Skip to content

Commit 5fc94b8

Browse files
authored
Merge pull request #5 from PayNodeLabs/develop
feat: update router addresses and enhance PayNodeRouter security
2 parents 6037374 + 1f94a3e commit 5fc94b8

File tree

4 files changed

+14
-8
lines changed

4 files changed

+14
-8
lines changed

script/Config.s.sol

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,11 @@ pragma solidity ^0.8.20;
33

44
// Generated by scripts/sync-config.py
55
library Config {
6-
address public constant ROUTER_MAINNET = 0x92e20164FC457a2aC35f53D06268168e6352b200;
7-
address public constant ROUTER_SEPOLIA = 0xB587Bc36aaCf65962eCd6Ba59e2DA76f2f575408;
6+
address public constant ROUTER_MAINNET = 0x4A73696ccF76E7381b044cB95127B3784369Ed63;
7+
address public constant ROUTER_SEPOLIA = 0x24cD8b68aaC209217ff5a6ef1Bf55a59f2c8Ca6F;
88
address public constant TREASURY = 0x598bF63F5449876efafa7b36b77Deb2070621C0E;
99
address public constant USDC_MAINNET = 0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913;
1010
address public constant USDC_SEPOLIA = 0xeAC1f2C7099CdaFfB91Aa3b8Ffd653Ef16935798;
11+
uint256 public constant MIN_PAYMENT_AMOUNT = 1000;
12+
uint256 public constant FEE_BPS = 100;
1113
}

script/DeploySepolia.s.sol

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,11 @@ pragma solidity ^0.8.20;
33

44
import {Script, console} from "forge-std/Script.sol";
55
import {PayNodeRouter} from "../src/PayNodeRouter.sol";
6+
import {Config} from "./Config.s.sol";
67

78
contract DeploySepolia is Script {
89
function run() external {
9-
address treasury = 0x598bF63F5449876efafa7b36b77Deb2070621C0E;
10+
address treasury = Config.TREASURY;
1011

1112
vm.startBroadcast();
1213
PayNodeRouter router = new PayNodeRouter(treasury);

src/PayNodeRouter.sol

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,9 +25,11 @@ contract PayNodeRouter is Ownable2Step, Pausable {
2525
// Fixed protocol fee: 1% (100 basis points out of 10000)
2626
uint256 public constant PROTOCOL_FEE_BPS = 100;
2727
uint256 public constant MAX_BPS = 10000;
28+
uint256 public constant MIN_PAYMENT_AMOUNT = 1000;
2829

2930
error InvalidAddress();
30-
error AmountMustBeGreaterThanZero();
31+
error AmountTooLow();
32+
error UnauthorizedCaller();
3133

3234
// Redesigned event to match SDK requirements (indexed orderId, token verification, chainId)
3335
event PaymentReceived(
@@ -98,6 +100,8 @@ contract PayNodeRouter is Ownable2Step, Pausable {
98100
bytes32 r,
99101
bytes32 s
100102
) external whenNotPaused {
103+
if (msg.sender != payer) revert UnauthorizedCaller();
104+
101105
// 1. Consume permit to grant allowance to this router
102106
IERC20Permit(token).permit(payer, address(this), amount, deadline, v, r, s);
103107

@@ -110,7 +114,7 @@ contract PayNodeRouter is Ownable2Step, Pausable {
110114
*/
111115
function _processPayment(address payer, address token, address merchant, uint256 amount, bytes32 orderId) internal {
112116
if (merchant == address(0) || token == address(0)) revert InvalidAddress();
113-
if (amount == 0) revert AmountMustBeGreaterThanZero();
117+
if (amount < MIN_PAYMENT_AMOUNT) revert AmountTooLow();
114118

115119
// Calculate 1% fee
116120
uint256 fee = (amount * PROTOCOL_FEE_BPS) / MAX_BPS;

test/PayNodeRouter.t.sol

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -113,9 +113,8 @@ contract PayNodeRouterTest is Test {
113113
vm.expectEmit(true, true, true, true);
114114
emit PaymentReceived(orderId, merchant, payer, address(usdc), paymentAmount, expectedFee, block.chainid);
115115

116-
// We use an agent to send the transaction to test the Relayer functionality properly!
117-
address agent = address(uint160(0x12345));
118-
vm.prank(agent);
116+
// Use the payer as the caller to prevent MiTM issues as per router security logic
117+
vm.prank(payer);
119118
router.payWithPermit(payer, address(usdc), merchant, paymentAmount, orderId, deadline, v, r, s);
120119

121120
assertEq(usdc.balanceOf(merchant), 99 * 10 ** 6);

0 commit comments

Comments
 (0)