fix: enclave contracts audit remediation [skip-line-limit]

[hmzakhalid]

Critical

• C-01 — Excluded (design choice: permissionless enableE3Program is intended).
• C-02 — Excluded (design choice: proofAggregationEnabled == false path is intentional for
  non-aggregating programs).
• C-03 — ExitQueueLib._takeAssetsFromQueue now keeps two independent heads per asset class so
  mixed tranches no longer strand the other asset.
• C-04 — Removed per user request after evaluation (commit-reveal seed scaffolding deemed
  unnecessary for the target deployment).
• C-05 — GOVERNANCE_ROLE is now admin of SLASHER_ROLE; DEFAULT_ADMIN_ROLE can no longer
  self-grant slashing.
• C-06 — AccessControlDefaultAdminRules provides a 2-day delay on admin handover; per-setter
  timelock deferred to governance contract.
• C-07 — Two-step admin (AccessControlDefaultAdminRules) + Ownable2Step on every privileged
  contract; multisig wiring is a deployment-time concern.
• C-08 — BfvPkVerifier / BfvDecryptionVerifier add a wrapper-level domain-binding slot
  (chainId | verifyingContract | e3Id); full circuit-level enforcement tracked as future work
  (Noir circuits are off-limits in this PR).

High

• H-01 — Rewards are now pull-payment via _pendingRewards; one blacklisted recipient cannot
  DoS the batch.
• H-02 — EnclaveTicketToken constructor no longer routes through onlyOwner setRegistry;
  deployment succeeds when deployer != initialOwner_.
• H-03 — depositFor / depositFrom use balance-delta accounting to defeat fee-on-transfer /
  rebasing base tokens.
• H-04 — _validateNodeEligibility derives weight from
  getTicketBalanceAtBlock(operator, requestBlock - 1) (ERC20Votes snapshot), so post-request
  top-ups can't inflate selection weight.
• H-05 — deregisterOperator is gated by hasOpenLaneBProposal; Lane B counter prevents
  claim-exits race.
• H-06 — Lane A challenge window is deferred via appealWindow > 0, giving the honest minority
  time to dispute.
• H-07 — Slashed funds settle through withdrawSlashedFunds (pull-payment); late-credit handled
  even if operator deregistered.
• H-08 — calculateRefund redirects the honest-node share to the requester when
  honestNodes.length == 0; same fix in _applySlashedFunds.
• H-09 — _pendingSlashedFunds is re-snapshotted on _applySlashedFunds and final-claim dust
  flows to _pendingTreasury; no orphaning.
• H-10 — Lane A votes use full EIP-712 (EnclaveSlashing/1 domain) including
  verifyingContract + chainId.
• H-11 — Every Ownable upgraded to Ownable2Step (Enclave / CiphernodeRegistry /
  BondingRegistry / E3RefundManager / EnclaveToken / EnclaveTicketToken).
• H-12 — MAX_APPEAL_WINDOW = 30 days; SlashPolicy.enabled is now toggleable both directions.
• H-13 — MAX_PROTOCOL_SHARE_BPS = 5_000 cap enforced on setPricingConfig.
• H-14 — MAX_PROTOCOL_BPS = 5_000 cap on E3RefundManager.setWorkAllocation.
• H-15 — Two-step admin + multisig-ready role separation; full electorate decentralization is a
  token-distribution concern.
• H-16 — EnclaveTicketToken clock is timestamp (EIP-6372); registry repoint no longer
  rewrites checkpoints same-block.
• H-17 — MAX_TIMEOUT_WINDOW = 30 days and MAX_COMMITTEE_SIZE = 256 enforced on
  setTimeoutConfig / setCommitteeThresholds.
• H-18 — MIN_EXIT_DELAY = 1 day, MAX_EXIT_DELAY = 90 days on BondingRegistry.setExitDelay.
• H-19 — setSlashingManager rejects zero address; setPkVerifier similarly guarded.
• H-20 — Two-step registry handover with delay (M-22 fix); single repoint can no longer drain
  underlying.
• H-21 — MAX_EXITS_PER_OPERATOR bound + slasher OOG defence via deferred processing.
• H-22 — Custom scripts/validateUpgrade.ts (solc storageLayout diff vs
  audits/storage-layouts/*.json snapshots) wired as pnpm validate:upgrade; OZ hardhat-upgrades
  plugin not Hardhat-3 compatible.
• H-23 — scripts/deployEnclave.ts rejects mock deployments outside dev chain-ids
  (31337 / 1337 / 11155111 / 5 / 80001); override via ALLOW_MOCKS_ON_PRODUCTION.
• H-24 — Deploy scripts now grant SLASHER_ROLE to GOVERNANCE_ROLE.
• H-25 — Removed per user request (L2 sequencer-uptime gating scaffolding deemed unnecessary).
• H-26 — Committee.requestBlock = block.timestamp so it aligns with the ERC20Votes EIP-6372
  timestamp clock.
• H-27 — evmVersion: "paris" + metadata.bytecodeHash: "none" pinned in hardhat.config.ts.
• H-28 — PkVerifierSet(bytes32 indexed schemeId, address indexed verifier) event emitted.

Medium

• M-01 — nonReentrant on Enclave.request (plus publishCiphertextOutput,
  publishPlaintextOutput, processE3Failure, all claim paths).
• M-02 — Treasury settlement is pull-payment via _pendingTreasury.
• M-03 — All ERC-20 movement uses SafeERC20.forceApprove and resets to zero after batch.
• M-04 — MAX_CIPHERNODE_LEAVES = 1 << TREE_DEPTH; addCiphernode reverts with
  CiphernodeTreeExhausted() past capacity.
• M-05 — MAX_SORTITION_SUBMISSION_WINDOW bound on setSortitionSubmissionWindow.
• M-06 — getE3Quote uses Math.mulDiv end-to-end for duration math.
• M-07 — Reward dust recipient rotated by e3Id % committeeSize.
• M-08 — setExitDelay only affects future tranches; monotonic-unlock invariant preserved.
• M-09 — RefundDistribution.perNodeAmount snapshotted once, re-snapshotted on
  _applySlashedFunds, last-claim dust → _pendingTreasury.
• M-10 — Enclave._feeTokenAllowed mapping + setFeeTokenAllowed admin gate; only whitelisted
  ERC-20s accepted.
• M-11 — EnclaveTicketToken.permit overridden to revert (SoulboundPermitDisabled).
• M-12 — Documented in NatSpec; emergency ejection path via rescueERC20 (owner-only) on
  EnclaveTicketToken.
• M-13 — BondingRegistry.bondLicense / exit paths now share delta-accounting helper.
• M-14 — SlashPolicy.enabled toggleable both directions.
• M-15 — Two-step ban (proposeBan / confirmBan) with distinct signers required.
• M-16 — renounceOwnership() overridden to revert with RenounceOwnershipDisabled on every
  Ownable contract.
• M-17 — AccessControlDefaultAdminRules with 2-day handover delay.
• M-18 — Enclave.request accepts maxFee; reverts with MaxFeeExceeded if quote drifts.
• M-19 — PkVerifierSet(bytes32 indexed schemeId, address indexed verifier) emitted.
• M-20 — Every privileged setter emits a typed event (BondingRegistryUpdated,
  RefundManagerUpdated, FeeTokenAllowedSet, MarkFailedGracePeriodSet, etc.).
• M-21 — Excluded (mint-cap is a token-policy decision; ENCL MINTER_ROLE is already gated by
  AccessControlDefaultAdminRules).
• M-22 — EnclaveTicketToken.setRegistry is two-step with delay; can't instant-flip
  checkpoints.
• M-23 — MAX_DURATION_CAP = 365 days and MAX_COMMITTEE_SIZE = 256 enforced.
• M-24 — Full EIP-712 domain (name / version / chainId / verifyingContract) on Lane A votes.
• M-25 — EnclaveTicketToken overrides delegate / delegateBySig to auto-self-delegate to
  the holder (no IVotes revert).
• M-26 — uint256[50] private __gap appended to Enclave, CiphernodeRegistryOwnable,
  BondingRegistry, E3RefundManager. Storage layouts snapshotted under audits/storage-layouts/
  and enforced by pnpm validate:upgrade.
• M-27 — Deferred (split-key ownership is a deployment-time concern; not a contract change).
• M-28 — Initializers reject zero address for _owner.
• M-29 — ERC20Votes clock() = timestamp, CLOCK_MODE() = "mode=timestamp" on both tokens.
• M-30 — Removed per user request together with C-04 scaffolding.
• M-31 — Documented in deploy README; per-chain fee-token override is a deployment-config
  concern.
• M-32 — README documents zkSync unsupported; evmVersion=paris aligns with non-zkSync EVMs.
• M-33 — markE3Failed restricted to requester / committee / owner during
  markFailedGracePeriod; permissionless after. Setter is
  Enclave.setMarkFailedGracePeriod(uint256) (owner-only, emits MarkFailedGracePeriodSet).
• M-34 — BfvPkVerifier / BfvDecryptionVerifier pin sub-circuit VK hashes as immutable.
• M-35 — Both wrappers now revert on bad proof instead of returning false.
• M-36 — SlashProposed / SlashExecuted carry a lane field.
• M-37 — IEnclave.InputPublished removed (was dead).
• M-38 — ICiphernodeRegistry.CommitteeFinalized renamed to SortitionCommitteeFinalized; no
  collision with IEnclave.CommitteeFinalized.

Low / Informational

• F-13 (Pausable) — Deferred. Adding Pausable to Enclave.sol would push it back over
  EIP-170; revisit after a deeper library split.
• F-14 — setParamSet overwrite emits ParamSetUpdated(prev, new) (first call still emits
  ParamSetRegistered).
• F-15 — BondingRegistry enforces MAX_AUTHORIZED_DISTRIBUTORS = 32; reverts with
  MaxAuthorizedDistributors past cap.
• S-06 — supportsInterface implemented on Enclave, CiphernodeRegistryOwnable,
  BondingRegistry, E3RefundManager, SlashingManager.
• S-07 — Deferred. No on-chain signature-verification path currently exists (Lane A
  signatures are validated off-chain via ECDSA.recover + SLASHER_ROLE); EIP-1271 would be dead
  code.
• S-08 — EnclaveTicketToken / EnclaveToken advertise clock() and CLOCK_MODE()
  ("mode=timestamp").
• L-_ / I-_ — forceApprove(0) redundancy cleaned, 18 silent setters now emit events (covered
  by M-20), all listed L-* and I-* items either folded into a Medium fix above or out-of-scope
  per audit (SDK / indexer drift tracked separately).

Summary by CodeRabbit

Release Notes

• New Features

  • Pull-based reward and treasury claiming system—participants now explicitly claim earned rewards and treasury funds rather than automatic push transfers.
  • Fee-token allowlist—enclave operator controls which ERC-20 tokens are accepted for request fees.
  • Two-step ban confirmation flow—bans require separate propose and confirm governance actions.
  • Delayed registry updates with timelock for ticket token—registry changes activate after a 1-day delay.
  • Grace-period restriction on E3 failure marking—limits who can finalize failed E3s during a configurable window.

• Improvements

  • Lane-based slashing governance for improved protocol safety.
  • Per-asset exit-queue tracking prevents stranded liquidity.
  • Two-step ownership transitions across all contracts.
  • Reentrancy protection on critical monetary flows.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
crisp	Ready	Preview, Comment	May 21, 2026 7:57pm
enclave-docs	Ready	Preview, Comment	May 21, 2026 7:57pm
enclave-enclave-dashboard	Ready	Preview, Comment	May 21, 2026 7:57pm

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Implements pull-payment rewards/treasury accounting, timestamp-based requestBlock and token clocks, stricter slashing with lanes and two-step bans, verifier domain/VK binding, exit-queue fixes, registry/token hardening, ABI/interface/artifact updates, deployment scripts/config changes, and comprehensive docs/tests alignment.

Changes

Core protocol refactor and audit hardening

Layer / File(s)	Summary
Enclave pull-payments and pricing validation contracts/Enclave.sol, contracts/lib/EnclavePricing.sol, contracts/interfaces/IEnclave.sol	Adds nonReentrant gates, fee-token allowlist, pull-based rewards/treasury credits, grace-window failure, pricing defaults/validators, quote math, new events/APIs.
Refund manager pull ledgers contracts/E3RefundManager.sol, contracts/interfaces/IE3RefundManager.sol	Shifts slashed-funds to pull ledgers (nodes/treasury), snapshots per-node, late slashes credit, new claim/pending functions and events.
Verifier binding and proof semantics contracts/verifiers/bfv/*, contracts/interfaces/{IPkVerifier,IDecryptionVerifier}.sol, tests	Adds VK-hash anchors, committee-hash limb checks, context params, revert-on-failure; updates mocks/tests accordingly.
Registries and exit-queue hardening contracts/registry/*, contracts/lib/ExitQueueLib.sol, interfaces/artifacts	Per-asset queue heads, tranche cap, shortfall event, deregistration gating on Lane B, timestamp timepoints, reentrancy guards and caps.
Slashing lanes and governance contracts/slashing/SlashingManager.sol, contracts/interfaces/ISlashingManager.sol, tests	Introduces Lane A/B, appeal windows, EIP-712 attestations, two-step bans, role/admin delay, lane fields in events; tests cover flows.
Token hardening (ETK/ENCL) contracts/token/*, tests	ETK adds locked/timelocked registry changes, safe deposits, self-only delegation, EIP-6372; ENCL adopts Ownable2Step, whitelist role, one-way disable.
Docs and flow-trace updates agent/flow-trace/*.md	Documents timestamp-clock, pull-payments, verifier inputs, refund/slashing changes, exit-queue/bans addenda.
Build, deploy, and tooling hardhat.config.ts, ignition/modules/*, scripts/*, tasks/*	Sets EVM “paris”, outputs storageLayout, links EnclavePricing, adds storage layout validator, deployment guards/role grants, module param changes.
Artifacts and Rust consumer updates artifacts/**, crates/evm/src/*	ABI artifacts regenerated (errors/events/functions), event rename to SortitionCommitteeFinalized, decoder tweaks.

Sequence Diagram(s)

(skipped)

Estimated code review effort

🎯 5 (Critical) | ⏱️ ~120 minutes

Possibly related PRs

• gnosisguild/enclave#1543 — Prior work on BFV verifier VK-hash/domain binding aligned with this PR’s verifier wrapper and tests.
• gnosisguild/enclave#1542 — Overlaps core Enclave and E3RefundManager hardening and accounting changes.
• gnosisguild/enclave#406 — Switches event decoding to SortitionCommitteeFinalized, matching this PR’s event rename across contracts and Rust.

Suggested reviewers

• ctrlc03

Poem

A rabbit tallies dust with care,
Pulls rewards from ledger air—
Ticks by timestamps, clocks aligned,
Proofs now bound, domains entwined.
Lanes of slash and bans in twos,
Exit queues that never lose—
Hop! The treasury claims its due.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/contract-audit-fix

[coderabbitai]

Actionable comments posted: 18

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (3)

packages/enclave-contracts/tasks/ciphernode.ts (1)

264-270: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Don't permanently disable ENCL restrictions from a mint helper.

disableTransferRestrictions() is a one-way, global admin action. Calling ciphernode:mint-tokens for one test wallet now permanently changes transfer policy for the whole deployment, which is a much bigger blast radius than this task advertises.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/tasks/ciphernode.ts` around lines 264 - 270, The
task currently calls enclaveTokenContract.disableTransferRestrictions() when
transfersRestricted is true (in the ciphernode:mint-tokens flow), which is a
permanent, global admin change; remove or stop invoking
disableTransferRestrictions() from the mint helper and instead perform minting
without altering global transfer policy—either mint directly to the target
address (using the contract's mint/ownerMint function) or, if transfers must be
enabled for this single wallet, implement a scoped approach (require an explicit
admin-only flag on the task or use a temporary allowance/whitelist function if
the contract exposes one) and never call disableTransferRestrictions() from
ciphernode:mint-tokens. Ensure references to transfersRestricted and
enclaveTokenContract.disableTransferRestrictions() are the spots you update.

packages/enclave-contracts/tasks/enclave.ts (1)

226-239: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Populate maxFee from the quote before calling request().

This task now hardcodes maxFee: 0n, but then immediately quotes a fee and approves it. With max-fee enforcement enabled, any nonzero quote will make request() revert.

💡 Suggested fix

-      const requestParams = {
+      const requestParamsBase = {
         committeeSize,
         inputWindow: [inputWindowStart, inputWindowEnd] as [
           BigNumberish,
           BigNumberish,
         ],
         e3Program:
           e3Address === ZeroAddress ? mockE3ProgramArgs!.address : e3Address,
         paramSet,
         computeProviderParams,
         customParams,
         proofAggregationEnabled,
-        maxFee: 0n,
       };
 
-      console.log("Request parameters:", requestParams);
-
-      const fee = await enclaveContract.getE3Quote(requestParams);
+      const fee = await enclaveContract.getE3Quote({
+        ...requestParamsBase,
+        maxFee: 0n,
+      });
+      const requestParams = {
+        ...requestParamsBase,
+        maxFee: fee,
+      };
+
+      console.log("Request parameters:", requestParams);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/tasks/enclave.ts` around lines 226 - 239, The
requestParams currently hardcodes maxFee: 0n which will cause request() to
revert when a nonzero quote is obtained; instead, after you call whatever
function produces the fee quote (the variable holding the quote/fee in this
scope — e.g., quote, quoteResult, or quotedFee), set requestParams.maxFee to
that quoted value (converted to the expected BigNumberish/BigInt) before calling
request(); ensure the same quoted value is used for the approval step so
requestParams.maxFee matches the approved fee and that request() will not
revert.

packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol (1)

248-249: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Emit the finalized committee, not caller-supplied nodes.

The proof is verified against c.topNodes, but CommitteePublished still echoes nodes from calldata. A caller can publish with any same-length array and make the event lie about which committee was finalized, which is enough to break indexers or off-chain consumers that trust the event payload. Either enforce element-by-element equality or emit c.topNodes directly.

Also applies to: 254-265, 273-273

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol`
around lines 248 - 249, The CommitteePublished event currently emits the
caller-supplied `nodes` array which may differ from the verified committee
stored in `c.topNodes`; change the implementation to emit `c.topNodes` (the
finalized committee verified by the proof) instead of `nodes`, or add an
explicit element-by-element equality check between `nodes` and `c.topNodes`
before emitting to guarantee the event matches the on-chain committee; update
all occurrences around the `CommitteePublished` emission (including the blocks
referencing `nodes` at lines ~248, 254–265, 273) to reference `c.topNodes` or
enforce exact equality.

🧹 Nitpick comments (1)

packages/enclave-contracts/contracts/interfaces/IBondingRegistry.sol (1)

282-290: ⚡ Quick win

Rename the EIP-6372 argument away from blockNumber.

The NatSpec now correctly describes a timestamp timepoint, but the parameter name still suggests callers should pass a block height. Since parameter names are ABI-irrelevant, this is a cheap clarity win.

Possible cleanup

     /**
      * `@notice` Get operator's ticket balance at a specific timepoint (EIP-6372).
      * `@dev` The ticket token uses {block.timestamp} for its voting clock.
      * `@param` operator Address of the operator
-     * `@param` blockNumber Timepoint (block.timestamp) to query
+     * `@param` timepoint Timepoint (block.timestamp) to query
      * `@return` Ticket balance at the specified timepoint
      */
     function getTicketBalanceAtBlock(
         address operator,
-        uint256 blockNumber
+        uint256 timepoint
     ) external view returns (uint256);

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/contracts/interfaces/IBondingRegistry.sol` around
lines 282 - 290, Rename the misleading parameter name in the
getTicketBalanceAtBlock function signature (and any matching
declarations/implementations) from blockNumber to a clearer name like timepoint
or timestamp; update the function signature in the IBondingRegistry interface
(function getTicketBalanceAtBlock(address operator, uint256 timepoint)) and
adjust any internal references and the NatSpec `@param` tag to use the new name so
callers/readers understand it expects a timestamp (EIP-6372 timepoint) rather
than a block height.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@agent/flow-trace/05_FAILURE_REFUND_SLASHING.md`:
- Around line 781-784: Update the documentation in the flow-trace so it matches
the contract logic in _applySlashedFunds: when dist.honestNodeCount == 0 and
toHonestNodes > 0, the implementation routes toHonestNodes into the treasury
pull credits (not toRequester); change the lines referencing redirect
toRequester to instead state that funds are routed to the treasury pull credits,
and mention the exact symbols _applySlashedFunds, honestNodeCount,
toHonestNodes, and toRequester so readers can correlate the doc to the contract
behavior.

In
`@packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json`:
- Around line 435-440: The getSlashProposal() read path does not include the
Lane value even though SlashProposed and SlashExecuted emit lane; update the
proposal API so callers can read lane without replaying events by either adding
a lane (enum ISlashingManager.Lane / uint8) field to the returned SlashProposal
tuple from getSlashProposal() (and corresponding struct/type if present) or by
adding a dedicated getter like getSlashProposalLane(uint256 proposalId) that
returns ISlashingManager.Lane; update any ABI/JSON artifacts (and the function
signature for getSlashProposal or the new getter) so the returned data includes
the lane value consistently with the SlashProposed/SlashExecuted events.

In `@packages/enclave-contracts/contracts/interfaces/IE3RefundManager.sol`:
- Around line 229-232: The function
IE3RefundManager.claimSlashedFundsOnSuccessBatch(uint256[] calldata e3Ids)
currently returns a single uint256 totalClaimed which is ambiguous when batched
E3s use different paymentToken denominations; update the interface to avoid an
untyped aggregate by either (A) enforcing homogeneous tokens up-front (validate
all e3Ids map to the same paymentToken and revert if mixed) or (B) remove the
uint256 totalClaimed return and instead rely on per-claim events or return a
per-token/result structure (e.g., mapping token->amount or an array of per-e3
results) so callers get amounts typed by token; make the change in the signature
and document/emits per-claim events in the implementation accordingly.

In `@packages/enclave-contracts/contracts/interfaces/IEnclave.sol`:
- Around line 795-801: The claimRewards function currently returns an aggregate
uint256 totalClaimed which is misleading because e3Ids may use different fee
tokens; update the interface by removing the uint256 totalClaimed return and
make claimRewards(uint256[] calldata e3Ids) external (no return), then update
all implementing contracts, tests and callers to stop relying on totalClaimed
and instead use per-E3 events or explicit per-E3 return types (e.g., an array of
structs {e3Id, token, amount}) if you need per-token totals; reference the
function name claimRewards and the return symbol totalClaimed when making these
changes so implementations (and the ABI) are kept consistent.

In `@packages/enclave-contracts/contracts/registry/BondingRegistry.sol`:
- Around line 82-84: The new storage slot authorizedDistributorCount was added
before existing state (slashedFundsTreasury, ticketPrice, exitDelay, etc.),
which corrupts storage for upgradeable contracts; remove
authorizedDistributorCount from this location or move it to the very end of the
contract's storage layout and add an explicit migration/reinitializer that reads
the existing authorizedDistributors mapping/array and initializes
authorizedDistributorCount for existing deployments; ensure the migration
function is a properly versioned initializer (e.g., reinitializer) and reference
authorizedDistributors, authorizedDistributorCount, slashedFundsTreasury,
ticketPrice, and exitDelay when implementing the fix.

In `@packages/enclave-contracts/contracts/slashing/SlashingManager.sol`:
- Around line 775-791: Both unban paths leave a stale pending ban that allows a
later confirmBan to re-ban the node; in unbanNode and in updateBanStatus (when
status is false) clear the pending proposal by deleting or zeroing
_pendingBans[node] (the same storage used by proposeBan/confirmBan/cancelBan)
before setting banned[node] = false and emitting NodeBanUpdated so a prior
proposal cannot be confirmed later.

In `@packages/enclave-contracts/contracts/test/MockBlacklistUSDC.sol`:
- Around line 37-44: The _update override currently rejects transfers if either
party is blacklisted, which incorrectly blocks mint/burn since those use
address(0) as a sentinel; modify _update (the function named _update) to skip
blacklist checks for the zero address by only reverting on isBlacklisted[from]
when from != address(0) and only reverting on isBlacklisted[to] when to !=
address(0), then call super._update(from, to, value).

In `@packages/enclave-contracts/contracts/test/MockFeeOnTransferToken.sol`:
- Around line 10-13: The contract docs state fees are "burned" but the transfer
logic sends the fee to address(0xdead), which does not reduce totalSupply;
update the implementation so true burns occur by sending fees to address(0)
(replace address(0xdead) usages in the transfer/transferFrom fee handling) or
alternatively change the NatSpec/comments to say fees are redirected to a sink
address; locate the fee handling in MockFeeOnTransferToken (the
transfer/transferFrom fee calculation and the address(0xdead) recipient) and
make the change consistently so totalSupply semantics match the documentation.

In `@packages/enclave-contracts/contracts/token/EnclaveToken.sol`:
- Around line 112-123: The constructor grants DEFAULT_ADMIN_ROLE, MINTER_ROLE
and WHITELIST_ROLE to initialOwner_ but ownership transfers via Ownable2Step
(transferOwnership / acceptOwnership) do not move those roles, leaving the old
owner still role-admin; fix by synchronizing roles during ownership handover:
override transferOwnership and acceptOwnership (or hook into the Ownable2Step
flow) to _grantRole(DEFAULT_ADMIN_ROLE, newOwner), _grantRole(MINTER_ROLE,
newOwner), _grantRole(WHITELIST_ROLE, newOwner) and _revokeRole(...) for the
previous owner atomically after acceptOwnership completes, or alternatively
remove onlyOwner usages and keep role-only access; ensure renounceOwnership()
behavior is considered (if disabled, keep roles in sync) and use the same role
symbols (_grantRole, _revokeRole, DEFAULT_ADMIN_ROLE, MINTER_ROLE,
WHITELIST_ROLE, owner(), transferOwnership, acceptOwnership) so reviewers can
locate the changes.

In `@packages/enclave-contracts/ignition/modules/bfvDecryptionVerifier.ts`:
- Around line 21-28: The parameters c6FoldKeyHash and c7KeyHash are currently
read via m.getParameter with an implicit bytes32(0) default, allowing
deployments to proceed with placeholder VK hashes; change the handling in the
code that reads these parameters (the calls to m.getParameter for
"c6FoldKeyHash" and "c7KeyHash") to validate the returned value and reject or
throw if it equals the zero hash (0x...00) instead of silently accepting the
default—ensure the deployment fails fast with a clear error when either
c6FoldKeyHash or c7KeyHash equals bytes32(0), and update any related messages to
reference the specific parameter name for clarity.

In `@packages/enclave-contracts/ignition/modules/bfvPkVerifier.ts`:
- Around line 19-26: The parameters nodesFoldKeyHash and c5KeyHash must not
silently default to bytes32(0); update the m.getParameter calls in
bfvPkVerifier.ts to require explicit values (remove the zero-value default or
fetch without fallback) and add a runtime validation that checks
nodesFoldKeyHash and c5KeyHash are not the all-zero bytes32 value (e.g., compare
to "0x000...000") and throw a clear error/abort if they are; reference the
symbols nodesFoldKeyHash, c5KeyHash and the module/method using m.getParameter
to locate and implement this validation.

In `@packages/enclave-contracts/ignition/modules/slashingManager.ts`:
- Around line 13-15: Validate the admin delay returned by m.getParameter before
constructing SlashingManager: after const initialDelay =
m.getParameter("initialDelay", DEFAULT_ADMIN_DELAY); check if initialDelay is <=
0 and throw a clear error (e.g. "initialDelay must be a positive non-zero
value") or fallback to DEFAULT_ADMIN_DELAY, then pass the validated value into
m.contract("SlashingManager", [initialDelay, admin]). This change ensures
initialDelay (used for SlashingManager) cannot be zero or negative.

In `@packages/enclave-contracts/scripts/deployAndSave/slashingManager.ts`:
- Around line 45-47: The computed delay value (const delay = initialDelay !==
undefined ? BigInt(initialDelay) : DEFAULT_ADMIN_DELAY) must be validated so
zero or negative delays are rejected; modify the deployment code that sets delay
to check the normalized BigInt value (delay) and throw or exit with an error if
delay <= 0n, referencing the symbols initialDelay, delay, and
DEFAULT_ADMIN_DELAY so the validation occurs immediately after normalization and
before any use of delay in admin handover or contract deployment.

In `@packages/enclave-contracts/scripts/deployEnclave.ts`:
- Around line 285-296: The check for SLASHER_ROLE happens before the grant
transaction is mined; change the flow in the slashingManager usage so
addSlasher(...) is awaited as a transaction receipt before calling hasRole: call
slashingManager.addSlasher(slasherAddress), store the returned tx, await
tx.wait(), then read slashingManager.SLASHER_ROLE() and call
hasRole(slasherRole, slasherAddress) to verify; reference symbols: addSlasher,
SLASHER_ROLE, hasRole, slashingManager.

In `@packages/enclave-contracts/scripts/validateUpgrade.ts`:
- Around line 42-55: The UPGRADEABLE_CONTRACTS array uses incorrect source paths
("project/contracts/...") so loadLayout() cannot find entries in
buildInfo.output.contracts[source][contract]; update each source string in
UPGRADEABLE_CONTRACTS to the actual Hardhat source keys used in this PR (e.g.,
"contracts/Enclave.sol", "contracts/registry/CiphernodeRegistryOwnable.sol",
etc.) so that loadLayout() and the lookup
buildInfo.output.contracts[source][contract] resolve correctly for functions
that validate upgrades.

In `@packages/enclave-contracts/test/fixtures/constants.ts`:
- Around line 23-25: The ENCRYPTION_SCHEME_ID constant is hardcoded to
keccak256("fhe.bfv.2.0") but verifier wrappers expect keccak256("fhe.rs:BFV");
update the fixture so the constant is derived from the canonical string to avoid
drift—replace the hardcoded hex with a value computed from
keccak256("fhe.rs:BFV") (or compute at runtime using
utils.keccak256(utils.toUtf8Bytes("fhe.rs:BFV"))) and export that as
ENCRYPTION_SCHEME_ID so tests and the BFV verifier wrapper use the exact same
identifier.

In `@packages/enclave-contracts/test/fixtures/system.ts`:
- Around line 186-189: The return type for the fixture incorrectly marks
operator1, operator2, and operator3 as required Signer instances even though
they can be undefined when setupOperators < 3; update the
type/interface/returned object so operator1, operator2, and operator3 are
optional (e.g., Signer | undefined or mark with ?) wherever they’re
declared/returned (references: operator1, operator2, operator3 in the
fixture/contract), and apply the same optional typing change to the other
occurrence of these fields mentioned in the review.
- Around line 225-227: The test fixture can push undefined into operators when
setupOperators is larger than the available signers; add a validation before the
loop that ensures setupOperators is <= signers.length - 2 (because you start at
index 2), and if it isn't, throw a clear error (or clamp setupOperators) so the
for loop that pushes signers[2 + i] into operators never inserts undefined;
reference the variables setupOperators, operators, and signers and perform the
check prior to the for loop that populates operators.

---

Outside diff comments:
In `@packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol`:
- Around line 248-249: The CommitteePublished event currently emits the
caller-supplied `nodes` array which may differ from the verified committee
stored in `c.topNodes`; change the implementation to emit `c.topNodes` (the
finalized committee verified by the proof) instead of `nodes`, or add an
explicit element-by-element equality check between `nodes` and `c.topNodes`
before emitting to guarantee the event matches the on-chain committee; update
all occurrences around the `CommitteePublished` emission (including the blocks
referencing `nodes` at lines ~248, 254–265, 273) to reference `c.topNodes` or
enforce exact equality.

In `@packages/enclave-contracts/tasks/ciphernode.ts`:
- Around line 264-270: The task currently calls
enclaveTokenContract.disableTransferRestrictions() when transfersRestricted is
true (in the ciphernode:mint-tokens flow), which is a permanent, global admin
change; remove or stop invoking disableTransferRestrictions() from the mint
helper and instead perform minting without altering global transfer
policy—either mint directly to the target address (using the contract's
mint/ownerMint function) or, if transfers must be enabled for this single
wallet, implement a scoped approach (require an explicit admin-only flag on the
task or use a temporary allowance/whitelist function if the contract exposes
one) and never call disableTransferRestrictions() from ciphernode:mint-tokens.
Ensure references to transfersRestricted and
enclaveTokenContract.disableTransferRestrictions() are the spots you update.

In `@packages/enclave-contracts/tasks/enclave.ts`:
- Around line 226-239: The requestParams currently hardcodes maxFee: 0n which
will cause request() to revert when a nonzero quote is obtained; instead, after
you call whatever function produces the fee quote (the variable holding the
quote/fee in this scope — e.g., quote, quoteResult, or quotedFee), set
requestParams.maxFee to that quoted value (converted to the expected
BigNumberish/BigInt) before calling request(); ensure the same quoted value is
used for the approval step so requestParams.maxFee matches the approved fee and
that request() will not revert.

---

Nitpick comments:
In `@packages/enclave-contracts/contracts/interfaces/IBondingRegistry.sol`:
- Around line 282-290: Rename the misleading parameter name in the
getTicketBalanceAtBlock function signature (and any matching
declarations/implementations) from blockNumber to a clearer name like timepoint
or timestamp; update the function signature in the IBondingRegistry interface
(function getTicketBalanceAtBlock(address operator, uint256 timepoint)) and
adjust any internal references and the NatSpec `@param` tag to use the new name so
callers/readers understand it expects a timestamp (EIP-6372 timepoint) rather
than a block height.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 6207f3a7-0d8b-491f-9fd2-27319ec45183

📥 Commits

Reviewing files that changed from the base of the PR and between 26c846a and ae050b5.

📒 Files selected for processing (71)

• agent/flow-trace/02_TOKENS_AND_ACTIVATION.md
• agent/flow-trace/03_E3_REQUEST_AND_COMMITTEE.md
• agent/flow-trace/04_DKG_AND_COMPUTATION.md
• agent/flow-trace/05_FAILURE_REFUND_SLASHING.md
• agent/flow-trace/06_DEACTIVATION_AND_COMPLETION.md
• packages/enclave-contracts/artifacts/contracts/Enclave.sol/Enclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json
• packages/enclave-contracts/artifacts/contracts/registry/CiphernodeRegistryOwnable.sol/CiphernodeRegistryOwnable.json
• packages/enclave-contracts/artifacts/contracts/token/EnclaveTicketToken.sol/EnclaveTicketToken.json
• packages/enclave-contracts/contracts/E3RefundManager.sol
• packages/enclave-contracts/contracts/Enclave.sol
• packages/enclave-contracts/contracts/interfaces/IBondingRegistry.sol
• packages/enclave-contracts/contracts/interfaces/ICiphernodeRegistry.sol
• packages/enclave-contracts/contracts/interfaces/IDecryptionVerifier.sol
• packages/enclave-contracts/contracts/interfaces/IE3RefundManager.sol
• packages/enclave-contracts/contracts/interfaces/IEnclave.sol
• packages/enclave-contracts/contracts/interfaces/IPkVerifier.sol
• packages/enclave-contracts/contracts/interfaces/ISlashingManager.sol
• packages/enclave-contracts/contracts/lib/EnclavePricing.sol
• packages/enclave-contracts/contracts/lib/ExitQueueLib.sol
• packages/enclave-contracts/contracts/registry/BondingRegistry.sol
• packages/enclave-contracts/contracts/registry/CiphernodeRegistryOwnable.sol
• packages/enclave-contracts/contracts/slashing/SlashingManager.sol
• packages/enclave-contracts/contracts/test/MockBlacklistUSDC.sol
• packages/enclave-contracts/contracts/test/MockDecryptionVerifier.sol
• packages/enclave-contracts/contracts/test/MockFeeOnTransferToken.sol
• packages/enclave-contracts/contracts/test/MockPkVerifier.sol
• packages/enclave-contracts/contracts/token/EnclaveTicketToken.sol
• packages/enclave-contracts/contracts/token/EnclaveToken.sol
• packages/enclave-contracts/contracts/verifiers/bfv/BfvDecryptionVerifier.sol
• packages/enclave-contracts/contracts/verifiers/bfv/BfvPkVerifier.sol
• packages/enclave-contracts/hardhat.config.ts
• packages/enclave-contracts/ignition/modules/bfvDecryptionVerifier.ts
• packages/enclave-contracts/ignition/modules/bfvPkVerifier.ts
• packages/enclave-contracts/ignition/modules/enclave.ts
• packages/enclave-contracts/ignition/modules/slashingManager.ts
• packages/enclave-contracts/package.json
• packages/enclave-contracts/scripts/deployAndSave/enclave.ts
• packages/enclave-contracts/scripts/deployAndSave/enclaveToken.ts
• packages/enclave-contracts/scripts/deployAndSave/slashingManager.ts
• packages/enclave-contracts/scripts/deployEnclave.ts
• packages/enclave-contracts/scripts/validateUpgrade.ts
• packages/enclave-contracts/tasks/ciphernode.ts
• packages/enclave-contracts/tasks/enclave.ts
• packages/enclave-contracts/test/BfvDecryptionVerifier.spec.ts
• packages/enclave-contracts/test/BfvPkVerifier.spec.ts
• packages/enclave-contracts/test/E3Lifecycle/E3Integration.spec.ts
• packages/enclave-contracts/test/E3Lifecycle/Sortition.spec.ts
• packages/enclave-contracts/test/Enclave.spec.ts
• packages/enclave-contracts/test/Governance/AccessAndBounds.spec.ts
• packages/enclave-contracts/test/Pricing/DustRotation.spec.ts
• packages/enclave-contracts/test/Pricing/Pricing.spec.ts
• packages/enclave-contracts/test/Pricing/PullPaymentsAndAllowlist.spec.ts
• packages/enclave-contracts/test/Registry/BondingRegistry.spec.ts
• packages/enclave-contracts/test/Registry/CiphernodeRegistryOwnable.spec.ts
• packages/enclave-contracts/test/Slashing/CommitteeExpulsion.spec.ts
• packages/enclave-contracts/test/Slashing/SlashingLanes.spec.ts
• packages/enclave-contracts/test/Slashing/SlashingManager.spec.ts
• packages/enclave-contracts/test/Standards/StandardsAndUpgrades.spec.ts
• packages/enclave-contracts/test/Token/EnclaveTicketToken.spec.ts
• packages/enclave-contracts/test/Token/EnclaveToken.spec.ts
• packages/enclave-contracts/test/fixtures/attestation.ts
• packages/enclave-contracts/test/fixtures/connection.ts
• packages/enclave-contracts/test/fixtures/constants.ts
• packages/enclave-contracts/test/fixtures/helpers.ts
• packages/enclave-contracts/test/fixtures/index.ts
• packages/enclave-contracts/test/fixtures/operators.ts
• packages/enclave-contracts/test/fixtures/system.ts

[coderabbitai]

♻️ Duplicate comments (1)

packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json (1)

784-877: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Expose lane on getSlashProposal() too.

SlashProposed and SlashExecuted now emit lane, but the proposal read path still omits it. Callers querying by proposalId still have to replay events to distinguish Lane A from Lane B. Either add lane to the returned tuple or expose a dedicated getter.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json`
around lines 784 - 877, getSlashProposal currently returns the SlashProposal
tuple without the lane field while events SlashProposed and SlashExecuted
include lane, forcing callers to replay events; update the ISlashingManager
interface so the SlashProposal struct (and the getSlashProposal() output tuple)
includes the lane field (same type as emitted in SlashProposed/SlashExecuted) or
add a dedicated getter like getSlashProposalLane(proposalId) that returns the
lane; modify the returned tuple name "proposal" from getSlashProposal and the
struct definition used by getSlashProposal to include the new lane member so
callers can distinguish Lane A vs B directly.

🧹 Nitpick comments (1)

packages/enclave-contracts/test/BfvVkBindingIntegration.spec.ts (1)

235-247: ⚡ Quick win

Keep one happy-path assertion through the wrapper verify() entrypoints.

These direct ICircuitVerifier calls no longer exercise the wrapper logic changed in this PR, so this suite can stay green even if BfvPkVerifier.verify / BfvDecryptionVerifier.verify regress on argument wiring or domain-binding checks. Please keep a positive-path wrapper test once domain-bound fixtures are available, or split this into a clearly named circuit-only test.

Also applies to: 256-266

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/test/BfvVkBindingIntegration.spec.ts` around lines
235 - 247, The test currently calls the underlying ICircuitVerifier
(dkgCircuit.verify) which bypasses the wrapper logic; update the spec to include
at least one happy-path assertion that invokes the wrapper verify entrypoint
(e.g., call BfvPkVerifier.verify and/or BfvDecryptionVerifier.verify with the
decoded rawDkgProof and rawDkgPi or appropriately wrapped arguments) and expect
it to return true so the wrapper wiring and domain-binding are exercised; if you
want to keep the circuit-only assertion, either rename this test to indicate it
is "circuit-only" or split out a separate test that calls the wrapper verify
methods (BfvPkVerifier.verify / BfvDecryptionVerifier.verify) using the same
decoded inputs (rawDkgProof, rawDkgPi) and assert success.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In
`@packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json`:
- Around line 784-877: getSlashProposal currently returns the SlashProposal
tuple without the lane field while events SlashProposed and SlashExecuted
include lane, forcing callers to replay events; update the ISlashingManager
interface so the SlashProposal struct (and the getSlashProposal() output tuple)
includes the lane field (same type as emitted in SlashProposed/SlashExecuted) or
add a dedicated getter like getSlashProposalLane(proposalId) that returns the
lane; modify the returned tuple name "proposal" from getSlashProposal and the
struct definition used by getSlashProposal to include the new lane member so
callers can distinguish Lane A vs B directly.

---

Nitpick comments:
In `@packages/enclave-contracts/test/BfvVkBindingIntegration.spec.ts`:
- Around line 235-247: The test currently calls the underlying ICircuitVerifier
(dkgCircuit.verify) which bypasses the wrapper logic; update the spec to include
at least one happy-path assertion that invokes the wrapper verify entrypoint
(e.g., call BfvPkVerifier.verify and/or BfvDecryptionVerifier.verify with the
decoded rawDkgProof and rawDkgPi or appropriately wrapped arguments) and expect
it to return true so the wrapper wiring and domain-binding are exercised; if you
want to keep the circuit-only assertion, either rename this test to indicate it
is "circuit-only" or split out a separate test that calls the wrapper verify
methods (BfvPkVerifier.verify / BfvDecryptionVerifier.verify) using the same
decoded inputs (rawDkgProof, rawDkgPi) and assert success.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 47a77d80-6d00-45b7-9b22-36a5aa122703

📥 Commits

Reviewing files that changed from the base of the PR and between ae050b5 and 004d8bd.

📒 Files selected for processing (11)

• packages/enclave-contracts/artifacts/contracts/Enclave.sol/Enclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json
• packages/enclave-contracts/artifacts/contracts/registry/CiphernodeRegistryOwnable.sol/CiphernodeRegistryOwnable.json
• packages/enclave-contracts/artifacts/contracts/token/EnclaveTicketToken.sol/EnclaveTicketToken.json
• packages/enclave-contracts/ignition/modules/bfvDecryptionVerifier.ts
• packages/enclave-contracts/ignition/modules/bfvPkVerifier.ts
• packages/enclave-contracts/scripts/utils.ts
• packages/enclave-contracts/test/BfvVkBindingIntegration.spec.ts

✅ Files skipped from review due to trivial changes (1)

• packages/enclave-contracts/ignition/modules/bfvDecryptionVerifier.ts

[coderabbitai]

🧹 Nitpick comments (1)

packages/enclave-contracts/contracts/lib/EnclavePricing.sol (1)

216-224: ⚡ Quick win

Clarify or remove unused quotedFee from validateRequest.

quotedFee is documented as an input but unused in logic, which makes this API misleading for future payment-check refactors.

♻️ Minimal clarity fix

-    /// `@param` quotedFee        Fee returned by {EnclavePricing.quote}.
+    /// `@param` _quotedFee       Reserved for caller parity; currently unused.
...
-        uint256 quotedFee
+        uint256 _quotedFee

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/enclave-contracts/contracts/lib/EnclavePricing.sol` around lines 216
- 224, The validateRequest function currently accepts a quotedFee parameter that
is never used; remove quotedFee from the validateRequest signature and its
`@param` NatSpec to avoid a misleading API, and update any call sites or
interfaces that pass quotedFee to validateRequest to stop doing so (search for
validateRequest(...) usages and remove the extra argument). Ensure the function
header and documentation only list the actual inputs (inputWindow, nowTs,
computeWindow, decryptionWindow, maxDuration) so the contract API is accurate.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@packages/enclave-contracts/contracts/lib/EnclavePricing.sol`:
- Around line 216-224: The validateRequest function currently accepts a
quotedFee parameter that is never used; remove quotedFee from the
validateRequest signature and its `@param` NatSpec to avoid a misleading API, and
update any call sites or interfaces that pass quotedFee to validateRequest to
stop doing so (search for validateRequest(...) usages and remove the extra
argument). Ensure the function header and documentation only list the actual
inputs (inputWindow, nowTs, computeWindow, decryptionWindow, maxDuration) so the
contract API is accurate.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4910bb96-2cab-4bf4-9f98-c30acc4da59f

📥 Commits

Reviewing files that changed from the base of the PR and between 004d8bd and 3e3bed8.

📒 Files selected for processing (25)

• agent/flow-trace/00_INDEX.md
• agent/flow-trace/04_DKG_AND_COMPUTATION.md
• circuits/benchmarks/results_insecure/crisp_verify_gas.json
• circuits/benchmarks/results_insecure/integration_summary.json
• packages/enclave-contracts/artifacts/contracts/Enclave.sol/Enclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IBondingRegistry.sol/IBondingRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ICiphernodeRegistry.sol/ICiphernodeRegistry.json
• packages/enclave-contracts/artifacts/contracts/interfaces/IEnclave.sol/IEnclave.json
• packages/enclave-contracts/artifacts/contracts/interfaces/ISlashingManager.sol/ISlashingManager.json
• packages/enclave-contracts/artifacts/contracts/registry/CiphernodeRegistryOwnable.sol/CiphernodeRegistryOwnable.json
• packages/enclave-contracts/contracts/Enclave.sol
• packages/enclave-contracts/contracts/interfaces/IEnclave.sol
• packages/enclave-contracts/contracts/lib/EnclavePricing.sol
• packages/enclave-contracts/test/BfvVkBindingIntegration.spec.ts
• packages/enclave-contracts/test/E3Lifecycle/E3Integration.spec.ts
• packages/enclave-contracts/test/E3Lifecycle/Sortition.spec.ts
• packages/enclave-contracts/test/Enclave.spec.ts
• packages/enclave-contracts/test/Governance/AccessAndBounds.spec.ts
• packages/enclave-contracts/test/Pricing/DustRotation.spec.ts
• packages/enclave-contracts/test/Pricing/Pricing.spec.ts
• packages/enclave-contracts/test/Pricing/PullPaymentsAndAllowlist.spec.ts
• packages/enclave-contracts/test/Registry/CiphernodeRegistryOwnable.spec.ts
• packages/enclave-contracts/test/Slashing/CommitteeExpulsion.spec.ts
• packages/enclave-contracts/test/fixtures/helpers.ts
• packages/enclave-contracts/test/fixtures/system.ts

💤 Files with no reviewable changes (11)

• packages/enclave-contracts/test/fixtures/helpers.ts
• packages/enclave-contracts/test/Enclave.spec.ts
• packages/enclave-contracts/test/Pricing/PullPaymentsAndAllowlist.spec.ts
• packages/enclave-contracts/test/E3Lifecycle/Sortition.spec.ts
• packages/enclave-contracts/test/Registry/CiphernodeRegistryOwnable.spec.ts
• packages/enclave-contracts/test/Pricing/DustRotation.spec.ts
• packages/enclave-contracts/test/Pricing/Pricing.spec.ts
• packages/enclave-contracts/test/fixtures/system.ts
• packages/enclave-contracts/test/Slashing/CommitteeExpulsion.spec.ts
• packages/enclave-contracts/contracts/interfaces/IEnclave.sol
• packages/enclave-contracts/test/E3Lifecycle/E3Integration.spec.ts

✅ Files skipped from review due to trivial changes (2)

• circuits/benchmarks/results_insecure/integration_summary.json
• agent/flow-trace/00_INDEX.md

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

agent/flow-trace/05_FAILURE_REFUND_SLASHING.md (1)

266-272: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Add a language tag to this fenced lifecycle block.

This block is missing a fence language (MD040).

Proposed doc fix

-```
+```text
 LIFECYCLE:
   Created by AccusationManagerExtension on SortitionCommitteeFinalized
   → Stores committee list, threshold_m, this node's address + signer
   → In-memory only (ephemeral — no persistence)
   → Destroyed by E3RequestComplete (Die signal)

</details>

<details>
<summary>🤖 Prompt for AI Agents</summary>

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @agent/flow-trace/05_FAILURE_REFUND_SLASHING.md around lines 266 - 272, The
fenced code block containing the "LIFECYCLE:" section is missing a language tag
(MD040); update the block surrounding the LIFECYCLE text (the triple-backtick
fence that opens before "LIFECYCLE:" and closes after "Die signal") to include a
language label such as "text" or "txt" (e.g., change totext) so the
markdown linter no longer flags MD040 while leaving the block contents
unchanged.

</details>

</blockquote></details>

</blockquote></details>

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@agent/flow-trace/03_E3_REQUEST_AND_COMMITTEE.md`:
- Around line 310-314: The fenced code block showing
"CiphernodeRegistrySolReader decodes SortitionCommitteeFinalized event" is
missing a language tag (MD040); update the markdown fenced block in
03_E3_REQUEST_AND_COMMITTEE.md to include a language identifier such as "text"
(e.g., ```text) so the block containing "CiphernodeRegistrySolReader" and
"SortitionCommitteeFinalized" is properly tagged.
- Around line 304-305: The event documentation for SortitionCommitteeFinalized
currently lists only (e3Id, committee) but the runtime event mapping also
includes scores; update the documentation to list the full payload (e3Id,
committee, scores) and any brief descriptions for each field so the doc
signature matches the runtime mapping and avoids reader/indexer confusion;
locate the SortitionCommitteeFinalized mention and replace the short tuple with
the complete tuple including scores and ensure any surrounding text that
references the event uses the same three-field signature.

---

Outside diff comments:
In `@agent/flow-trace/05_FAILURE_REFUND_SLASHING.md`:
- Around line 266-272: The fenced code block containing the "LIFECYCLE:" section
is missing a language tag (MD040); update the block surrounding the LIFECYCLE
text (the triple-backtick fence that opens before "LIFECYCLE:" and closes after
"Die signal") to include a language label such as "text" or "txt" (e.g., change
``` to ```text) so the markdown linter no longer flags MD040 while leaving the
block contents unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: d7421a2d-a4df-4de3-8d8a-d939c4a2f4a5

📥 Commits

Reviewing files that changed from the base of the PR and between 3e3bed8 and 7f1e3e0.

📒 Files selected for processing (4)

• agent/flow-trace/03_E3_REQUEST_AND_COMMITTEE.md
• agent/flow-trace/05_FAILURE_REFUND_SLASHING.md
• crates/evm/src/ciphernode_registry_sol.rs
• crates/evm/src/error_decoder.rs

[0xjei]

utACK