Skip to content

Commit

Permalink
Merge branch 'develop' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
gzeoneth authored Sep 12, 2024
2 parents eba92ac + 31c0768 commit 81cc272
Show file tree
Hide file tree
Showing 14 changed files with 254 additions and 79 deletions.
24 changes: 5 additions & 19 deletions .github/workflows/audit-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,39 +10,25 @@ on:
- develop

jobs:
install:
name: 'Install'
yarn-audit:
name: Audit
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18, 20]
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

- name: Set up Node.js
uses: actions/setup-node@v3
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}

- name: Install node_modules
uses: OffchainLabs/actions/node-modules/install@main

yarn-audit:
name: Audit
runs-on: ubuntu-latest
needs: install
steps:
- name: Checkout
uses: actions/checkout@v3

- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}

- name: Restore node_modules
uses: OffchainLabs/actions/node-modules/restore@main
cache-key: ${{ runner.os }}-yarn-${{ hashFiles('yarn.lock') }}-${{ matrix.node-version }}

- name: Run audit
run: yarn audit:ci
7 changes: 5 additions & 2 deletions .github/workflows/contract-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,10 @@ jobs:
files: ./contracts/coverage.json
verbose: false
token: ${{ secrets.CODECOV_TOKEN }}

- name: Upload 4bytes
run: yarn upload-4bytes

test-4844:
name: 4844 tests
runs-on: ubuntu-latest
Expand All @@ -123,9 +127,8 @@ jobs:
with:
version: nightly

- uses: OffchainLabs/actions/run-nitro-test-node@test-node-args
- uses: OffchainLabs/actions/run-nitro-test-node@main
with:
nitro-testnode-ref: deneb-integration
args: --pos
no-token-bridge: true

Expand Down
12 changes: 11 additions & 1 deletion audit-ci.jsonc
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,16 @@
// Prototype Pollution in async
"GHSA-fwr7-v2mv-hh25",
// ws affected by a DoS when handling a request with many HTTP headers
"GHSA-3h5v-q93c-6h6q"
"GHSA-3h5v-q93c-6h6q",
// Elliptic allows BER-encoded signatures - only used in dev
"GHSA-49q7-c7j4-3p7m",
// Elliptic's EDDSA missing signature length check - only used in dev
"GHSA-f7q4-pwc6-w24p",
// Elliptic's ECDSA missing check for whether leading bit of r and s is zero - only used in dev
"GHSA-977x-g7h5-7qgw",
// Server-Side Request Forgery in axios
"GHSA-8hc4-vh64-cxmj",
// Regular Expression Denial of Service (ReDoS) in micromatch
"GHSA-952p-6rrq-rcjv"
]
}
30 changes: 22 additions & 8 deletions hardhat.config.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import '@nomiclabs/hardhat-waffle'
import 'hardhat-deploy'
import '@nomiclabs/hardhat-ethers'
import '@nomiclabs/hardhat-etherscan'
import '@nomicfoundation/hardhat-verify'
import '@typechain/hardhat'
import 'solidity-coverage'
import 'hardhat-gas-reporter'
Expand Down Expand Up @@ -110,8 +110,8 @@ module.exports = {
? [process.env['DEVNET_PRIVKEY']]
: [],
},
rinkeby: {
url: 'https://rinkeby.infura.io/v3/' + process.env['INFURA_KEY'],
holesky: {
url: 'https://holesky.infura.io/v3/' + process.env['INFURA_KEY'],
accounts: process.env['DEVNET_PRIVKEY']
? [process.env['DEVNET_PRIVKEY']]
: [],
Expand Down Expand Up @@ -146,6 +146,18 @@ module.exports = {
? [process.env['MAINNET_PRIVKEY']]
: [],
},
base: {
url: 'https://mainnet.base.org',
accounts: process.env['MAINNET_PRIVKEY']
? [process.env['MAINNET_PRIVKEY']]
: [],
},
baseSepolia: {
url: 'https://sepolia.base.org',
accounts: process.env['DEVNET_PRIVKEY']
? [process.env['DEVNET_PRIVKEY']]
: [],
},
geth: {
url: 'http://localhost:8545',
},
Expand All @@ -155,12 +167,14 @@ module.exports = {
mainnet: process.env['ETHERSCAN_API_KEY'],
goerli: process.env['ETHERSCAN_API_KEY'],
sepolia: process.env['ETHERSCAN_API_KEY'],
rinkeby: process.env['ETHERSCAN_API_KEY'],
holesky: process.env['ETHERSCAN_API_KEY'],
arbitrumOne: process.env['ARBISCAN_API_KEY'],
arbitrumTestnet: process.env['ARBISCAN_API_KEY'],
nova: process.env['NOVA_ARBISCAN_API_KEY'],
arbGoerliRollup: process.env['ARBISCAN_API_KEY'],
arbSepolia: process.env['ARBISCAN_API_KEY'],
base: process.env['BASESCAN_API_KEY'],
baseSepolia: process.env['BASESCAN_API_KEY'],
},
customChains: [
{
Expand All @@ -183,8 +197,8 @@ module.exports = {
network: 'arbSepolia',
chainId: 421614,
urls: {
apiURL: 'https://sepolia-explorer.arbitrum.io/api',
browserURL: 'https://sepolia-explorer.arbitrum.io/',
apiURL: 'https://api-sepolia.arbiscan.io/api',
browserURL: 'https://sepolia.arbiscan.io/',
},
},
],
Expand All @@ -200,6 +214,6 @@ module.exports = {
target: 'ethers-v5',
},
contractSizer: {
strict: true
}
strict: true,
},
}
5 changes: 4 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@
"test:storage": "./test/storage/test.bash",
"test:signatures": "./test/signatures/test-sigs.bash",
"test:e2e": "hardhat test test/e2e/*.ts",
"test:update": "yarn run test:signatures || yarn run test:storage",
"metadatahash": "yarn build:all && hardhat run scripts/printMetadataHashes.ts",
"upload-4bytes": "forge build && find ./out -type f -name \"*.json\" -exec cast upload-signature {} + | grep -v Duplicated:",
"postinstall": "patch-package",
"deploy-factory": "hardhat run scripts/deployment.ts",
"deploy-eth-rollup": "hardhat run scripts/createEthRollup.ts",
Expand All @@ -57,8 +60,8 @@
"devDependencies": {
"@arbitrum/sdk": "^3.4.1",
"@ethersproject/providers": "^5.7.2",
"@nomicfoundation/hardhat-verify": "^2.0.9",
"@nomiclabs/hardhat-ethers": "npm:hardhat-deploy-ethers@^0.3.0-beta.13",
"@nomiclabs/hardhat-etherscan": "^3.1.0",
"@nomiclabs/hardhat-waffle": "^2.0.1",
"@tovarishfin/hardhat-yul": "^3.0.5",
"@typechain/ethers-v5": "^10.0.0",
Expand Down
2 changes: 1 addition & 1 deletion scripts/createEthRollup.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ import '@nomiclabs/hardhat-ethers'
import { createRollup } from './rollupCreation'

async function main() {
const feeToken = undefined
const feeToken = ethers.constants.AddressZero
const rollupCreatorAddress = process.env.ROLLUP_CREATOR_ADDRESS
if (!rollupCreatorAddress) {
throw new Error('ROLLUP_CREATOR_ADDRESS not set')
Expand Down
18 changes: 17 additions & 1 deletion scripts/deployment.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,26 @@
import { ethers } from 'hardhat'
import '@nomiclabs/hardhat-ethers'
import { deployAllContracts } from './deploymentUtils'
import { deployAllContracts, _isRunningOnArbitrum } from './deploymentUtils'
import { maxDataSize } from './config'

import {
ArbSys__factory
} from '../build/types'

async function main() {
const [signer] = await ethers.getSigners()

console.log('Deploying contracts with maxDataSize:', maxDataSize)
if (process.env['IGNORE_MAX_DATA_SIZE_WARNING'] !== 'true') {
let isArbitrum = await _isRunningOnArbitrum(signer)
if (isArbitrum && maxDataSize as any !== 104857) {
throw new Error('maxDataSize should be 104857 when the parent chain is Arbitrum (set IGNORE_MAX_DATA_SIZE_WARNING to ignore)')
} else if (!isArbitrum && maxDataSize as any !== 117964) {
throw new Error('maxDataSize should be 117964 when the parent chain is not Arbitrum (set IGNORE_MAX_DATA_SIZE_WARNING to ignore)')
}
} else {
console.log('Ignoring maxDataSize warning')
}

try {
// Deploying all contracts
Expand Down
73 changes: 64 additions & 9 deletions scripts/deploymentUtils.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import { ethers } from 'hardhat'
import { ContractFactory, Contract, Overrides, BigNumber } from 'ethers'
import { ContractFactory, Contract, Overrides, BigNumber, Wallet } from 'ethers'
import '@nomiclabs/hardhat-ethers'
import { run } from 'hardhat'
import {
Expand All @@ -9,13 +9,15 @@ import {
import { Toolkit4844 } from '../test/contract/toolkit4844'
import {
ArbOwner__factory,
ArbOwnerPublic__factory,
ArbSys__factory,
CacheManager__factory,
} from '../build/types'

const INIT_CACHE_SIZE = 536870912
const INIT_DECAY = 10322197911
const ARB_OWNER_ADDRESS = '0x0000000000000000000000000000000000000070'
const ARB_OWNER_PUBLIC_ADDRESS = '0x000000000000000000000000000000000000006b'
const ARB_SYS_ADDRESS = '0x0000000000000000000000000000000000000064'

// Define a verification function
Expand All @@ -32,9 +34,11 @@ export async function verifyContract(
contract?: string
address: string
constructorArguments: any[]
force: boolean
} = {
address: contractAddress,
constructorArguments: constructorArguments,
force: true,
}

// if contractPathAndName is provided, add it to the verification options
Expand All @@ -45,8 +49,15 @@ export async function verifyContract(
await run('verify:verify', verificationOptions)
console.log(`Verified contract ${contractName} successfully.`)
} catch (error: any) {
if (error.message.includes('Already Verified')) {
if (error.message.toLowerCase().includes('already verified')) {
console.log(`Contract ${contractName} is already verified.`)
} else if (error.message.includes('does not have bytecode')) {
await verifyContract(
contractName,
contractAddress,
constructorArguments,
contractPathAndName
)
} else {
console.error(
`Verification for ${contractName} failed with the following error: ${error.message}`
Expand All @@ -69,11 +80,21 @@ export async function deployContract(
let deploymentArgs = [...constructorArgs]
if (overrides) {
deploymentArgs.push(overrides)
} else {
// overrides = {
// maxFeePerGas: ethers.utils.parseUnits('5.0', 'gwei'),
// maxPriorityFeePerGas: ethers.utils.parseUnits('0.01', 'gwei')
// }
// deploymentArgs.push(overrides)
}

const contract: Contract = await connectedFactory.deploy(...deploymentArgs)
await contract.deployTransaction.wait()
console.log(`New ${contractName} created at address:`, contract.address)
console.log(
`* New ${contractName} created at address: ${
contract.address
} ${constructorArgs.join(' ')}`
)

if (verify)
await verifyContract(contractName, contract.address, constructorArgs)
Expand Down Expand Up @@ -207,6 +228,7 @@ export async function deployAllContracts(
)
const rollupUser = await deployContract('RollupUserLogic', signer, [], verify)
const upgradeExecutor = await deployUpgradeExecutor(signer)
await upgradeExecutor.deployTransaction.wait()
const validatorUtils = await deployContract(
'ValidatorUtils',
signer,
Expand All @@ -226,6 +248,15 @@ export async function deployAllContracts(
verify
)
const deployHelper = await deployContract('DeployHelper', signer, [], verify)
if (verify && !process.env.DISABLE_VERIFICATION) {
// Deploy RollupProxy contract only for verification, should not be used anywhere else
await deployContract(
'RollupProxy',
signer,
[],
verify
)
}
return {
bridgeCreator,
prover0,
Expand All @@ -245,42 +276,66 @@ export async function deployAllContracts(
}

export async function deployAndSetCacheManager(
chainOwnerWallet: any,
chainOwnerWallet: Wallet,
verify: boolean = true
) {
// deploy CacheManager
const cacheManagerLogic = await deployContract(
'CacheManager',
chainOwnerWallet,
[],
verify
)

const proxyAdmin = await deployContract(
'ProxyAdmin',
chainOwnerWallet,
[],
verify
)

const cacheManagerProxy = await deployContract(
'TransparentUpgradeableProxy',
chainOwnerWallet,
[cacheManagerLogic.address, proxyAdmin.address, '0x'],
verify
)

// initialize CacheManager
const cacheManager = CacheManager__factory.connect(
cacheManagerProxy.address,
chainOwnerWallet
)

await (await cacheManager.initialize(INIT_CACHE_SIZE, INIT_DECAY)).wait()

const arbOwner = ArbOwner__factory.connect(
/// add CacheManager to ArbOwner
const arbOwnerAccount = (
await ArbOwnerPublic__factory.connect(
ARB_OWNER_PUBLIC_ADDRESS,
chainOwnerWallet
).getAllChainOwners()
)[0]

const arbOwnerPrecompile = ArbOwner__factory.connect(
ARB_OWNER_ADDRESS,
chainOwnerWallet
)
await (await arbOwner.addWasmCacheManager(cacheManagerProxy.address)).wait()
if ((await chainOwnerWallet.provider.getCode(arbOwnerAccount)) === '0x') {
// arb owner is EOA, add cache manager directly
await (
await arbOwnerPrecompile.addWasmCacheManager(cacheManagerProxy.address)
).wait()
} else {
// assume upgrade executor is arb owner
const upgradeExecutor = new ethers.Contract(
arbOwnerAccount,
UpgradeExecutorABI,
chainOwnerWallet
)
const data = arbOwnerPrecompile.interface.encodeFunctionData(
'addWasmCacheManager',
[cacheManagerProxy.address]
)
await (await upgradeExecutor.executeCall(ARB_OWNER_ADDRESS, data)).wait()
}

return cacheManagerProxy
}
Expand Down
Loading

0 comments on commit 81cc272

Please sign in to comment.