chore: Update ezeth to prevent inbound to blast

[ltyu]

Description

The goal of this update to to prevent inbound to blast, but allow outbound from blast. This is accomplished through an asymmetric hook/ism setup:

This is generated by: hyperlane-xyz/hyperlane-monorepo#6444

Summary by CodeRabbit

• Chores
  • Updated EZETH production and staging configurations to block inbound traffic to the "blast" service while allowing outbound traffic.
  • Standardized hook definitions across multiple domains with domain-based routing and simplified security module configuration for the "blast" chain.
  • Adjusted protocol fee values for aggregation hooks in various blockchain configurations.
  • No changes to user-facing features or exported/public entities.

[changeset-bot]

🦋 Changeset detected

Latest commit: aff1bbe

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@hyperlane-xyz/registry	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[github-actions]

Check Warp Deploy Summary

Warp Route ID	Status
EZETH/renzo-prod	✅
EZETHSTAGE/renzo-stage	✅
PZETHSTAGE/berachain-ethereum-swell-unichain-zircuit	✅
REZSTAGING/base-ethereum-unichain	✅

Last updated: 2025-06-23 15:38:04 UTC

[coderabbitai]

📝 Walkthrough

Walkthrough

The updates restructure deployment YAML configurations for multiple blockchain domains by introducing domain-based routing hooks, removing protocol fee fields, and simplifying interchain security modules for the "blast" domain. Additionally, protocol fee values are adjusted for specific domains, and a new changeset records a minor version update for the registry package.

Changes

Files / Groups	Change Summary
.changeset/lucky-badgers-care.md	Added a changeset file documenting a minor version update for @hyperlane-xyz/registry regarding EZETH config changes.
deployments/warp_routes/EZETH/renzo-prod-deploy.yaml deployments/warp_routes/EZETHSTAGE/renzo-stage-deploy.yaml	Restructured hook definitions to use domain-based routing hooks, removed protocol fee fields, and simplified "blast" ISM config.
deployments/warp_routes/PZETHSTAGE/berachain-ethereum-swell-unichain-zircuit-deploy.yaml deployments/warp_routes/REZSTAGING/base-ethereum-unichain-deploy.yaml	Updated protocolFee values for ethereum, swell, unichain, and zircuit domains; no structural changes.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant DeploymentConfig
    participant DomainRoutingHook
    participant InterchainSecurityModule

    User->>DeploymentConfig: Initiate deployment
    DeploymentConfig->>DomainRoutingHook: Assign hooks via domains mapping
    DeploymentConfig->>InterchainSecurityModule: Configure ISM (simplified for blast)
    DomainRoutingHook-->>DeploymentConfig: Hooks ready per domain
    InterchainSecurityModule-->>DeploymentConfig: ISM ready per domain
    DeploymentConfig-->>User: Deployment complete

Loading

Poem

In YAML fields the changes grow,
Routing hooks now mapped in tow.
Protocol fees, they shift and slide,
While "blast" gets configs simplified.
A rabbit hops with glee to see,
Deployments neat as they can be!
🐇✨

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (4)

deployments/warp_routes/EZETHSTAGE/renzo-stage-deploy.yaml (4)

252-269: Duplicate: Consolidate hook definitions for Base.
Same domain-based hook mapping pattern applied under base.hook.hooks. No changes beyond address validation.

---

499-517: Duplicate: Consolidate hook definitions for Berachain.
Pattern repeated identically for berachain.hook.hooks. Ensure consistency of the address and owner fields.

---

761-778: Duplicate: Consolidate hook definitions for BSC.
Uniform domainRoutingHook mapping applied. No additional feedback.

---

1008-1025: Duplicate: Consolidate hook definitions for Ethereum.
Consistent application of the domainRoutingHook pattern. Address and owner checks recommended.

🧹 Nitpick comments (1)

.changeset/lucky-badgers-care.md (1)

5-5: Consider refining the summary phrasing
We generally use imperative tone in changeset summaries. For example:
“Prevent inbound traffic to the blast component in EZETH prod and stage configs while allowing outbound.”

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between efc4616 and dd48e60.

📒 Files selected for processing (5)

• .changeset/lucky-badgers-care.md (1 hunks)
• deployments/warp_routes/EZETH/renzo-prod-deploy.yaml (16 hunks)
• deployments/warp_routes/EZETHSTAGE/renzo-stage-deploy.yaml (16 hunks)
• deployments/warp_routes/PZETHSTAGE/berachain-ethereum-swell-unichain-zircuit-deploy.yaml (4 hunks)
• deployments/warp_routes/REZSTAGING/base-ethereum-unichain-deploy.yaml (3 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: rpc-health-mainnet
• GitHub Check: rpc-health-testnet
• GitHub Check: test
• GitHub Check: check-warp-deploy

🔇 Additional comments (19)

deployments/warp_routes/PZETHSTAGE/berachain-ethereum-swell-unichain-zircuit-deploy.yaml (4)

90-90: Approve Ethereum protocolFee update.

The new value (158365200000000) aligns with the updated fee schedule.

---

171-171: Approve Swell protocolFee update.

The new value (158365200000000) matches the intended configuration.

---

252-252: Approve Unichain protocolFee update.

The updated fee (192111100000000) is correct per specifications.

---

333-333: Approve Zircuit protocolFee update.

The change (158365200000000) is consistent with the other domains.

deployments/warp_routes/REZSTAGING/base-ethereum-unichain-deploy.yaml (3)

9-9: Approve Base protocolFee update.

Updated to 158365200000000 to match the revised fee structure.

---

62-62: Approve Ethereum protocolFee update.

New fee (158365200000000) aligns with the cross-domain fee recalibration.

---

115-115: Approve Unichain protocolFee update.

The fee (192111100000000) is now consistent with the updated rate model.

deployments/warp_routes/EZETHSTAGE/renzo-stage-deploy.yaml (2)

5-22: Consolidate hook definitions with domainRoutingHook.
Replaced individual hook entries and legacy fee/beneficiary fields under arbitrum.hook.hooks with a unified domains mapping and set type: domainRoutingHook. This DRY refactor reduces repetition—please verify the listed addresses and owner are correct.

---

745-753: Prevent inbound traffic to Blast via asymmetric hook/ISM.
Under blast.hook, only aggregationHook entries remain, and the interchainSecurityModule is simplified to an empty domains block with type: domainRoutingIsm. This effectively blocks inbound messages while preserving outbound aggregation, matching the PR goal.

.changeset/lucky-badgers-care.md (1)

1-3: Frontmatter is well-formed
The YAML frontmatter correctly specifies a minor bump for @hyperlane-xyz/registry.

deployments/warp_routes/EZETH/renzo-prod-deploy.yaml (9)

5-13: Consolidated domainRoutingHook for Arbitrum
The individual protocolFee hooks have been replaced with a single domainRoutingHook that spans all target domains. Validate that each domain key (base, berachain, bsc, etc.) points to the correct address and that no intended domain was omitted.

---

21-22: Confirm aggregation entry after domainRoutingHook
Ensure the secondary hook entry ("0x592cd754B947396255E50Cac10c519c7ee313919") is correct and that the aggregationHook remains properly ordered immediately after the routing hook.

---

255-263: Consolidated domainRoutingHook for Base
Mirrors the Arbitrum pattern—validate that all Base domain addresses and the owner match the intended deployment configuration.

---

270-272: Verify Base aggregationHook entry
Confirm that the standalone aggregation address ("0xFA6A5Ab6a77dDdf2936b538Fdc39DAe314Cc5500") is correct and that no legacy protocolFee hooks were inadvertently dropped.

---

505-513: Consolidated domainRoutingHook for Berachain
The multi–domain routing configuration is unified under a single hook. Verify that each Berachain domain mapping and the owner address remain accurate.

---

520-522: Verify Berachain hook type and secondary entry
Ensure the type: domainRoutingHook and the subsequent aggregation address ("0x96003848cfc3C236d70661aF4722F404435a526d") reflect the correct roles and ordering.

---

752-753: Simplified Hook for Blast
Inbound hooks are removed to enforce outbound-only traffic, leaving just two aggregation addresses. Confirm these entries satisfy the “prevent inbound to blast” objective.

---

756-758: Asymmetric ISM configuration for Blast
Changed to a single domainRoutingIsm with empty domains—this blocks inbound messaging. Validate that no fallback or multisig modules remain that could inadvertently allow inbound traffic.

---

770-778: Consolidated domainRoutingHook for BSC
Applied the same domainRouting consolidation for BSC. Please verify all target domain addresses and that the aggregationHook entry ("0x18431F422A9f32967054689673b7e1731Da233A7") is correct.

Also applies to: 786-787