hermes-agent [ Crypto ] Fix cross-chain replay attack in CrossChainBridge signature verification

[KK88100]

Issue

Closes #920

Summary

Added EIP-712 typed data signing to CrossChainBridge's processTransfer function to prevent cross-chain replay attacks. The signed message hash now includes block.chainid, the contract address, and the transfer nonce. Added ecrecover zero-address check in verifySignature. Created Foundry test suite covering all acceptance criteria.

Acceptance Criteria

• Signed messages include chain ID, nonce, and contract address
• Same message cannot be replayed on a different chain (digest includes block.chainid)
• Same message cannot be replayed on the same chain (already-processed check on digest)
• Contract upgrade does not allow old message replay (digest includes address(this))
• ecrecover zero-address result is rejected as invalid signature
• EIP-712 domain separator correctly constructed with name, version, chainId, and verifyingContract
• Nonce is queryable per sender for frontend integration
• Tests cover: cross-chain replay, same-chain replay, post-upgrade replay, invalid signature, EIP-712 verification
• Included contributor_meta.json

Tests

Tests added in solidity/test/CrossChainBridge.t.sol using Foundry covering all acceptance criteria.

Payment address (USDT TRC20): TXjaadYhD579e3bCWKnRFKjRq9RZQL7WNj

[KK88100]

Payment address for bounty (USDT TRC20): TXjaadYhD579e3bCWKnRFKjRq9RZQL7WNj

[github-actions]

Unfortunately the changes in this PR didn't fully resolve the issue. Please rework your solution and submit a new pull request.

Make sure to review the acceptance criteria in the linked issue and verify all conditions are met before resubmitting. See CONTRIBUTING.md for guidelines.