🔨 contracts: support hyperlane on redeployer

[itofarina]

Summary by CodeRabbit

• New Features

  • Deployable EXA routers enabling cross-domain transfers across OP, BASE, and POLYGON.

• Tests

  • Added multi-domain integration tests (round-trip transfers, access-control revert cases).
  • Updated gas snapshot with numerous test gas adjustments and tightened a deployment expectation to zero supply.

• Chores

  • Added mailbox network addresses to deployment config.
  • Updated dev dependencies, import remappings, and build manifest.

• Style/Docs

  • Minor dictionary and changelog additions.

---

[changeset-bot]

🦋 Changeset detected

Latest commit: f7f7600

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 0 packages

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Adds Hyperlane integration and mailbox addresses, new Redeployer router/EXA deploy/upgrade functions, a multi-domain HypEXA test suite, dependency and remapping updates, a gas-snapshot refresh, and minor test expectation adjustment; no public API signatures removed.

Changes

Cohort / File(s)	Summary
Dependencies & Config contracts/package.json, contracts/remappings.txt, package.json, cspell.json	Pinned @exactly/protocol to a commit ref, added @hyperlane-xyz/core, added remappings for Hyperlane/Exactly, switched neverBuiltDependencies → onlyBuiltDependencies, and added spellcheck words.
Deployment Metadata contracts/deploy.json	Added mailbox addresses under accounts.swapper for networks 10, 137, and 8453.
Redeployer / Scripts contracts/script/Redeployer.s.sol	Added Hyperlane token/router imports and new public functions: deployEXAImpl(), upgradeEXA(address), deployRouter(address), setupRouter(address,uint32); adjusted broadcast/admin flow and added second initialize call.
Tests — New contracts/test/HypEXA.t.sol	New HypEXATest implementing multi-domain EXA transfer flows and access-control revert tests across OP, BASE, and POLYGON using Redeployer helpers.
Tests — Updated contracts/test/Redeployer.t.sol	Changed expectation: base token totalSupply == 0 after EXA deploy (removed prior minted-supply/assertions).
Gas Snapshots contracts/.gas-snapshot	Bulk updates: refreshed gas measurements and added/renamed test entries reflecting updated gas costs and new tests.
Changelog / Metadata .changeset/beige-sails-worry.md	Added new changeset file.

Sequence Diagram

sequenceDiagram
    participant OP as OP Chain
    participant OPRouter as OP Router
    participant Hyperlane as Hyperlane Mailbox
    participant BaseRouter as BASE Router
    participant BASE as BASE Chain
    participant PolyRouter as POLYGON Router

    OP->>OPRouter: transferRemote(amount, remoteDomain, gas)
    OPRouter->>Hyperlane: sendMessage(payload)
    Hyperlane->>BaseRouter: deliverMessage(payload)
    BaseRouter->>BASE: handle -> mint/burn
    BaseRouter->>Hyperlane: optionally send response
    Hyperlane->>OPRouter: deliverAck/response
    OPRouter->>OP: finalize (update balances/supply)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• ✨ contracts: redeployer #807: Overlapping Redeployer, router and test changes touching Redeployer scripts and cross-chain deployment/test flows.

Suggested reviewers

• cruzdanilo

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'support hyperlane on redeployer' directly reflects the main changes: adding Hyperlane integration to the Redeployer contract with new deployment/setup functions, router management, and comprehensive cross-chain transfer tests.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch hyperlane

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the project's interoperability by integrating Hyperlane, a cross-chain communication protocol. The changes enable the EXA token to be bridged and managed across different blockchain domains, expanding its utility and reach. This involved updating core dependencies, modifying deployment processes to include Hyperlane-specific components, and adding comprehensive tests to ensure the robustness of the new cross-chain capabilities.

Highlights

• Hyperlane Integration: Integrated Hyperlane for cross-chain functionality, enabling the EXA token to be transferred and managed across multiple blockchain networks.
• Deployment and Configuration Updates: Introduced new deployment scripts and configuration settings to facilitate the deployment and setup of Hyperlane routers and an Hyperlane-compatible EXA token.
• New Cross-Chain Test Suite: Added a dedicated test suite to verify the end-to-end functionality of cross-chain EXA token transfers via Hyperlane, including round-trip scenarios and access control.
• Dependency Management: Updated project dependencies to include the Hyperlane core library and adjusted existing dependency configurations for compatibility.

Changelog

• contracts/.gas-snapshot
  • Updated gas consumption benchmarks for various ExaPluginTest and RedeployerTest functions.
• contracts/deploy.json
  • Added Hyperlane mailbox addresses for Optimism (10), Polygon (137), and Base (8453) domains.
• contracts/package.json
  • Updated the @exactly/protocol dependency to a specific commit hash.
  • Added the @hyperlane-xyz/core dependency for Hyperlane integration.
• contracts/remappings.txt
  • Added a remapping for @exactly/protocol to @openzeppelin/contracts.
  • Configured a remapping for @hyperlane-xyz to its node_modules path.
• contracts/script/Redeployer.s.sol
  • Imported HypERC20Collateral and HypXERC20 from the Hyperlane core library.
  • Modified deployEXA to include an initialize2 call for the EXA token.
  • Added deployEXAImpl to deploy the latest EXA implementation.
  • Implemented upgradeEXA to upgrade an existing EXA proxy.
  • Introduced deployRouter to deploy a HypXERC20 router for cross-chain transfers.
  • Added setupRouter to configure the Hyperlane router with remote domains and grant necessary roles.
• contracts/test/HypEXA.t.sol
  • Added a new test file for HypEXA to validate cross-chain functionality.
  • Included tests for test_roundTrip_opToBaseToOp and test_roundTrip_opToPolygonToBaseToOp to verify token bridging.
  • Added tests to ensure transferRemote and handle revert without the BRIDGE_ROLE.
• contracts/test/Redeployer.t.sol
  • Adjusted the assertion for totalSupply in test_deployEXA_deploysAtSameAddress_onBase to expect zero initial supply.
• cspell.json
  • Added 'hyperlane' and 'XERC' to the spellcheck dictionary.
• package.json
  • Changed neverBuiltDependencies to onlyBuiltDependencies for @exactly/protocol.

Activity

• No specific activity (comments, reviews, or progress updates) has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[sentry]

✅ All tests passed.

[coderabbitai]

♻️ Duplicate comments (3)

contracts/script/Redeployer.s.sol (3)

96-149: ⚠️ Potential issue | 🟠 Major

Run forge fmt on this file to unblock CI.

The pipeline is currently failing nx run @exactly/plugin:test:fmt due to formatting differences in this file.

As per coding guidelines **/*.sol: Follow Solhint rules strictly and use Forge fmt for code formatting.

---

113-121: ⚠️ Potential issue | 🟠 Major

Fail fast when EXA implementation is missing before upgradeEXA.

Line 120 upgrades to address(exa) without checking code presence, which defers failure to a less actionable downstream revert.

Proposed fix

 function upgradeEXA(address proxy) external {
   address admin = acct("admin");
+  if (address(exa).code.length == 0) revert EXAImplementationNotDeployed();
   ProxyAdmin p = ProxyAdmin(address(uint160(uint256(
       vm.load(proxy, bytes32(uint256(keccak256("eip1967.proxy.admin")) - 1))
   ))));
   vm.broadcast(p.owner());
   p.upgradeAndCall(
     ITransparentUpgradeableProxy(proxy), address(exa), abi.encodeCall(EXA.initialize2, (admin))
   );
 }
@@
 error ProxyAdminNotDeployed();
 error TargetNonceTooLow();
+error EXAImplementationNotDeployed();

---

124-130: 🛠️ Refactor suggestion | 🟠 Major

Align CREATE3 salt derivation with token (or remove token from the API).

Line 129 hardcodes "HypEXA" even though the function accepts a token; that creates deterministic-slot collisions for multi-token use, and Line 145 resolves that same fixed slot.

Proposed refactor

 function deployRouter(address token) external returns (HypXERC20 router) {
@@
-        keccak256(abi.encode("HypEXA")),
+        keccak256(abi.encode("HypEXA", token)),
@@
 function setupRouter(address token, uint32 remoteDomain) external {
   address admin = acct("admin");
-  address router = CREATE3_FACTORY.getDeployed(admin, keccak256(abi.encode("HypEXA")));
+  address router = CREATE3_FACTORY.getDeployed(admin, keccak256(abi.encode("HypEXA", token)));

Also applies to: 145-145

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between adceeef and 7727570.

📒 Files selected for processing (5)

• .changeset/beige-sails-worry.md
• contracts/.gas-snapshot
• contracts/deploy.json
• contracts/script/Redeployer.s.sol
• contracts/test/HypEXA.t.sol

[coderabbitai]

♻️ Duplicate comments (3)

contracts/script/Redeployer.s.sol (3)

121-127: 🛠️ Refactor suggestion | 🟠 Major

deployRouter ignores token in the deterministic salt, making reuse collision-prone.

The function accepts token but always uses the fixed "HypEXA" slot. Reusing it for another token collides on the same CREATE3 address.

Proposed refactor

-        keccak256(abi.encode("HypEXA")),
+        keccak256(abi.encode("HypEXA", token)),
@@
-    address router = CREATE3_FACTORY.getDeployed(admin, keccak256(abi.encode("HypEXA")));
+    address router = CREATE3_FACTORY.getDeployed(admin, keccak256(abi.encode("HypEXA", token)));

Also applies to: 142-142

---

140-146: ⚠️ Potential issue | 🟠 Major

setupRouter should fail fast if the deterministic router address is not deployed.

getDeployed can resolve an address before code exists. Without a code-length guard, role/config steps can silently target an undeployed address path.

Proposed fix

 function setupRouter(address token, uint32 remoteDomain) external {
   address admin = acct("admin");
   address router = CREATE3_FACTORY.getDeployed(admin, keccak256(abi.encode("HypEXA")));
+  if (router.code.length == 0) revert RouterNotDeployed();
   vm.startBroadcast(admin);
   EXA(token).grantRole(keccak256("BRIDGE_ROLE"), router);
   HypXERC20(router).enrollRemoteRouter(remoteDomain, bytes32(uint256(uint160(router))));
   vm.stopBroadcast();
 }
@@
 error TargetNonceTooLow();
+error RouterNotDeployed();

---

113-119: ⚠️ Potential issue | 🟠 Major

upgradeEXA should guard against missing EXA implementation deployment.

The upgrade path uses address(exa) directly; adding an explicit code-length guard gives a clearer, earlier failure mode.

Proposed fix

 function upgradeEXA(address proxy) external {
   address admin = acct("admin");
+  if (address(exa).code.length == 0) revert EXAImplementationNotDeployed();
   ProxyAdmin p =
     ProxyAdmin(address(uint160(uint256(vm.load(proxy, bytes32(uint256(keccak256("eip1967.proxy.admin")) - 1))))));
   vm.broadcast(p.owner());
   p.upgradeAndCall(ITransparentUpgradeableProxy(proxy), address(exa), abi.encodeCall(EXA.initialize2, (admin)));
 }
@@
 error TargetNonceTooLow();
+error EXAImplementationNotDeployed();

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7727570 and c7187e5.

📒 Files selected for processing (5)

• .changeset/beige-sails-worry.md
• contracts/.gas-snapshot
• contracts/deploy.json
• contracts/script/Redeployer.s.sol
• contracts/test/HypEXA.t.sol

[devin-ai-integration]

Devin Review found 1 new potential issue.

View 7 additional findings in Devin Review.

[devin-ai-integration]

🚩 onlyBuiltDependencies restricts install scripts to @exactly/protocol only

The change from "neverBuiltDependencies": [] (empty blocklist — all packages can run scripts) to "onlyBuiltDependencies": ["@exactly/protocol"] (allowlist — only @exactly/protocol runs scripts) is a significant behavioral shift. This blocks install/build scripts for ALL other dependencies including the newly added @hyperlane-xyz/core. This is likely intentional since @exactly/protocol changed from an npm published package (^0.2.22) to a git commit reference (exactly/protocol#5833408) that needs a build step, and @hyperlane-xyz/core is a Solidity library that typically doesn't need post-install scripts. However, if any future dependency requires build scripts, they would silently fail to run.

---

Was this helpful? React with 👍 or 👎 to provide feedback.

[sentry]

Bug: The deployRouter function will fail on chains without a pre-existing ProxyAdmin deployment because protocol("ProxyAdmin") reverts instead of using a fallback.
_{Severity: HIGH}

Suggested Fix

Modify deployRouter to provide a fallback ProxyAdmin if one is not found via protocol("ProxyAdmin"). For example, call protocol("ProxyAdmin", false) to prevent a revert, and if the result is address(0), use the proxyAdmin deployed by the Redeployer script itself as the default.

Prompt for AI Agent

Review the code at the location below. A potential bug has been identified by an AI
agent. Verify if this is a real issue. If it is, propose a fix; if not, explain why it's
not valid.

Location: contracts/script/Redeployer.s.sol#L231

Potential issue: The `deployRouter` function fetches a `ProxyAdmin` address by calling
`protocol("ProxyAdmin")`. This function is configured to revert if the address is not
found in the protocol's deployment files for the target chain. While tests for chains
like Base and Optimism pass because these deployment files exist, the test for Polygon
requires a manual workaround (`set("ProxyAdmin", ...)`), indicating the deployment file
is missing for that chain. In a production deployment on a chain without a pre-existing
`ProxyAdmin` (like Polygon), this workaround will be absent, causing the script to fail
and preventing the router's deployment.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f7f7600366

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Add fallback exactly account mapping for router scripts

deployRouter and setupRouter now call acct("exactly"), which resolves .accounts.exactly.<chainId> and falls back to .accounts.exactly.default (see contracts/test/Fork.t.sol). The new accounts.exactly block only defines 10 and 8453, so running the new Hyperlane flow on polygon (137) or any other chain without an env override will revert while reading deploy.json before ownership transfer/enrollment can happen. Please add a 137 and/or default entry so router deployment/configuration is not chain-fragile.

Useful? React with 👍 / 👎.