fix(contracts): fix contract audit findings

contracts/contracts/gateway/GatewayManagerFacet.sol

@@ -27,6 +27,8 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
     using AssetHelper for Asset;
     using EnumerableSet for EnumerableSet.Bytes32Set;
 
+    event SubnetDestroyed(SubnetID id);
+
     /// @notice register a subnet in the gateway. It is called by a subnet when it reaches the threshold stake
     /// @dev The subnet can optionally pass a genesis circulating supply that would be pre-allocated in the
     /// subnet from genesis (without having to wait for the subnet to be spawned to propagate the funds).
@@ -37,13 +39,6 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
             revert MethodNotAllowed(ERR_CHILD_SUBNET_NOT_ALLOWED);
         }
 
-        if (genesisCircSupply > 0) {
-            SubnetActorGetterFacet(msg.sender).supplySource().lock(genesisCircSupply);
-        }
-        if (collateral > 0) {
-            SubnetActorGetterFacet(msg.sender).collateralSource().lock(collateral);
-        }
-
         SubnetID memory subnetId = s.networkName.createSubnetId(msg.sender);
 
         (bool registered, Subnet storage subnet) = LibGateway.getSubnet(subnetId);
@@ -58,6 +53,13 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
 
         s.subnetKeys.add(subnetId.toHash());
         s.totalSubnets += 1;
+
+        if (genesisCircSupply > 0) {
+            SubnetActorGetterFacet(msg.sender).supplySource().lock(genesisCircSupply);
+        }
+        if (collateral > 0) {
+            SubnetActorGetterFacet(msg.sender).collateralSource().lock(collateral);
+        }
     }
 
     /// @notice addStake - add collateral for an existing subnet
@@ -72,7 +74,6 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
         SubnetActorGetterFacet(msg.sender).collateralSource().lock(amount);
 
         (bool registered, Subnet storage subnet) = LibGateway.getSubnet(msg.sender);
-
         if (!registered) {
             revert NotRegisteredSubnet();
         }
@@ -126,6 +127,8 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
 
         s.subnetKeys.remove(id);
         SubnetActorGetterFacet(msg.sender).collateralSource().transferFunds(payable(msg.sender), stake);
+
+        emit SubnetDestroyed(subnet.id);
     }
 
     /// @notice credits the received value to the specified address in the specified child subnet.

contracts/contracts/gateway/GatewayMessengerFacet.sol

@@ -45,7 +45,7 @@ contract GatewayMessengerFacet is GatewayActorModifiers {
         }
 
         // We prevent the sender from being an EoA.
-        if (!(msg.sender.code.length > 0)) {
+        if (msg.sender.code.length == 0) {
             revert InvalidXnetMessage(InvalidXnetMessageReason.Sender);
         }
 

contracts/contracts/lib/LibSubnetActor.sol

@@ -120,7 +120,7 @@ library LibSubnetActor {
 
         uint256 length = validators.length;
 
-        if (length <= s.minValidators) {
+        if (length < s.minValidators) {
             revert NotEnoughGenesisValidators();
         }
 

contracts/contracts/subnet/SubnetActorManagerFacet.sol

@@ -24,6 +24,9 @@ contract SubnetActorManagerFacet is SubnetActorModifiers, ReentrancyGuard, Pausa
     using LibValidatorSet for ValidatorSet;
     using Address for address payable;
 
+    event ValidatorGaterUpdated(address oldGater, address newGater);
+    event NewBootstrapNode(string netAddress, address owner);
+
     /// @notice method to add some initial balance into a subnet that hasn't yet bootstrapped.
     /// @dev This balance is added to user addresses in genesis, and becomes part of the genesis
     /// circulating supply.
@@ -73,8 +76,13 @@ contract SubnetActorManagerFacet is SubnetActorModifiers, ReentrancyGuard, Pausa
         }
     }
 
+    /// @notice Sets the validator gater contract implementation
+    /// @param gater The addresse of validator gater implementation.
     function setValidatorGater(address gater) external notKilled {
         LibDiamond.enforceIsContractOwner();
+
+        emit ValidatorGaterUpdated(s.validatorGater, gater);
+
         s.validatorGater = gater;
     }
 
@@ -255,7 +263,7 @@ contract SubnetActorManagerFacet is SubnetActorModifiers, ReentrancyGuard, Pausa
             // check if the validator had some initial balance and return it if not bootstrapped
             uint256 genesisBalance = s.genesisBalance[msg.sender];
             if (genesisBalance != 0) {
-                s.genesisBalance[msg.sender] == 0;
+                delete s.genesisBalance[msg.sender];
                 s.genesisCircSupply -= genesisBalance;
                 LibSubnetActor.rmAddressFromBalanceKey(msg.sender);
                 s.collateralSource.transferFunds(payable(msg.sender), genesisBalance);
@@ -284,7 +292,7 @@ contract SubnetActorManagerFacet is SubnetActorModifiers, ReentrancyGuard, Pausa
 
     /// @notice Add a bootstrap node.
     /// @param netAddress The network address of the new bootstrap node.
-    function addBootstrapNode(string memory netAddress) external whenNotPaused {
+    function addBootstrapNode(string calldata netAddress) external whenNotPaused {
         if (!s.validatorSet.isActiveValidator(msg.sender)) {
             revert NotValidator(msg.sender);
         }
@@ -294,5 +302,7 @@ contract SubnetActorManagerFacet is SubnetActorModifiers, ReentrancyGuard, Pausa
         s.bootstrapNodes[msg.sender] = netAddress;
         // slither-disable-next-line unused-return
         s.bootstrapOwners.add(msg.sender);
+
+        emit NewBootstrapNode(netAddress, msg.sender);
     }
 }

contracts/test/integration/SubnetActorDiamond.t.sol

@@ -1584,7 +1584,7 @@ contract SubnetActorDiamondTest is Test, IntegrationTestBase {
             gatewayAddress,
             ConsensusType.Fendermint,
             DEFAULT_MIN_VALIDATOR_STAKE,
-            DEFAULT_MIN_VALIDATORS,
+            2,
             DEFAULT_CHECKPOINT_PERIOD,
             DEFAULT_MAJORITY_PERCENTAGE,
             PermissionMode.Federated,