Merge branch 'main' into main

OffchainLabs · Sep 12, 2024 · eba92ac · eba92ac
2 parents 0a83b6b + fbbcef0
commit eba92ac
Show file tree

Hide file tree

Showing 111 changed files with 8,194 additions and 7,670 deletions.
diff --git a/.github/workflows/audit-ci.yml b/.github/workflows/audit-ci.yml
@@ -0,0 +1,48 @@
+name: Audit NPM packages
+
+on:
+  workflow_dispatch:
+  pull_request:
+  merge_group:
+  push:
+    branches:
+      - main
+      - develop
+
+jobs:
+  install:
+    name: 'Install'
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [18, 20]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Install node_modules
+        uses: OffchainLabs/actions/node-modules/install@main
+
+  yarn-audit:
+    name: Audit
+    runs-on: ubuntu-latest
+    needs: install
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Restore node_modules
+        uses: OffchainLabs/actions/node-modules/restore@main
+
+      - name: Run audit
+        run: yarn audit:ci
diff --git a/.github/workflows/contract-tests.yml b/.github/workflows/contract-tests.yml
@@ -26,7 +26,7 @@ jobs:
       - name: Setup node/yarn
         uses: actions/setup-node@v3
         with:
-          node-version: 16
+          node-version: 18
           cache: 'yarn'
           cache-dependency-path: '**/yarn.lock'
 
@@ -85,12 +85,21 @@ jobs:
       - name: Forge build
         run: forge build
 
+      - name: Test size
+        run: yarn contract:size
+
       - name: Test Storage Layouts
         run: yarn run test:storage
 
       - name: Test function signatures
         run: yarn run test:signatures
 
+      - name: Run unused Solidity errors checker
+        uses: OffchainLabs/actions/check-unused-errors@main
+        with:
+          directory: './src'
+          exceptions_file: './test/unused-errors/exceptions.txt'
+
       - name: Run coverage
         run: yarn hardhat coverage --testfiles "test/contract/*.spec.ts"
 
@@ -123,7 +132,7 @@ jobs:
       - name: Setup nodejs
         uses: actions/setup-node@v2
         with:
-          node-version: '18'
+          node-version: 18
           cache: 'yarn'
           cache-dependency-path: '**/yarn.lock'
 
@@ -135,3 +144,95 @@ jobs:
 
       - name: Test 4844
         run: yarn test:4844
+  test-e2e:
+    name: Test e2e
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - uses: OffchainLabs/actions/run-nitro-test-node@main
+        with:
+          l3-node: true
+          no-token-bridge: true
+          no-l3-token-bridge: true
+          nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
+
+      - name: Setup node/yarn
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: 'yarn'
+          cache-dependency-path: '**/yarn.lock'
+
+      - name: Install packages
+        run: yarn
+
+      - name: Compile contracts
+        run: yarn build
+
+      - name: Run e2e tests
+        run: yarn test:e2e
+  test-e2e-custom-fee-token:
+    name: Test e2e custom fee token
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - uses: OffchainLabs/actions/run-nitro-test-node@main
+        with:
+          l3-node: true
+          args: --l3-fee-token
+          no-token-bridge: true
+          no-l3-token-bridge: true
+          nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
+
+      - name: Setup node/yarn
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: 'yarn'
+          cache-dependency-path: '**/yarn.lock'
+
+      - name: Install packages
+        run: yarn
+
+      - name: Compile contracts
+        run: yarn build
+
+      - name: Run e2e tests
+        run: yarn test:e2e
+  test-e2e-fee-token-6-decimals:
+    name: Test e2e fee token with 6 decimals
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - uses: OffchainLabs/actions/run-nitro-test-node@main
+        with:
+          l3-node: true
+          args: --l3-fee-token --l3-fee-token-decimals 6
+          no-token-bridge: true
+          no-l3-token-bridge: true
+          nitro-contracts-branch: '${{ github.event.pull_request.head.sha || github.sha }}'
+
+      - name: Setup node/yarn
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: 'yarn'
+          cache-dependency-path: '**/yarn.lock'
+
+      - name: Install packages
+        run: yarn
+
+      - name: Compile contracts
+        run: yarn build
+
+      - name: Run e2e tests
+        run: yarn test:e2e
diff --git a/.github/workflows/slither.yml b/.github/workflows/slither.yml
@@ -0,0 +1,25 @@
+name: Slither Analysis
+
+on:
+  workflow_dispatch:
+  pull_request:
+
+jobs:
+  analyze:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run Slither
+        uses: crytic/[email protected]
+        id: slither
+        with:
+          sarif: results.sarif
+          fail-on: medium
+          slither-args: --skip-assembly
+
+      - name: Upload SARIF file
+        if: always()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.slither.outputs.sarif }}
diff --git a/.prettierignore b/.prettierignore
@@ -7,3 +7,4 @@ src/lib/abi/**
 .nyc_output
 out/**
 lib/**
+src/mocks/MultiCallTest.sol
diff --git a/README.md b/README.md
@@ -20,7 +20,7 @@ yarn build
 
 ## License
 
-Nitro is currently licensed under a [Business Source License](./LICENSE), similar to our friends at Uniswap and Aave, with an "Additional Use Grant" to ensure that everyone can have full comfort using and running nodes on all public Arbitrum chains.
+Nitro is currently licensed under a [Business Source License](./LICENSE.md), similar to our friends at Uniswap and Aave, with an "Additional Use Grant" to ensure that everyone can have full comfort using and running nodes on all public Arbitrum chains.
 
 The Additional Use Grant also permits the deployment of the Nitro software, in a permissionless fashion and without cost, as a new blockchain provided that the chain settles to either Arbitrum One or Arbitrum Nova.
 

diff --git a/audit-ci.jsonc b/audit-ci.jsonc
@@ -0,0 +1,60 @@
+{
+  "$schema": "https://github.com/IBM/audit-ci/raw/main/docs/schema.json",
+  "low": true,
+  "allowlist": [
+    // OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
+    "GHSA-4g63-c64m-25w9",
+    // OpenZeppelin Contracts's GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals
+    "GHSA-xrc4-737v-9q75",
+    // OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
+    "GHSA-qh9x-gcfh-pcrw",
+    // OpenZeppelin Contracts vulnerable to ECDSA signature malleability. Only an issue for the functions that take a single `bytes` argument, and not the functions that take `r, v, s` or `r, vs` as separate arguments.
+    "GHSA-4h98-2769-gh6h",
+    // GovernorCompatibilityBravo may trim proposal calldata
+    "GHSA-93hq-5wgc-jc82",
+    // OpenZeppelin Contracts ERC165Checker unbounded gas consumption
+    "GHSA-7grf-83vw-6f5x",
+    // OpenZeppelin: Using ERC2771Context with a custom forwarder can yield address(0)
+    "GHSA-g4vp-m682-qqmp",
+    // OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
+    "GHSA-mx2q-35m2-x2rh",
+    // OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
+    "GHSA-5h3x-9wvq-w4m2",
+    // axios cookies data-privacy issue; used only in hardhat-deploy and sol2uml (dev deps)
+    "GHSA-wf5p-g6vw-rhxx",
+    // flat vulnerable to Prototype Pollution
+    "GHSA-2j2x-2gpw-g8fm",
+    // regular expression DoS in debug
+    "GHSA-gxpj-cx7g-858c",
+    // tough-cookie Prototype Pollution vulnerability; used only via eth-gas-reporter
+    "GHSA-72xf-g2v4-qvf3",
+    // minimatch ReDoS vulnerability
+    "GHSA-f8q6-p94x-37v3",
+    // Server-Side Request Forgery in Request
+    "GHSA-p8p7-x288-28g6",
+    //  OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees; unused
+    "GHSA-wprv-93r4-jj2p",
+    //  follow-redirects improperly handles URLs in the url.parse() function
+    "GHSA-jchw-25xp-jwwc",
+    // yargs-parser Vulnerable to Prototype Pollution
+    "GHSA-p9pc-299p-vxgp",
+    // Axios vulnerable to Server-Side Request Forgery
+    "GHSA-4w2v-q235-vp99",
+    // axios Inefficient Regular Expression Complexity vulnerability
+    "GHSA-cph5-m8f7-6c5x",
+    // Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects
+    "GHSA-pw2r-vq6v-hr8c",
+    // Exposure of sensitive information in follow-redirects
+    "GHSA-74fj-2j2h-c42q",
+    // Open Zeppelin: Base64 encoding may read from potentially dirty memory
+    "GHSA-9vx6-7xxf-x967",
+    // semver vulnerable to Regular Expression Denial of Service
+    "GHSA-c2qf-rxjj-qqgw",
+    // follow-redirects' Proxy-Authorization header kept across hosts
+    "GHSA-cxjh-pqwp-8mfp",
+    // Prototype Pollution in async
+    "GHSA-fwr7-v2mv-hh25",
+    // ws affected by a DoS when handling a request with many HTTP headers
+    "GHSA-3h5v-q93c-6h6q"
+  ]
+}
diff --git a/foundry.toml b/foundry.toml
@@ -5,17 +5,23 @@ libs = ['node_modules', 'lib']
 test = 'test/foundry'
 cache_path  = 'forge-cache/sol'
 optimizer = true
-optimizer_runs = 20000
+optimizer_runs = 100
 via_ir = false
 solc_version = '0.8.9'
+remappings = ['ds-test/=lib/forge-std/lib/ds-test/src/',
+              'forge-std/=lib/forge-std/src/',
+              '@openzeppelin/contracts/=node_modules/@openzeppelin/contracts/',
+              '@openzeppelin/contracts-upgradeable/=node_modules/@openzeppelin/contracts-upgradeable/']
 
 [profile.yul]
 src = 'yul'
 out = 'out/yul'
 libs = ['node_modules', 'lib']
 cache_path  = 'forge-cache/yul'
+remappings = []
+auto_detect_remappings = false
 
 [fmt]
 number_underscore = 'thousands'
 line_length = 100
-# See more config options https://github.com/foundry-rs/foundry/tree/master/config
+# See more config options https://github.com/foundry-rs/foundry/tree/master/config
diff --git a/hardhat.config.ts b/hardhat.config.ts
@@ -5,6 +5,7 @@ import '@nomiclabs/hardhat-etherscan'
 import '@typechain/hardhat'
 import 'solidity-coverage'
 import 'hardhat-gas-reporter'
+import 'hardhat-contract-sizer'
 import 'hardhat-ignore-warnings'
 // import '@tovarishfin/hardhat-yul';
 import dotenv from 'dotenv'
@@ -23,7 +24,17 @@ const solidity = {
       },
     },
   ],
-  overrides: {},
+  overrides: {
+    'src/rollup/RollupUserLogic.sol': {
+      version: '0.8.9',
+      settings: {
+        optimizer: {
+          enabled: true,
+          runs: 0,
+        },
+      },
+    },
+  },
 }
 
 if (process.env['INTERFACE_TESTER_SOLC_VERSION']) {
@@ -188,4 +199,7 @@ module.exports = {
     outDir: 'build/types',
     target: 'ethers-v5',
   },
+  contractSizer: {
+    strict: true
+  }
 }