https://wallet.1inch.io/send/0x042c4fA87216D9d8c05dCa9D4e7d433FE4E5d323@137?value=1E20![qr.png](https://user-images.githubusercontent.com/84179933/221163057-3c03f8fb-88af-493a-88eb-223f43b848a8.png
Chào

In Step 11 Register State Sync

Register RootChainManager and ChildChainManager on StateSender
Set stateSenderAddress on RootChainManager
Grant STATE_SYNCER_ROLE on ChildChainManager

Can anyone explain how to Register RootChainManager and ChildChainManager on StateSender?

Here is the StateSender contract
`contract DummyStateSender is IStateSender {
/**
* @notice Event emitted when when syncState is called
* @dev Heimdall bridge listens to this event and sends the data to receiver contract on child chain
* @param id Id of the sync, increamented for each event in case of actual state sender contract
* @param contractAddress the contract receiving data on child chain
* @param data bytes data to be sent
*/
event StateSynced(
uint256 indexed id,
address indexed contractAddress,
bytes data
);

/**
 * @notice called to send data to child chain
 * @dev sender and receiver contracts need to be registered in case of actual state sender contract
 * @param receiver the contract receiving data on child chain
 * @param data bytes data to be sent
 */
function syncState(address receiver, bytes calldata data) external override {
    emit StateSynced(1, receiver, data);
}

}`

Motivation

In our app we want to provide people a better user experience when they deposit their tokens to polygon.
That is why we want RootChainManager#depositFor to be callable by an address that is not a token owner (like approved or approved for all).

Problem

That is not currently possible with MintableERC721Predicate (I didn't check others, but it is probably the same issue there).

Here is why:
RootChainManager always uses _msgSender as a depositor:

Solution

Use ERC721#ownerOf instead of depositor when calling ERC721#safeTransferFrom.

If that is not acceptable, can you explain a motivation of this limitation?

This is a request to create an API to get the Polygon Bridge status. When it is down, we have no way to know it is down and to notify our users.

Not sure if this is the right place to create this issue but Since 3 days i have not receiving my staking rewards and same for everyone in the community. When i check the staking checkpoint it says last checkpoint was done on march 10

genesis contracts in contracts repo seem to be deployed on matic's mainnet & testnet.
but, genesis contracts in [pos-portal](contracts repo ) look better architected & implemented than that. what is the purpose of each of them?

Because BaseChildTunnel and BaseRootTunnel are meant to be inherited from in external code bases, it would be nice to use a flexible solidity version like OpenZeppelin does.

https://tax.crypto.com/email-signin

This might sounds weird but..
Let's say I have a random number already generated and associated to my NFT in L1.
That number influences how tokenURI() is returned.
So I wanna make sure that my bridged NFT in L2 act the same.

Looking at ERC721Predicate

I saw the ability to send meta data back from L2 -> L1 (here: #67)
But not the other way around. Any suggestion? 🙏🏼

Reentrancy in NetworkAgnostic.executeMetaTransaction(address,bytes,bytes32,bytes32,uint8):
External calls:
- (success,returnData) = address(this).call(abi.encodePacked(functionSignature,userAddress))
State variables written after the call(s):
- nonces[userAddress] = nonces[userAddress].add(1)

Apply the check-effects-interactions pattern.

Is there any documentation for deploying mintable ERC20 on both chains?

My intuition of the procedure would be the following:

1. Deploy root/RootToken/DummyMintableERC20.sol on Ethereum
2. Deploy child/ChildToken/ChildMintableERC20.sol on Matic
3. Requesting mapping on https://mapper.matic.today/

However how is the rootChainManager supposed to mint tokens if it doesn't have the PREDICATE_ROLE? Shouldn't there be another PREDICATE_ROLE assignment in the constructor or is an additonal external call needed?

@arthcp can you explain this code: https://github.com/maticnetwork/pos-portal/blob/master/contracts/common/ContextMixin.sol

Specifically why do you expect there to be an address at add(array, index) in memory?

Also, why are you using a mask there? I don't see a need to use a mask there to clean bits because the value is going into a 20 byte address variable.

Hey guys, im new to the whole debugging .Sol so forgive me if im wrong rsrsr :)
but was checking this contract's code today and got the feeling that the code could be incorrectly allowing the ChildChainManager to withdraw funds on behalf of users
without their permission. The issue is in the deposit function, where the withdrawnTokens mapping is being set to false
for each deposited token, but this value is never checked again before the tokens are withdrawn in the withdrawBatch
function.

To fix this issue, the withdrawBatch function should check the withdrawnTokens mapping before allowing the tokens to
be withdrawn. For example, the code could be changed to this:

    function withdrawBatch(uint256[] calldata tokenIds) external {
        require(_msgSender() == _getCaller(), "ChildMintableERC721: INVALID_CALLER");

        // limit batching of tokens due to gas limit restrictions
        require(tokenIds.length <= BATCH_LIMIT, "ChildMintableERC721: BATCH_LIMIT_EXCEEDED");

        for (uint256 i = 0; i < tokenIds.length; i++) {
            uint256 tokenId = tokenIds[i];
            require(_hasToken(tokenId), "ChildMintableERC721: TOKEN_NOT_FOUND");

            // check if the token has already been withdrawn
            require(!withdrawnTokens[tokenId], "ChildMintableERC721: TOKEN_ALREADY_WITHDRAWN");

            withdrawnTokens[tokenId] = true;
            _burn(tokenId);
        }

        emit WithdrawnBatch(_msgSender(), tokenIds);
    }

best of Luck to Yall :)

https://play.google.com/store/apps/details?id=co.mona.android

Smart contract wallets (i.e., Argent, Dharma) are becoming ever more popular yet they do not possess private keys and therefore can not directly sign messages. This means that valid transactions from smart contract wallets are recognized as invalid by the current method Polygon PoS uses to determine whether a transaction is valid.

I'd like to suggest implementing the EIP-1271 isValidSignature method in addition to traditional verify method currently used which only works for EOAs. For example here:

Further exaggerating this issue IMHO, is that the current Polygon PoS functionality allows one to deposit funds from their smart contract wallet (i.e., Argent) successfully without issue nor warning, but once deposited, the funds remain locked due to the lack of implementation of EIP-1271. I know personally, because I just did this a few days ago to test out Polygon, and now those funds are locked on Polygon PoS with no way to withdraw nor send (Polygon support ticket #4393 open). I'm probably not the only one who has done this so far, and with growing usage of Polygon and smart contract wallets, I certainly won't be the last one to do this.

Another option would be to only allow for smart contract accounts to withdraw their funds back to mainnet L1 to their specific account. This may be an acceptable option if the complexity to implement EIP-1271 for all transaction types would be too high.

Thanks for your time. Feedback welcome!

Resources:
https://eips.ethereum.org/EIPS/eip-1271
https://docs.walletconnect.org/smart-wallets
https://docs.argent.xyz/wallet-connect-and-argent

I have several questions on Polygon mintable assets, based on the templates in this repository:

https://github.com/maticnetwork/pos-portal/blob/master/flat/ChildMintableERC20.sol
https://github.com/maticnetwork/pos-portal/blob/master/flat/DummyMintableERC20.sol

The documentation here does not address these questions.

(1) Should the name (ticker) of the token on the Polygon network be the same as the name of the token on Ethereum mainnet? So if my Ethereum ERC20 token is called XYZ, should the Polygon version be called just XYZ, or should it be called wXYZ?

(2) Why does the ChildMintableERC20.withdraw​ function have no access controls? I realize if a user calls this, it will only lose them tokens, but shouldn't you limit access to calling this function to only a Polygon router? Otherwise maybe a user can burn tokens early, which will make the router fail when trying to move tokens between chains. Who knows, it could trigger some security vulnerability. All router-specific functions should be locked down and limited so that only the router can call them.

(3) Why does the ChildMintableERC20.deposit function take an argument bytes calldata depositData​, which has to be decoded through abi.decode​? Why isn't the parameter decoded before it is passed to this function?

(4) Why does the mint​ function require the role DEFAULT_ADMIN_ROLE​, while deposit​ requires DEPOSITOR_ROLE​? In practice, is it only one router contract that has both roles? Your documentation on mintable assets does not talk about what the DEFAULT_ADMIN_ROLE​ role is, or which router contract should be assigned this role.

(5) Your contract DummyMintableERC20​ has a function mint(address user, uint256 amount)​ which has the same signature as the function of the same name in ChildMintableERC20​. However, the former takes role PREDICATE_ROLE​ and the latter takes role DEFAULT_ADMIN_ROLE​. If I want to deploy the same exact contract to Ethereum mainnet and Polygon, does this mean this function needs to be callable by two different contracts, one for each of the two roles?

https://goonus.io/markets/MATIC/?slug=cong-ty-game-square-enix-hop-tac-voi-polygon-de-ra-mat-du-an-nghe-thuat-nft

Hello, I am having problems to make EIP3009 from usdc polygon pos to work and it seems it uses the contracts from this repo.

It seems the EIP712 is wrong implemented: https://github.com/maticnetwork/pos-portal/blob/master/contracts/common/EIP712Base.sol#L36

First, the order from the domain separator should be in the order they give you here: https://eips.ethereum.org/EIPS/eip-712

Moreover the calculation of the EIP712_DOMAIN_TYPEHASH is wrong. We are using salt but we are not encoding any salt at all. EIP712Domain(string name,string version,address verifyingContract,bytes32 salt) this gives problems when you want to calculate the signature with standards like signTypedData from metamask.

Some operations require us to track NewHeaderBlock event of RootChain contracts. That is possible to do. However, the functionality can not be verified in the test environment because MockCheckpointManger doesn't emit this event.

Please add this event to ICheckpointManager and emit it inside MockCheckpointManager#setCheckpoint to make it more consistent with RootChain contract.

Token: AFTR
Token type
ERC20
Ethereum address
0x56dfa98f363edb99240b63f8a5141d8b64cfaf6e
Polygon address
0x228a22bf6da9353Abbe37a31cf85c02dfC432456
Decimals
8
Mintable
false

It looks like there's a typo in EIP712Base implementation. It called getDomainSeperator but it should be getDomainSeparator
https://github.com/maticnetwork/pos-portal/blob/master/contracts/common/EIP712Base.sol#L46
It looks like this issue is repeated in variables and other functions.

I can open a PR but I'm not sure if it's ok since it would change the contract's interface.
DAI proxy's implementation contract depends on this getDomainSeperator function and it's deployed with the typo.