feat(token-handler)!: added automatic token migration

.changeset/many-tigers-kneel.md

@@ -0,0 +1,5 @@
+---
+'@axelar-network/interchain-token-service': minor
+---
+
+Interchain tokens now get minted/burnt by the token manager.

.changeset/quick-ants-crash.md

@@ -0,0 +1,5 @@
+---
+'@axelar-network/interchain-token-service': minor
+---
+
+Add auto-migration of minter for native interchain tokens

DESIGN.md

@@ -41,6 +41,8 @@ Most current bridge designs aim to transfer a pre-existing, popular token to dif
 
 We designed an [interface](./contracts/interfaces/IInterchainTokenStandard.sol) along with an [example implementation](./contracts/interchain-token/InterchainTokenStandard.sol) of an ERC20 that can use the `InterchainTokenService` internally. This has the main benefit that for `TokenManagers` that require user approval (Lock/Unlock, Lock/Unlock Fee and Mint/BurnFrom), the token can provide this approval within the same call, providing better UX for users, and saving them some gas.
 
+Interchain Tokens function the same as mint/burn tokens do: The `tokenManager` that manages them will ask them to `burn` tokens on the sending chain, and to `mint` tokens on the receiving chain.
+
 ## Interchain Communication Spec
 
 The messages going through the Axelar Network between `InterchainTokenServices` need to have a consistent format to be understood properly. We chose to use `abi` encoding because it is easy to use in EVM chains, which are at the front and center of programmable blockchains, and because it is easy to implement in other ecosystems which tend to be more gas efficient. There are currently three supported message types: `INTERCHAIN_TRANSFER`, `DEPLOY_INTERCHAIN_TOKEN`, `DEPLOY_TOKEN_MANAGER`.

contracts/InterchainTokenService.sol

@@ -20,6 +20,7 @@ import { IInterchainTokenExecutable } from './interfaces/IInterchainTokenExecuta
 import { IInterchainTokenExpressExecutable } from './interfaces/IInterchainTokenExpressExecutable.sol';
 import { ITokenManager } from './interfaces/ITokenManager.sol';
 import { IGatewayCaller } from './interfaces/IGatewayCaller.sol';
+import { IMinter } from './interfaces/IMinter.sol';
 import { Create3AddressFixed } from './utils/Create3AddressFixed.sol';
 import { Operator } from './utils/Operator.sol';
 
@@ -643,6 +644,16 @@ contract InterchainTokenService is
         }
     }
 
+    /**
+     * @notice Allows the owner to migrate minter of native interchain tokens from ITS to the corresponding token manager.
+     * @param tokenId the tokenId of the registered token.
+     */
+    function migrateInterchainToken(bytes32 tokenId) external onlyOwner {
+        ITokenManager tokenManager_ = deployedTokenManager(tokenId);
+        address tokenAddress = tokenManager_.tokenAddress();
+        IMinter(tokenAddress).transferMintership(address(tokenManager_));
+    }
+
     /****************\
     INTERNAL FUNCTIONS
     \****************/

contracts/TokenHandler.sol

@@ -11,8 +11,8 @@ import { Create3AddressFixed } from './utils/Create3AddressFixed.sol';
 import { ITokenManagerType } from './interfaces/ITokenManagerType.sol';
 import { ITokenManager } from './interfaces/ITokenManager.sol';
 import { ITokenManagerProxy } from './interfaces/ITokenManagerProxy.sol';
-import { IERC20MintableBurnable } from './interfaces/IERC20MintableBurnable.sol';
 import { IERC20BurnableFrom } from './interfaces/IERC20BurnableFrom.sol';
+import { IMinter } from './interfaces/IMinter.sol';
 
 /**
  * @title TokenHandler
@@ -35,30 +35,26 @@ contract TokenHandler is ITokenHandler, ITokenManagerType, ReentrancyGuard, Crea
 
         (uint256 tokenManagerType, address tokenAddress) = ITokenManagerProxy(tokenManager).getImplementationTypeAndTokenAddress();
 
+        _migrateToken(tokenManager, tokenAddress, tokenManagerType);
+
         /// @dev Track the flow amount being received via the message
         ITokenManager(tokenManager).addFlowIn(amount);
 
-        if (tokenManagerType == uint256(TokenManagerType.NATIVE_INTERCHAIN_TOKEN)) {
-            _giveInterchainToken(tokenAddress, to, amount);
-            return (amount, tokenAddress);
-        }
-
-        if (tokenManagerType == uint256(TokenManagerType.MINT_BURN) || tokenManagerType == uint256(TokenManagerType.MINT_BURN_FROM)) {
-            _mintToken(tokenManager, tokenAddress, to, amount);
-            return (amount, tokenAddress);
-        }
-
-        if (tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK)) {
+        if (
+            tokenManagerType == uint256(TokenManagerType.NATIVE_INTERCHAIN_TOKEN) ||
+            tokenManagerType == uint256(TokenManagerType.MINT_BURN) ||
+            tokenManagerType == uint256(TokenManagerType.MINT_BURN_FROM)
+        ) {
+            _mintToken(ITokenManager(tokenManager), tokenAddress, to, amount);
+        } else if (tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK)) {
             _transferTokenFrom(tokenAddress, tokenManager, to, amount);
-            return (amount, tokenAddress);
-        }
-
-        if (tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK_FEE)) {
+        } else if (tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK_FEE)) {
             amount = _transferTokenFromWithFee(tokenAddress, tokenManager, to, amount);
-            return (amount, tokenAddress);
+        } else {
+            revert UnsupportedTokenManagerType(tokenManagerType);
         }
 
-        revert UnsupportedTokenManagerType(tokenManagerType);
+        return (amount, tokenAddress);
     }
 
     /**
@@ -76,10 +72,12 @@ contract TokenHandler is ITokenHandler, ITokenManagerType, ReentrancyGuard, Crea
 
         if (tokenOnly && msg.sender != tokenAddress) revert NotToken(msg.sender, tokenAddress);
 
-        if (tokenManagerType == uint256(TokenManagerType.NATIVE_INTERCHAIN_TOKEN)) {
-            _takeInterchainToken(tokenAddress, from, amount);
-        } else if (tokenManagerType == uint256(TokenManagerType.MINT_BURN)) {
-            _burnToken(tokenManager, tokenAddress, from, amount);
+        _migrateToken(tokenManager, tokenAddress, tokenManagerType);
+
+        if (
+            tokenManagerType == uint256(TokenManagerType.NATIVE_INTERCHAIN_TOKEN) || tokenManagerType == uint256(TokenManagerType.MINT_BURN)
+        ) {
+            _burnToken(ITokenManager(tokenManager), tokenAddress, from, amount);
         } else if (tokenManagerType == uint256(TokenManagerType.MINT_BURN_FROM)) {
             _burnTokenFrom(tokenAddress, from, amount);
         } else if (tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK)) {
@@ -133,10 +131,16 @@ contract TokenHandler is ITokenHandler, ITokenManagerType, ReentrancyGuard, Crea
      * @param tokenManager The address of the token manager.
      */
     // slither-disable-next-line locked-ether
-    function postTokenManagerDeploy(uint256 tokenManagerType, address tokenManager) external payable {
-        // For lock/unlock token managers, the ITS contract needs an approval from the token manager to transfer tokens on its behalf
-        if (tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK) || tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK_FEE)) {
-            ITokenManager(tokenManager).approveService();
+    function postTokenManagerDeploy(uint256 tokenManagerType, ITokenManager tokenManager) external payable {
+        // For native interhcain tokens we transfer mintership to the token manager.
+        // This is done here because InterchainToken bytecode needs to be fixed.
+        if (tokenManagerType == uint256(TokenManagerType.NATIVE_INTERCHAIN_TOKEN)) {
+            IMinter(tokenManager.tokenAddress()).transferMintership(address(tokenManager));
+            // For lock/unlock token managers, the ITS contract needs an approval from the token manager to transfer tokens on its behalf.
+        } else if (
+            tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK) || tokenManagerType == uint256(TokenManagerType.LOCK_UNLOCK_FEE)
+        ) {
+            tokenManager.approveService();
         }
     }
 
@@ -160,23 +164,28 @@ contract TokenHandler is ITokenHandler, ITokenManagerType, ReentrancyGuard, Crea
         return diff < amount ? diff : amount;
     }
 
-    function _giveInterchainToken(address tokenAddress, address to, uint256 amount) internal {
-        IERC20(tokenAddress).safeCall(abi.encodeWithSelector(IERC20MintableBurnable.mint.selector, to, amount));
+    function _mintToken(ITokenManager tokenManager, address tokenAddress, address to, uint256 amount) internal {
+        tokenManager.mintToken(tokenAddress, to, amount);
     }
 
-    function _takeInterchainToken(address tokenAddress, address from, uint256 amount) internal {
-        IERC20(tokenAddress).safeCall(abi.encodeWithSelector(IERC20MintableBurnable.burn.selector, from, amount));
-    }
-
-    function _mintToken(address tokenManager, address tokenAddress, address to, uint256 amount) internal {
-        ITokenManager(tokenManager).mintToken(tokenAddress, to, amount);
-    }
-
-    function _burnToken(address tokenManager, address tokenAddress, address from, uint256 amount) internal {
-        ITokenManager(tokenManager).burnToken(tokenAddress, from, amount);
+    function _burnToken(ITokenManager tokenManager, address tokenAddress, address from, uint256 amount) internal {
+        tokenManager.burnToken(tokenAddress, from, amount);
     }
 
     function _burnTokenFrom(address tokenAddress, address from, uint256 amount) internal {
         IERC20(tokenAddress).safeCall(abi.encodeWithSelector(IERC20BurnableFrom.burnFrom.selector, from, amount));
     }
+
+    /**
+     * @notice This transfers mintership of a native Interchain token to the tokenManager if ITS is still its minter.
+     * It does nothing if ITS is not the minter. This ensures that interchain tokens are auto-migrated without requiring a downtime for ITS.
+     * @param tokenManager The token manager address to transfer mintership to.
+     * @param tokenAddress The address of the token to transfer mintership of.
+     * @param tokenManagerType The token manager type for the token.
+     */
+    function _migrateToken(address tokenManager, address tokenAddress, uint256 tokenManagerType) internal {
+        if (tokenManagerType == uint256(TokenManagerType.NATIVE_INTERCHAIN_TOKEN) && IMinter(tokenAddress).isMinter(address(this))) {
+            IMinter(tokenAddress).transferMintership(tokenManager);
+        }
+    }
 }

contracts/interfaces/IInterchainTokenService.sol

@@ -274,4 +274,10 @@ interface IInterchainTokenService is
      * @param paused whether to pause or unpause.
      */
     function setPauseStatus(bool paused) external;
+
+    /**
+     * @notice Allows the owner to migrate legacy tokens that cannot be migrated automatically.
+     * @param tokenId the tokenId of the registered token.
+     */
+    function migrateInterchainToken(bytes32 tokenId) external;
 }

contracts/interfaces/ITokenHandler.sol

@@ -2,6 +2,8 @@
 
 pragma solidity ^0.8.0;
 
+import { ITokenManager } from './ITokenManager.sol';
+
 /**
  * @title ITokenHandler Interface
  * @notice This interface is responsible for handling tokens before initiating an interchain token transfer, or after receiving one.
@@ -47,5 +49,5 @@ interface ITokenHandler {
      * @param tokenManagerType The token manager type.
      * @param tokenManager The address of the token manager.
      */
-    function postTokenManagerDeploy(uint256 tokenManagerType, address tokenManager) external payable;
+    function postTokenManagerDeploy(uint256 tokenManagerType, ITokenManager tokenManager) external payable;
 }

test/InterchainTokenFactory.js

@@ -206,7 +206,7 @@ describe('InterchainTokenFactory', () => {
         const checkRoles = async (tokenManager, minter) => {
             const token = await getContractAt('InterchainToken', await tokenManager.tokenAddress(), wallet);
             expect(await token.isMinter(minter)).to.be.true;
-            expect(await token.isMinter(service.address)).to.be.true;
+            expect(await token.isMinter(tokenManager.address)).to.be.true;
 
             expect(await tokenManager.isOperator(minter)).to.be.true;
             expect(await tokenManager.isOperator(service.address)).to.be.true;
@@ -332,7 +332,11 @@ describe('InterchainTokenFactory', () => {
                 .and.to.emit(tokenManager, 'RolesRemoved')
                 .withArgs(tokenFactory.address, 1 << OPERATOR_ROLE)
                 .and.to.emit(tokenManager, 'RolesRemoved')
-                .withArgs(tokenFactory.address, 1 << FLOW_LIMITER_ROLE);
+                .withArgs(tokenFactory.address, 1 << FLOW_LIMITER_ROLE)
+                .and.to.emit(token, 'RolesRemoved')
+                .withArgs(service.address, 1 << MINTER_ROLE)
+                .and.to.emit(token, 'RolesAdded')
+                .withArgs(tokenManager.address, 1 << MINTER_ROLE);
 
             const payload = defaultAbiCoder.encode(
                 ['uint256', 'bytes32', 'string', 'string', 'uint8', 'bytes'],
@@ -388,7 +392,7 @@ describe('InterchainTokenFactory', () => {
                         },
                     ),
                 tokenFactory,
-                'InvalidMinter',
+                'NotMinter',
                 [service.address],
             );
 
@@ -441,7 +445,7 @@ describe('InterchainTokenFactory', () => {
                         },
                     ),
                 tokenFactory,
-                'InvalidMinter',
+                'NotMinter',
                 [service.address],
             );
 

test/InterchainTokenService.js

@@ -30,6 +30,7 @@ const {
     ITS_HUB_CHAIN_NAME,
     ITS_HUB_ROUTING_IDENTIFIER,
     ITS_HUB_ADDRESS,
+    MINTER_ROLE,
 } = require('./constants');
 
 const reportGas = gasReporter('Interchain Token Service');
@@ -646,7 +647,7 @@ describe('Interchain Token Service', () => {
 
             const token = await getContractAt('InterchainToken', tokenAddress, wallet);
             expect(await token.isMinter(wallet.address)).to.be.true;
-            expect(await token.isMinter(service.address)).to.be.true;
+            expect(await token.isMinter(tokenManager.address)).to.be.true;
         });
 
         it('Should revert when registering an interchain token as a lock/unlock for a second time', async () => {
@@ -3235,6 +3236,80 @@ describe('Interchain Token Service', () => {
         });
     });
 
+    describe('Interchain Token Migration', () => {
+        it('Should migrate a token succesfully', async () => {
+            const salt = getRandomBytes32();
+            const name = 'migrated token';
+            const symbol = 'MT';
+            const decimals = 53;
+            const tokenId = await service.interchainTokenId(wallet.address, salt);
+            const tokenManagerAddress = await service.tokenManagerAddress(tokenId);
+
+            await interchainTokenDeployer
+                .deployInterchainToken(salt, tokenId, service.address, name, symbol, decimals)
+                .then((tx) => tx.wait);
+            const tokenAddress = await interchainTokenDeployer.deployedAddress(salt);
+            const token = await getContractAt('InterchainToken', tokenAddress, wallet);
+
+            const params = defaultAbiCoder.encode(['bytes', 'address'], [wallet.address, tokenAddress]);
+
+            await service.deployTokenManager(salt, '', MINT_BURN, params, 0).then((tx) => tx.wait);
+
+            await expect(service.migrateInterchainToken(tokenId))
+                .to.emit(token, 'RolesRemoved')
+                .withArgs(service.address, 1 << MINTER_ROLE)
+                .to.emit(token, 'RolesAdded')
+                .withArgs(tokenManagerAddress, 1 << MINTER_ROLE);
+        });
+
+        it('Should not be able to migrate a token twice', async () => {
+            const salt = getRandomBytes32();
+            const name = 'migrated token';
+            const symbol = 'MT';
+            const decimals = 53;
+            const tokenId = await service.interchainTokenId(wallet.address, salt);
+            const tokenManagerAddress = await service.tokenManagerAddress(tokenId);
+
+            await interchainTokenDeployer
+                .deployInterchainToken(salt, tokenId, service.address, name, symbol, decimals)
+                .then((tx) => tx.wait);
+            const tokenAddress = await interchainTokenDeployer.deployedAddress(salt);
+            const token = await getContractAt('InterchainToken', tokenAddress, wallet);
+
+            const params = defaultAbiCoder.encode(['bytes', 'address'], [wallet.address, tokenAddress]);
+
+            await service.deployTokenManager(salt, '', MINT_BURN, params, 0).then((tx) => tx.wait);
+
+            await expect(service.migrateInterchainToken(tokenId))
+                .to.emit(token, 'RolesRemoved')
+                .withArgs(service.address, 1 << MINTER_ROLE)
+                .to.emit(token, 'RolesAdded')
+                .withArgs(tokenManagerAddress, 1 << MINTER_ROLE);
+
+            await expectRevert((gasOptions) => service.migrateInterchainToken(tokenId, { gasOptions }), token, 'MissingRole', [
+                service.address,
+                MINTER_ROLE,
+            ]);
+        });
+
+        it('Should not be able to migrate a token deployed after this upgrade', async () => {
+            const salt = getRandomBytes32();
+            const name = 'migrated token';
+            const symbol = 'MT';
+            const decimals = 53;
+            const tokenId = await service.interchainTokenId(wallet.address, salt);
+
+            await service.deployInterchainToken(salt, '', name, symbol, decimals, AddressZero, 0).then((tx) => tx.wait);
+            const tokenAddress = await service.interchainTokenAddress(tokenId);
+            const token = await getContractAt('InterchainToken', tokenAddress, wallet);
+
+            await expectRevert((gasOptions) => service.migrateInterchainToken(tokenId, { gasOptions }), token, 'MissingRole', [
+                service.address,
+                MINTER_ROLE,
+            ]);
+        });
+    });
+
     describe('Bytecode checks [ @skip-on-coverage ]', () => {
         it('Should preserve the same proxy bytecode for each EVM', async () => {
             const proxyFactory = await ethers.getContractFactory('InterchainProxy', wallet);