fix: backport fix sui for invalid receiver address

[ws4charlie]

Description

This PR is to backport #3945.

In case it happens again (due to any other edge case) in near future and requires quick fix, this PR handles invalid receiver address in both zetacore and zetaclient.

How Has This Been Tested?

• Tested CCTX in localnet
• Tested in development environment
• Go unit tests
• Go integration tests
• Tested via GitHub Actions

Summary by CodeRabbit

• New Features

  • Added an end-to-end test to verify that Sui withdrawals to invalid receiver addresses are correctly rejected.

• Bug Fixes

  • Sui withdrawal events now fail if the receiver address is invalid, preventing unintended transfers.

• Tests

  • Expanded test coverage for Sui address validation and withdrawal scenarios, including new and updated test cases to enforce stricter address checks.

• Documentation

  • Updated changelog to reflect the fix for invalid Sui withdrawal receiver addresses.

• Refactor

  • Improved and streamlined Sui address validation logic for stricter enforcement and simplified error handling.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

This update introduces stricter validation for Sui receiver addresses in ZEVM withdrawal flows. A new end-to-end test ensures withdrawals to invalid addresses are correctly rejected. The Sui address validation logic is refactored and made more rigorous, and the ZEVM withdrawal process now explicitly checks receiver address validity before broadcasting. Several Sui-related E2E tests are temporarily disabled, focusing test coverage on the new invalid receiver scenario.

Changes

File(s)	Change Summary
changelog.md	Added unreleased fix entry for Sui withdrawal failing on invalid receiver address.
cmd/zetae2e/local/local.go	Commented out all Sui E2E tests except TestSuiWithdrawInvalidReceiverName.
e2e/e2etests/e2etests.go, e2e/e2etests/test_sui_withdraw_invalid_receiver.go	Added new E2E test for Sui withdrawal to invalid receiver; registered test and function.
pkg/contracts/sui/address.go, pkg/contracts/sui/address_test.go	Refactored Sui address validation: stricter checks, renamed and simplified validation and decode functions, updated tests.
x/crosschain/keeper/evm_hooks.go	Simplified Sui address validation in validateOutbound to use updated validation logic.
x/crosschain/keeper/evm_hooks_test.go	Reordered imports for consistency; no functional changes.
zetaclient/chains/sui/signer/signer.go	Added explicit Sui receiver address validation before broadcasting withdrawal or cancel transaction.
zetaclient/chains/sui/signer/signer_test.go	Added test case for invalid receiver address handling in ProcessCCTX.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant ZEVM
    participant SuiValidator
    participant SuiChain

    User->>ZEVM: Request Sui withdrawal (with receiver address)
    ZEVM->>SuiValidator: Validate receiver address
    alt Address valid
        SuiValidator-->>ZEVM: OK
        ZEVM->>SuiChain: Broadcast withdrawal transaction
        SuiChain-->>ZEVM: Transaction result
    else Address invalid
        SuiValidator-->>ZEVM: Invalid address error
        ZEVM->>SuiChain: Broadcast cancel transaction
        SuiChain-->>ZEVM: Cancel transaction result
    end
    ZEVM-->>User: Withdrawal outcome (success or failure)

Loading

sequenceDiagram
    participant E2ETest
    participant ZEVM
    participant SuiValidator

    E2ETest->>ZEVM: Initiate withdrawal to invalid Sui address
    ZEVM->>SuiValidator: Validate address
    SuiValidator-->>ZEVM: Invalid address error
    ZEVM-->>E2ETest: Transaction fails as expected

Loading

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.11%. Comparing base (18f5374) to head (b203398).
Report is 1 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop    #3954      +/-   ##
===========================================
+ Coverage    64.10%   64.11%   +0.01%     
===========================================
  Files          474      474              
  Lines        34838    34842       +4     
===========================================
+ Hits         22333    22340       +7     
+ Misses       11479    11477       -2     
+ Partials      1026     1025       -1     

Files with missing lines	Coverage Δ
x/crosschain/keeper/evm_hooks.go	84.96% <100.00%> (+0.88%)	⬆️
zetaclient/chains/sui/signer/signer.go	47.00% <100.00%> (+3.88%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

x/crosschain/keeper/evm_hooks_test.go (1)

10-10: Align import groups to Go conventions
Project-local imports should be grouped after third-party libraries and separated by blank lines. Please relocate github.com/zeta-chain/node/pkg/contracts/sui into the ZetaChain imports block (below the external dependencies) for consistent grouping.

cmd/zetae2e/local/local.go (1)

489-503: Appropriate focused testing approach for validating the invalid receiver fix.

Temporarily disabling other Sui tests to focus on the new TestSuiWithdrawInvalidReceiver test is a sound strategy during development. This ensures the fix is thoroughly validated in isolation before re-enabling the full test suite.

Consider adding a TODO comment indicating when these tests should be re-enabled:

 suiTests := []string{
 	e2etests.TestSuiDepositName,
+	// TODO: Re-enable these tests after invalid receiver fix validation is complete
 	// e2etests.TestSuiDepositAndCallRevertName,

pkg/contracts/sui/address.go (1)

30-33: Consider error handling implications.

The DecodeAddress function was simplified by removing error handling, which makes the API cleaner but eliminates validation. Ensure that all callers of this function provide valid byte slices, as invalid input will now cause runtime panics rather than graceful error handling.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1cb0ef8 and eab868d.

📒 Files selected for processing (10)

• changelog.md (1 hunks)
• cmd/zetae2e/local/local.go (1 hunks)
• e2e/e2etests/e2etests.go (2 hunks)
• e2e/e2etests/test_sui_withdraw_invalid_receiver.go (1 hunks)
• pkg/contracts/sui/address.go (1 hunks)
• pkg/contracts/sui/address_test.go (5 hunks)
• x/crosschain/keeper/evm_hooks.go (1 hunks)
• x/crosschain/keeper/evm_hooks_test.go (1 hunks)
• zetaclient/chains/sui/signer/signer.go (1 hunks)
• zetaclient/chains/sui/signer/signer_test.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

`**/*.go`: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

**/*.go: Review the Go code, point out issues relative to principles of clean code, expressiveness, and performance.

• x/crosschain/keeper/evm_hooks.go
• x/crosschain/keeper/evm_hooks_test.go
• zetaclient/chains/sui/signer/signer.go
• e2e/e2etests/test_sui_withdraw_invalid_receiver.go
• e2e/e2etests/e2etests.go
• zetaclient/chains/sui/signer/signer_test.go
• pkg/contracts/sui/address.go
• pkg/contracts/sui/address_test.go
• cmd/zetae2e/local/local.go

🧬 Code Graph Analysis (5)

x/crosschain/keeper/evm_hooks.go (1)

pkg/contracts/sui/address.go (2)

• DecodeAddress (31-33)
• ValidateAddress (37-54)

zetaclient/chains/sui/signer/signer.go (1)

pkg/contracts/sui/address.go (1)

• ValidateAddress (37-54)

e2e/e2etests/test_sui_withdraw_invalid_receiver.go (4)

e2e/runner/runner.go (1)

• E2ERunner (80-210)

e2e/utils/parsing.go (1)

• ParseBigInt (27-32)

e2e/utils/evm.go (1)

• MustWaitForTxReceipt (19-48)

e2e/utils/require.go (1)

• RequiredTxFailed (46-55)

e2e/e2etests/e2etests.go (2)

e2e/runner/e2etest.go (2)

• NewE2ETest (41-58)
• ArgDefinition (88-91)

e2e/e2etests/test_sui_withdraw_invalid_receiver.go (1)

• TestSuiWithdrawInvalidReceiver (14-42)

cmd/zetae2e/local/local.go (1)

e2e/e2etests/e2etests.go (1)

• TestSuiWithdrawInvalidReceiverName (118-118)

🔇 Additional comments (11)

changelog.md (1)

9-12: Changelog update is accurate
The new fix entry under UNRELEASED clearly describes the backport and is formatted correctly within the “Fixes” section.

x/crosschain/keeper/evm_hooks.go (1)

368-371: LGTM: Simplified Sui address validation logic aligns with updated address package.

The validation logic correctly reflects the refactored pkg/contracts/sui/address.go where DecodeAddress no longer returns an error and ValidateAddress performs comprehensive validation including format, case, length, and hex encoding checks.

zetaclient/chains/sui/signer/signer.go (2)

108-118: Excellent defensive programming: Early receiver address validation prevents invalid transactions.

The addition of receiver address validation before transaction broadcasting is a robust approach that:

• Catches invalid addresses early in the process
• Provides clear error logging for debugging
• Prevents unnecessary TSS operations on invalid transactions

---

121-121: LGTM: Correct integration of receiver validation into broadcast decision logic.

The conditional properly gates withdrawal broadcasting on both compliance checks and receiver address validity, ensuring that only valid transactions proceed to broadcast while invalid ones are canceled.

e2e/e2etests/test_sui_withdraw_invalid_receiver.go (1)

13-42: Well-structured E2E test validates complete invalid receiver address handling.

The test excellently follows the AAA pattern and provides comprehensive validation of the fix:

• Arrange: Properly sets up test prerequisites including ZRC20 approval and revert options
• Act: Correctly performs withdrawal to invalid receiver address
• Assert: Appropriately verifies that the transaction fails in ZEVM as expected

The use of RevertOptions demonstrates thorough understanding of the withdrawal flow and ensures proper fallback handling.

e2e/e2etests/e2etests.go (2)

118-118: LGTM: Test constant follows naming convention.

The constant naming is consistent with other Sui test constants in the file.

---

1000-1008: LGTM: Test registration is well-structured.

The test registration follows the established pattern with appropriate arguments and defaults. The invalid receiver address (EVM format) is suitable for testing the validation logic.

zetaclient/chains/sui/signer/signer_test.go (1)

213-300: LGTM: Comprehensive test for invalid receiver address handling.

The test case effectively validates the behavior when an invalid Sui receiver address (EVM format) is provided. The test correctly expects the "increase_nonce" function to be called instead of "withdraw", which aligns with the cancel transaction flow for invalid addresses. The test structure and assertions are consistent with existing test patterns.

pkg/contracts/sui/address.go (1)

35-54: LGTM: Stricter validation improves address format consistency.

The ValidateAddress function (renamed from ValidAddress) implements more rigorous validation:

• Enforces exact 64-character hex strings
• Requires lowercase format
• Uses strings.CutPrefix for cleaner prefix handling

The stricter validation aligns with the PR objective to prevent invalid receiver addresses from causing issues downstream.

pkg/contracts/sui/address_test.go (2)

57-79: LGTM: Test simplification aligns with function changes.

The TestDecodeAddress test was appropriately simplified to match the updated DecodeAddress function that no longer returns errors.

---

81-145: LGTM: Comprehensive test coverage for stricter validation.

The renamed TestValidSuiAddress function properly tests the enhanced validation logic:

• Verifies rejection of uppercase addresses
• Confirms rejection of short addresses
• Maintains coverage for existing validation scenarios
• Uses clear test case names and appropriate assertions

The test suite effectively validates the stricter address format requirements.

[lumtis]

LGTM