Redundant Security Checks & Code Bloat->Replace with Modifiers

[aniket866]

Addressed Issues:

closes #93

1. The "Is this a real invoice?" Check

• What it was: require(invoiceId < invoices.length, "Invalid invoice ID"); was written inside 4 different functions.

• What it changed to: We created a modifier called validInvoice. Now, we just type validInvoice(invoiceId) at the top of the function, and we deleted the require line from inside the functions.

2. The "Are you the creator?" Check

• What it was: require(msg.sender == invoice.from, "Only invoice creator can cancel"); inside the cancelInvoice function.

• What it changed to: We created the onlyCreator modifier. We attached it to the cancelInvoice door, ensuring only the sender can enter.

3. The "Are you the payer?" Check

• What it was: require(msg.sender == invoice.to, "Not authorized"); inside the payInvoice function.

• What it changed to: We created the onlyPayer modifier. We attached it to the payInvoice door, ensuring random people can't pay invoices meant for someone else.

4. The "Is the invoice still active?" Check

- What it was: Two lines checking require(!invoice.isPaid, "Already paid"); and require(!invoice.isCancelled, "Invoice is cancelled"); inside multiple functions.

• What it changed to: We grouped both of these into one modifier called invoiceActive.

Checklist

• My PR addresses a single issue, fixes a single bug or makes a single improvement.
• My code follows the project's code style and conventions.
• If applicable, I have made corresponding changes or additions to the documentation.
• If applicable, I have made corresponding changes or additions to tests.
• My changes generate no new warnings or errors.
• I have joined the Stability Nexus's Discord server and I will share a link to this PR with the project maintainers there.
• I have read the Contribution Guidelines.
• Once I submit my PR, CodeRabbit AI will automatically review it and I will address CodeRabbit's comments.

AI Usage Disclosure

Check one of the checkboxes below:

• This PR does not contain AI-generated code at all.
• This PR contains AI-generated code. I have tested the code locally and I am responsible for it.

I have used the following AI models and tools: TODO

⚠️ AI Notice - Important!

We encourage contributors to use AI tools responsibly when creating Pull Requests. While AI can be a valuable aid, it is essential to ensure that your contributions meet the task requirements, build successfully, include relevant tests, and pass all linters. Submissions that do not meet these standards may be closed without warning to maintain the quality and integrity of the project. Please take the time to understand the changes you are proposing and their impact.

Summary by CodeRabbit

• Refactor

  • Enhanced invoice operation security with improved validation and access controls for cancellation, payments, and status queries.

• Bug Fixes

  • Strengthened authorization checks to prevent unauthorized access to payment and invoice cancellation operations.

[coderabbitai]

Warning

Rate limit exceeded

@aniket866 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 14 minutes and 49 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 26fa1075-95ad-4ab8-b38a-4146bc674903

📥 Commits

Reviewing files that changed from the base of the PR and between c1fdc39 and e161320.

📒 Files selected for processing (1)

• contracts/src/Chainvoice.sol

Walkthrough

Introduced four reusable modifiers (validInvoice, onlyCreator, onlyPayer, invoiceActive) to centralize validation and access-control logic in the Chainvoice contract. Applied modifiers to four public functions, replacing inline require statements to reduce code redundancy and improve maintainability.

Changes

Cohort / File(s)	Summary
Chainvoice Access Control Refactoring contracts/src/Chainvoice.sol	Added four new modifiers for validation and access control (validInvoice, onlyCreator, onlyPayer, invoiceActive) and applied them to cancelInvoice, payInvoice, getPaymentStatus, and getInvoice functions to consolidate repeated require statements.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

Solidity Lang

Poem

🐰 Modifiers tidy, checks no longer spread,
Where once were require statements, now guards ahead,
Chainvoice grows cleaner, code compact and neat,
One rabbit's refactor makes the contract complete! ✨

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly summarizes the main change: replacing redundant security checks with modifiers to reduce code duplication and bloat.
Linked Issues check	✅ Passed	All coding objectives from issue #93 are met: validInvoice modifier added for invoiceId checks, onlyCreator for authorization, onlyPayer for payer checks, and invoiceActive for state validation.
Out of Scope Changes check	✅ Passed	All changes are scoped to replacing redundant require statements with modifiers in the specified functions; no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@contracts/src/Chainvoice.sol`:
- Around line 70-89: Replace the string-require checks in the modifiers
validInvoice, onlyCreator, onlyPayer, and invoiceActive with custom error
reverts to save gas and match existing contract style: use revert
InvalidInvoice() instead of require(invoiceId < invoices.length, "..."); revert
NotInvoiceCreator() for onlyCreator, revert NotPayer() for onlyPayer, and for
invoiceActive replace the two requires with revert InvoiceAlreadyPaid() and
revert InvoiceCancelled() respectively; ensure those custom error types are
declared (or reuse existing ones) and update any tests/usage accordingly.

---

ℹ️ Review info

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b83780d and c1fdc39.

📒 Files selected for processing (1)

• contracts/src/Chainvoice.sol

[SIDDHANTCOOKIE]

@DengreSarthak @kumawatkaran523 This is a clean maintainability improvement (less duplication, clearer access rule) and the implementation code looks correct to me

[github-actions]

⚠️ This PR has merge conflicts.

Please resolve the merge conflicts before review.

Your PR will only be reviewed by a maintainer after all conflicts have been resolved.

📺 Watch this video to understand why conflicts occur and how to resolve them:
https://www.youtube.com/watch?v=Sqsz1-o7nXk