} from "../../vendor/AddressAliasHelper.sol";
 // import {IChainAssetHandler} from "../../bridgehub/IChainAssetHandler.sol";
-import {NotMigratedChain, InvalidAssetId, InvalidAmount, InvalidChainId, InvalidSender} from "./AssetTrackerErrors.sol";
+import {NotMigratedChain, InvalidAssetId, InvalidAmount, InvalidSender} from "./AssetTrackerErrors.sol";
 
 contract AssetTracker is IAssetTracker, Ownable2StepUpgradeable, AssetHandlerModifiers {
     using DynamicIncrementalMerkleMemory for DynamicIncrementalMerkleMemory.Bytes32PushTree;

l1-contracts/contracts/bridge/asset-tracker/AssetTrackerErrors.sol

@@ -5,8 +5,6 @@ pragma solidity ^0.8.21;
 error InvalidAmount();
 // 0xfafca5a0
 error InvalidAssetId();
-// 0x7a47c9a2
-error InvalidChainId();
 // 0x4ecc0587
 error InvalidMigrationNumber();
 // 0xddb5de5e