feat: TIP-1056

[klkvr]

Linear: https://linear.app/tempoxyz/issue/CHAIN-1140/tip-1056-keep-order-ids-across-flips

[github-actions]

⚠️ Changelog not found.

A changelog entry is required before merging. We've generated a suggested changelog based on your changes:

Preview

---
tempo-contracts: minor
tempo-precompiles: minor
---

Added TIP-1056 in-place flip order rewriting on T5+: filled flip orders are now rewritten under the same `orderId` instead of allocating a new one, emitting a new `OrderFlipped` event rather than `OrderPlaced`.

Add changelog to commit this to your branch.

[0xKitsune]

Lgtm, just a few minor nits.

[github-actions]

📊 Tempo Precompiles Coverage

precompiles

Coverage: 5681/7745 lines (73.35%)

File details

File	Lines	Coverage
src/account_keychain/dispatch.rs	30/68	44.12%
src/account_keychain/mod.rs	273/736	37.09%
src/address_registry/dispatch.rs	31/33	93.94%
src/address_registry/mod.rs	50/56	89.29%
src/error.rs	39/114	34.21%
src/ip_validation.rs	10/10	100.00%
src/lib.rs	180/216	83.33%
src/nonce/dispatch.rs	9/10	90.00%
src/nonce/mod.rs	46/61	75.41%
src/signature_verifier/dispatch.rs	19/20	95.00%
src/signature_verifier/mod.rs	13/17	76.47%
src/stablecoin_dex/dispatch.rs	92/93	98.92%
src/stablecoin_dex/mod.rs	910/963	94.50%
src/stablecoin_dex/order.rs	126/154	81.82%
src/stablecoin_dex/orderbook.rs	157/216	72.69%
src/storage/evm.rs	192/221	86.88%
src/storage/hashmap.rs	0/158	0.00%
src/storage/mod.rs	27/27	100.00%
src/storage/packing.rs	68/93	73.12%
src/storage/thread_local.rs	165/227	72.69%
src/storage/types/array.rs	0/72	0.00%
src/storage/types/bytes_like.rs	79/162	48.77%
src/storage/types/mapping.rs	27/48	56.25%
src/storage/types/mod.rs	67/91	73.63%
src/storage/types/primitives.rs	21/24	87.50%
src/storage/types/set.rs	28/192	14.58%
src/storage/types/slot.rs	55/81	67.90%
src/storage/types/vec.rs	101/246	41.06%
src/tip20/dispatch.rs	149/165	90.30%
src/tip20/mod.rs	590/693	85.14%
src/tip20/rewards.rs	238/252	94.44%
src/tip20/roles.rs	107/110	97.27%
src/tip20_factory/dispatch.rs	17/18	94.44%
src/tip20_factory/mod.rs	105/125	84.00%
src/tip403_registry/dispatch.rs	55/56	98.21%
src/tip403_registry/mod.rs	334/371	90.03%
src/tip_fee_manager/amm.rs	287/364	78.85%
src/tip_fee_manager/dispatch.rs	81/83	97.59%
src/tip_fee_manager/mod.rs	71/136	52.21%
src/validator_config/dispatch.rs	38/52	73.08%
src/validator_config/mod.rs	171/227	75.33%
src/validator_config_v2/dispatch.rs	71/73	97.26%
src/validator_config_v2/mod.rs	552/611	90.34%

contracts

Coverage: 1/217 lines (0.46%)

File details

File	Lines	Coverage
src/lib.rs	1/1	100.00%
src/precompiles/account_keychain.rs	0/37	0.00%
src/precompiles/address_registry.rs	0/9	0.00%
src/precompiles/nonce.rs	0/18	0.00%
src/precompiles/signature_verifier.rs	0/3	0.00%
src/precompiles/stablecoin_dex.rs	0/12	0.00%
src/precompiles/tip20.rs	0/49	0.00%
src/precompiles/tip20_factory.rs	0/9	0.00%
src/precompiles/tip403_registry.rs	0/15	0.00%
src/precompiles/tip_fee_manager.rs	0/15	0.00%
src/precompiles/validator_config.rs	0/13	0.00%
src/precompiles/validator_config_v2.rs	0/36	0.00%

Total: 5682/7962 lines (71.36%)

📦 Download full HTML report

[tempoxyz-bot]

👁️ Cyclops Review — No actionable findings.

This PR implements TIP-1056 (keep order IDs across flips on T5+). All six worker iterations across two workers (domain audit, ripple analysis, invariant breaking) returned NO_FINDING. Linked-list and tick-bitmap integrity hold for same-tick "locked book" flips, escrow/refund rounding is symmetric (Up/Up for bids, exact for asks), atomicity is enforced by an inner CheckpointGuard, system errors propagate on T1A+, and the keep_record flag prevents orphaned records on flip failure. T5 is dormant on all chains, so the new path is not yet active in production.

Reviewer Callouts

• ⚡ TIP-1055 storage version upgrade (future work): TIP-1056 §Rewritten state mandates that when TIP-1055 is active, a flip rewriting a v0 order MUST upgrade it to v1 and clear deprecated slot 0. TIP-1055 is not implemented in this PR; flip_in_place currently writes the whole record via Storable::write. When TIP-1055 lands, flip_in_place will need version-upgrade logic.
• ⚡ "Only changed slots written" gas-MUST: Spec §74 says the implementation MUST write only order-record slots whose post-flip contents differ. commit_order_to_book currently writes the entire Order. Spec compliance / gas concern, not a security issue, and not enforced by any invariant test.
• ⚡ Off-chain indexer / UI breaking change: External consumers tracking active liquidity via OrderPlaced + OrderCancelled alone will misclassify flipped orders on T5+. They MUST subscribe to OrderFlipped to maintain correct state. Documented in TIP-1056 §Compatibility but worth surfacing in release notes.
• ⚡ cancel(orderId) semantics on T5+: After a flip, cancel(id) refunds the current (post-flip) escrow token, which differs from the pre-flip token. Net economic value to the maker is preserved, so this is not a fund-loss path, but UIs/contracts that pre-signed cancellations expecting a specific token must adapt.
• ⚡ tips/verify/test/StablecoinDEX.t.sol::test_FlipOrderExecution (line 363): Hard-codes pre-T5 expectations (OrderPlaced(2,...), nextOrderId == 3). Will silently break when foundry.toml's default fork moves to T5+ unless updated to expect OrderFlipped and unchanged nextOrderId.
• ⚡ Quote functions vs. flip semantics: quote_exact_in/out walk one side of the book and don't model what happens if a swap path crosses freshly-flipped liquidity at a same-tick locked book. Pre-existing limitation (cf. SIGP-TMPO3-33), unchanged by this PR.
• ⚡ HashMapStorageProvider checkpoint behavior in tests: test_flip_in_place_failure_no_orphan_t5 relies on checkpoint_revert rolling back emitted events under the test storage provider. Worth a quick spot-check that the test-only provider really does revert logs.