Fix initaite tx

[mattsu6666]

Overview

There was a bug in initiateTx that allowed authentication to be bypassed.

• Added support for AUTH_MODE_EXTENSION in initiateTx to ensure consistency with Cross in Go.
• As a result, cross-solidity now supports both AUTH_MODE_LOCAL and AUTH_MODE_EXTENSION.
• Improved initiateTx to support both AUTH_MODE_LOCAL and AUTH_MODE_EXTENSION within a single transaction.

ethereum-cross-demo will be updated in a separate PR after this PR is merged.

[github-actions]

⛽ Gas Usage Changes

Comparison against main branch:

Click to view gas diff

test_initAuthState_DelegatesToAuthManager() (gas: +6 (0.008%)) 
test_sign_DelegatesToAuthManager() (gas: +6 (0.012%)) 
test_sign_IgnoresUnknownSigners() (gas: +27 (0.013%)) 
test_getAuthState_ReturnsCorrectRemainingSigners() (gas: +54 (0.015%)) 
test_sign_IgnoresDuplicateSignatures() (gas: +54 (0.019%)) 
test_initAuthState_HandlesDuplicateSigners() (gas: +54 (0.019%)) 
test_initAuthState_Succeeds() (gas: +54 (0.020%)) 
test_setStateFromRemainingList_HandlesDuplicatesAndReturnsRemains() (gas: +54 (0.021%)) 
test_getRemainingSigners_TracksSigningProgress() (gas: +81 (0.023%)) 
test_initiateTx_RevertWhen_TimeoutHeightExpired() (gas: +74 (0.126%)) 
test_initiateTx_RevertWhen_ChainIDMismatch() (gas: +85 (0.139%)) 
test_initiateTx_RevertWhen_TimeoutTimestampExpired() (gas: +206 (0.347%)) 
test_getRequiredAccounts_ReturnsEmptyArrayWhenNoSigners() (gas: +328 (0.470%)) 
test_getRequiredAccounts_ReturnsEmptyArrayWhenNoTxs() (gas: +204 (0.498%)) 
test_constructor_SetsChainIDHash() (gas: +43 (0.517%)) 
test_getRequiredAccounts_AggregatesSigners() (gas: +3148 (1.180%)) 
test_initiateTx_RevertWhen_txIDAlreadyExists() (gas: +2753 (1.770%)) 
test_selfXCC_ReturnsCorrectChannelInfo() (gas: +308 (1.806%)) 
test_constructor_GrantsIbcRoleWhenDebugModeTrue() (gas: +86619 (2.655%)) 
test_constructor_DoesNotGrantIbcRoleWhenDebugModeFalse() (gas: +86619 (2.673%)) 
test_extSignTx_SucceedsAsCompletedAndEmitsEvent() (gas: +2267 (2.693%)) 
test_initialize_SucceedsAndEmitsEvents() (gas: -55941 (-3.573%)) 
test_initialize_RevertWhen_ArrayLengthMismatch() (gas: -55897 (-3.678%)) 
test_initialize_RevertWhen_AlreadyInitialized() (gas: -55891 (-3.767%)) 
test_verifySignatures_DelegatesToAuthManager() (gas: +1860 (3.789%)) 
test_initialize_RevertWhen_EmptyTypeUrl() (gas: -55902 (-3.835%)) 
test_initialize_RevertWhen_ZeroAddressVerifier() (gas: -55903 (-4.006%)) 
test_initialize_SucceedsWithEmptyArrays() (gas: -55865 (-4.013%)) 
test_extSignTx_RevertsIf_VerificationFails() (gas: +2268 (4.628%)) 
test_extSignTx_SucceedsAsPending() (gas: +2267 (5.117%)) 
test_verifySignatures_RevertWhen_StaticCallFails() (gas: +1806 (5.746%)) 
test_verifySignatures_RevertWhen_VerifierReturnsFalse() (gas: +1914 (5.905%)) 
test_verifySignatures_SucceedsSingleSigner() (gas: +1792 (6.357%)) 
test_verifySignatures_SucceedsMultipleSigners() (gas: +3243 (7.624%)) 
test_verifySignatures_RevertWhen_VerifierNotFound() (gas: +2195 (8.005%)) 
test_verifySignatures_RevertWhen_AuthModeMismatch() (gas: +2264 (9.573%)) 
test_verifySignatures_RevertWhen_TooManySigners() (gas: +65609 (44.755%)) 
test_initiateTx_SucceedsAsVerifiedWhenSignersMet() (gas: +203879 (65.921%)) 
test_initiateTx_SucceedsAsPendingWhenSignersNotMet() (gas: +196974 (72.340%)) 
Overall gas change: 333716 (0.031%)

Calculated by Foundry Gas Snapshot Action

[github-actions]

LCOV of commit fd99c04 during Coverage Report #286

Summary coverage rate:
  lines......: 96.6% (648 of 671 lines)
  functions..: 95.6% (109 of 114 functions)
  branches...: no data found

Files changed coverage rate:
                                         |Lines       |Functions  |Branches    
  Filename                               |Rate     Num|Rate    Num|Rate     Num
  =============================================================================
  src/core/DelegatedLogicHandler.sol     |32.4%     68| 0.0%    22|    -      0
  src/core/Initiator.sol                 | 9.7%     72| 0.0%     7|    -      0
  src/core/TxAuthManager.sol             |17.1%     82| 0.0%    14|    -      0

Full coverage report

[Copilot]

Pull request overview

This PR hardens initiateTx authentication by validating the provided signer set up-front and adding support for AUTH_MODE_EXTENSION, aligning behavior with Cross in Go and preventing authentication bypass.

Changes:

• Added signer validation in Initiator.initiateTx, including sender binding for local signers and signature verification for extension signers.
• Updated TxAuthManagerBase / implementations to accept signer arrays as memory for signature verification, and adjusted callers/tests accordingly.
• Expanded Solidity + Go tests to cover extension signers, mixed signer modes, and failure cases.

Reviewed changes

Copilot reviewed 9 out of 10 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/core/Initiator.sol	Adds _validateInitiateSigners + extension-signer extraction and calls validation before persisting the tx.
src/core/TxAuthManagerBase.sol	Changes _verifySignatures parameter from calldata to memory.
src/core/TxAuthManager.sol	Updates _verifySignatures implementation to match the memory signature and refactors minor formatting.
src/core/DelegatedLogicHandler.sol	Updates delegated _verifySignatures override to match the new memory signature.
test/Initiator.t.sol	Adds extensive initiateTx test coverage for local/extension/mixed signer validation and verification failures.
test/Coordinator.t.sol	Updates mock _verifySignatures override to match the new signature.
test/Authenticator.t.sol	Updates mock _verifySignatures override to match the new signature.
pkg/testing/cross_test.go	Aligns the local signer Id used in Go integration testing with opts.From.Bytes().
package-lock.json	Lockfile metadata update.
.gas-snapshot	Updates gas baselines reflecting the new validation/verification work.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[dai1975]

LGTM