fix: TrustGateHook — selector mismatch, caller auth, admin events#32
Open
JhiNResH wants to merge 1 commit intoerc-8183:mainfrom
Open
fix: TrustGateHook — selector mismatch, caller auth, admin events#32JhiNResH wants to merge 1 commit intoerc-8183:mainfrom
JhiNResH wants to merge 1 commit intoerc-8183:mainfrom
Conversation
…ents Critical: - Inherit BaseERC8183Hook instead of raw IACPHook — fixes FUND_SEL selector (was fund(uint256,bytes), must be fund(uint256,uint256,bytes)) and adds onlyERC8183 caller authentication for free - Override _preFund/_preSubmit/_postComplete/_postReject virtual functions instead of hand-rolling beforeAction/afterAction dispatch High: - Remove manual selector constants (now inherited from BaseERC8183Hook) - Remove manual supportsInterface (handled by BaseERC8183Hook + ERC165) Medium: - Add registered mapping to track agentId existence separately from value (fixes agentId=0 collision with Solidity default mapping) - Emit AgentIdSet, ThresholdUpdated, OracleUpdated on all admin mutations - Add zero-address guard on oracle in constructor and setOracle Low: - Fix README: TrustGateHook.sol (was RNWYTrustGateHook.sol) - Constructor now requires erc8183Contract_ address (BaseERC8183Hook param) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
rnwy
added a commit
to rnwy/hook-contracts
that referenced
this pull request
Apr 17, 2026
- Inherit BaseERC8183Hook for correct selector routing, data decoding, and onlyERC8183 caller authentication - Add registered mapping so agentId = 0 is a valid registered value - Add AgentIdSet, ThresholdUpdated, OracleUpdated admin events - Add zero-address guards on constructor and setOracle - Document wallet-risk vs. agent-quality trust boundary in header Addresses review feedback from @JhiNResH in erc-8183#32 and coordination request from @psmiratisu.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes the blocking issues raised in review of PR #9.
Changes
CRITICAL fix —
FUND_SELselectorThe original hook computed
keccak256("fund(uint256,bytes)")butAgenticCommerce.fundisfund(uint256,uint256,bytes). The selector never matched, so client trust was never checked at thefundstage.Fix: Inherit
BaseERC8183Hookinstead of rawIACPHook. This gives correct selector constants for free (they live inBaseERC8183Hookand matchAgenticCommerce). The hook now overrides_preFund/_preSubmit/_postComplete/_postRejectvirtual functions — no manual selector dispatch needed.HIGH fix — caller authentication
BaseERC8183Hookprovides theonlyERC8183(jobId)modifier, which validates thatmsg.senderis the ERC-8183 core or the job's registered hook. Inheriting it adds this guard automatically. No extra code required.MEDIUM fixes
agentId == 0collision — addedmapping(address => bool) public registeredto track existence separately from the agentId value. Wallets withagentId = 0can now be registered correctly.setAgentId,setAgentIds,setThreshold, andsetOraclenow emitAgentIdSet,ThresholdUpdated, andOracleUpdatedrespectively.require(oracle_ != address(0))in constructor andsetOracle.LOW fixes
TrustGateHook.sol(wasRNWYTrustGateHook.sol).Constructor change (breaking)
The constructor gains a new first parameter:
erc8183Contract_is required byBaseERC8183Hookand stored as immutable. This is the AgenticCommerce core address (or MultiHookRouter address if used behind a router).