fix: aderyn static analysis for contracts

[hmzakhalid]

close #1541

Summary

Fixes actionable findings from the Aderyn static analysis over all 30 Solidity
contracts (8,985 nSLOC). Builds clean, lints clean, all 234 tests pass.

---

Fixed Issues

🔴 H-1 — Reentrancy: State change after external call (17 instances)

Fix: Restructured Enclave.request() to follow checks-effects-interactions.
Moved e3s[e3Id] = e3 before ciphernodeRegistry.requestCommittee(), and
feeToken.safeTransferFrom() to after all validations and state writes.

Remaining 16 instances are in OZ initializer-guarded functions or trusted view
calls (enclave.getRequester(), bondingRegistry.numActiveOperators()) where
reentrancy is not exploitable.

🔴 H-3 — Weak Randomness (1 instance)

Fix: Added documentation comment at Enclave.sol explaining that
block.prevrandao is combined with the unique, incrementing e3Id for
sortition seeding only — not for cryptographic key generation.

🟡 L-5 — Large Numeric Literal (14 instances)

Fix: Replaced all raw 10000 with BPS_BASE constant in
E3RefundManager.sol across calculateRefund, calculateWorkValue,
distributeSlashedFundsOnSuccess, and setWorkAllocation.

🟡 L-6 — Literal Instead of Constant (71 instances)

Fix: Added uint16 internal constant BPS_BASE = 10000 to
E3RefundManager.sol. Enclave.sol and BondingRegistry.sol already had this
constant. Verifier hex literals are auto-generated and left as-is.

🟡 L-7 — Local Variable Shadows State Variable (1 instance)

Fix: Renamed constructor parameter _owner → initialOwner_ in
EnclaveToken.sol to stop shadowing OpenZeppelin's Ownable._owner.

🟡 L-10 — Redundant Statement (1 instance)

Fix: Removed bare data; expression statement in MockE3Program.verify().
Replaced with a descriptive comment.

🟡 L-12 — State Change Without Event (21 instances)

Fix: Added events to 12 setter functions across 6 contracts that previously
mutated state without emitting:

Contract	New Event
Enclave	PkVerifierSet
E3RefundManager	EnclaveSet, TreasurySet
BondingRegistry	TicketTokenSet, LicenseTokenSet, RegistrySet, SlashingManagerSet, SlashedFundsTreasurySet
SlashingManager	BondingRegistrySet, CiphernodeRegistrySet, EnclaveSet, E3RefundManagerSet
CiphernodeRegistryOwnable	SlashingManagerSet
EnclaveTicketToken	RegistrySet, Payout

Corresponding event declarations added to IEnclave, IE3RefundManager,
IBondingRegistry, ISlashingManager, and CiphernodeRegistryOwnable.

🟡 L-14 — State Variable Could Be Immutable (1 instance)

Fix: Changed uint8 private _decimals → uint8 private immutable _decimals
in MockStableToken.sol.

🟡 L-15 — Contract has TODO Comments (2 instances)

Fix: Converted 3 TODO markers to proper NatSpec documentation in
Enclave.sol and CiphernodeRegistryOwnable.sol.

🟡 L-18 — Unspecific Solidity Pragma (27 instances)

Fix: Pinned all 28 .sol files from >=0.8.27 / ^0.8.27 to
pragma solidity 0.8.28; matching the hardhat compiler config.

---

Not Fixed (by design / won't fix)

Issue	Reason
H-2	Auto-generated Honk verifier files; shared names are expected
L-1	Protocol requires admin roles; mitigated by multi-sig
L-2	Bounded iteration (committee size); not a practical gas concern
L-3	Mock contracts; empty stubs are intentional
L-4	Auto-generated verifier code (70/70 instances)
L-8	Modifiers used for access control clarity
L-9	Deployed on Shanghai-compatible chains (solc 0.8.28)
L-11	Fail-fast pattern intentional for committee validation
L-13	Setters called from initialize() with deferred zero-address config
L-16	OZ _grantRole/_revokeRole revert internally on failure
L-17	Auto-generated verifier code (4 instances)
L-19	Interface error definitions are part of the public API
L-20	public needed for internal calls from initialize() and other paths

Summary by CodeRabbit

Release Notes

• New Features

  • Added event emissions for configuration changes across contracts, enabling better monitoring of registry and manager state updates (treasury, tokens, verifiers, and addresses).

• Bug Fixes

  • Improved security with better transaction order (CEI pattern) in fee payment handling.

• Chores

  • Pinned Solidity compiler version to 0.8.28 across all contracts for improved stability and consistency.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments

Project	Deployment	Actions	Updated (UTC)
crisp	Skipped		May 16, 2026 8:43am
enclave-docs	Skipped		May 16, 2026 8:43am

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR pins Solidity version to 0.8.28 across all contracts, adds comprehensive state-change events for observability throughout interfaces and implementations, introduces a BPS_BASE constant in E3RefundManager, applies CEI pattern ordering in Enclave.sol before external token transfer, and updates contract artifacts.

Changes

Solidity 0.8.28 Compiler Pinning and State Change Events

Layer / File(s)	Summary
Solidity 0.8.28 pragma pinning across all files packages/enclave-contracts/contracts/interfaces/*.sol, packages/enclave-contracts/contracts/lib/*.sol, packages/enclave-contracts/contracts/{registry,slashing,token}/*.sol, packages/enclave-contracts/contracts/test/*.sol, packages/enclave-contracts/contracts/verifiers/**/*.sol	All contracts, interfaces, libraries, and test mocks updated from >=0.8.27 or ^0.8.27 to pinned compiler version pragma solidity 0.8.28.
Interface event declarations for state change observability packages/enclave-contracts/contracts/interfaces/{IBondingRegistry,IEnclave,IE3RefundManager,ISlashingManager}.sol, packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol	New events declared in IBondingRegistry (SlashedFundsTreasurySet, TicketTokenSet, LicenseTokenSet, RegistrySet, SlashingManagerSet); in IEnclave (PkVerifierSet); in IE3RefundManager (EnclaveSet, TreasurySet); in ISlashingManager (BondingRegistrySet, CiphernodeRegistrySet, EnclaveSet, E3RefundManagerSet); and in CiphernodeRegistryOwnable (SlashingManagerSet) to signal configuration address updates.
Enclave CEI pattern fix, E3RefundManager BPS refactoring, and event emissions packages/enclave-contracts/contracts/Enclave.sol, packages/enclave-contracts/contracts/E3RefundManager.sol, packages/enclave-contracts/contracts/registry/BondingRegistry.sol, packages/enclave-contracts/contracts/slashing/SlashingManager.sol, packages/enclave-contracts/contracts/token/EnclaveTicketToken.sol, packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol	Enclave.request reorders operations to write e3s[e3Id] state before executing external safeTransferFrom fee transfer (CEI pattern); setPkVerifier emits PkVerifierSet event. E3RefundManager introduces BPS_BASE = 10000 constant and replaces hardcoded 10000 denominators in calculateRefund, calculateWorkValue, distributeSlashedFundsOnSuccess, and setWorkAllocation validation; emits EnclaveSet and TreasurySet in setters. BondingRegistry emits corresponding *Set events in admin setters. SlashingManager emits BondingRegistrySet, CiphernodeRegistrySet, EnclaveSet, and E3RefundManagerSet in setters. EnclaveTicketToken emits RegistrySet and Payout events. CiphernodeRegistryOwnable emits SlashingManagerSet and clarifies snapshot documentation.
Test contracts, parameter naming, immutable storage, and documentation updates packages/enclave-contracts/contracts/test/*.sol, packages/enclave-contracts/contracts/token/EnclaveToken.sol, packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol, packages/enclave-contracts/artifacts/contracts/interfaces/*.json, packages/enclave-contracts/artifacts/contracts/token/*.json	Test contracts (MockCiphernodeRegistry, MockComputeProvider, MockDecryptionVerifier, MockE3Program, MockPkVerifier, MockSlashingVerifier) updated with pragma version pinning. EnclaveToken constructor parameter renamed from _owner to initialOwner_. MockStableToken._decimals changed from mutable to immutable, assigned in constructor. CiphernodeRegistryOwnable._validateNodeEligibility documentation clarified to explicitly state snapshot convention at (requestBlock - 1) and enforce consistency. MockE3Program.verify comment improved. Artifact JSON files regenerated with updated buildInfoId and new event ABI entries.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related issues

• gnosisguild/enclave#1541: The changes directly address Aderyn's findings by adding "*Set" events for configuration updates, applying CEI pattern reordering in Enclave.sol, and replacing hardcoded 10000 magic numbers with BPS_BASE constant in E3RefundManager.

Possibly related PRs

• gnosisguild/enclave#1354: Updates to E3RefundManager.sol refactoring refund/work/distribution calculations via BPS_BASE and adding state-change event emissions directly overlap with prior refund logic improvements in slashing contracts.

Suggested reviewers

• cedoor
• ctrlc03
• 0xjei

Poem

🐰 A hop through pragmas, version locked tight,
Events now sing when configs take flight,
CEI patterns align, no reentrancy plight,
BPS constants replace magic—all feels right! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: aderyn static analysis for contracts' directly summarizes the main change: addressing findings from Aderyn static analysis across the contract suite.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/contract-analysis

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ctrlc03]

LGTM

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/enclave-contracts/contracts/Enclave.sol`:
- Around line 252-253: The max-duration guard currently uses
require(totalDuration < maxDuration, InvalidDuration(totalDuration)) which
rejects requests equal to maxDuration; update the check in Enclave.sol to allow
durations up to and including maxDuration by changing the condition to use <=
for totalDuration (keep the same InvalidDuration error payload).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 26a98783-11b2-4bb6-97a0-4839754aa72b

📥 Commits

Reviewing files that changed from the base of the PR and between a54b403 and 2d0905e.

📒 Files selected for processing (35)

• packages/enclave-contracts/artifacts/contracts/Enclave.sol/Enclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json
• packages/enclave-contracts/artifacts/contracts/registry/CiphernodeRegistryOwnable.sol/CiphernodeRegistryOwnable.json
• packages/enclave-contracts/artifacts/contracts/token/EnclaveTicketToken.sol/EnclaveTicketToken.json
• packages/enclave-contracts/contracts/E3RefundManager.sol
• packages/enclave-contracts/contracts/Enclave.sol
• packages/enclave-contracts/contracts/interfaces/IBondingRegistry.sol
• packages/enclave-contracts/contracts/interfaces/ICiphernodeRegistry.sol
• packages/enclave-contracts/contracts/interfaces/ICircuitVerifier.sol
• packages/enclave-contracts/contracts/interfaces/IComputeProvider.sol
• packages/enclave-contracts/contracts/interfaces/IDecryptionVerifier.sol
• packages/enclave-contracts/contracts/interfaces/IE3.sol
• packages/enclave-contracts/contracts/interfaces/IE3Program.sol
• packages/enclave-contracts/contracts/interfaces/IE3RefundManager.sol
• packages/enclave-contracts/contracts/interfaces/IEnclave.sol
• packages/enclave-contracts/contracts/interfaces/IPkVerifier.sol
• packages/enclave-contracts/contracts/interfaces/ISlashingManager.sol
• packages/enclave-contracts/contracts/lib/ExitQueueLib.sol
• packages/enclave-contracts/contracts/registry/BondingRegistry.sol
• packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol
• packages/enclave-contracts/contracts/slashing/SlashingManager.sol
• packages/enclave-contracts/contracts/test/MockCiphernodeRegistry.sol
• packages/enclave-contracts/contracts/test/MockComputeProvider.sol
• packages/enclave-contracts/contracts/test/MockDecryptionVerifier.sol
• packages/enclave-contracts/contracts/test/MockE3Program.sol
• packages/enclave-contracts/contracts/test/MockPkVerifier.sol
• packages/enclave-contracts/contracts/test/MockSlashingVerifier.sol
• packages/enclave-contracts/contracts/test/MockStableToken.sol
• packages/enclave-contracts/contracts/token/EnclaveTicketToken.sol
• packages/enclave-contracts/contracts/token/EnclaveToken.sol
• packages/enclave-contracts/contracts/verifiers/bfv/BfvDecryptionVerifier.sol
• packages/enclave-contracts/contracts/verifiers/bfv/BfvPkVerifier.sol