diff --git a/src/tasks/sep/034-op-ink-sep-fusaka-prestate/.env b/src/tasks/sep/034-op-ink-sep-fusaka-prestate/.env new file mode 100644 index 000000000..7c96bef7d --- /dev/null +++ b/src/tasks/sep/034-op-ink-sep-fusaka-prestate/.env @@ -0,0 +1 @@ +TENDERLY_GAS=30000000 diff --git a/src/tasks/sep/034-op-ink-sep-fusaka-prestate/README.md b/src/tasks/sep/034-op-ink-sep-fusaka-prestate/README.md new file mode 100644 index 000000000..98874bbf3 --- /dev/null +++ b/src/tasks/sep/034-op-ink-sep-fusaka-prestate/README.md @@ -0,0 +1,21 @@ +# 034-op-ink-sep-fusaka-prestate + +Status: [DRAFT, NOT READY TO SIGN] + +## Objective + +This task uses `op-contract/v4.1.0` OPContractsManager to update the prestate of OP Sepolia and Ink Sepolia to the Fusaka compatible prestate. + +## Simulation & Signing + +Simulation commands for each safe: +```bash +cd src/tasks/sep/034-op-ink-sep-fusaka-prestate +SIMULATE_WITHOUT_LEDGER=1 SKIP_DECODE_AND_PRINT=1 just --dotenv-path $(pwd)/.env simulate +``` + +Signing commands for each safe: +```bash +cd src/tasks/sep/034-op-ink-sep-fusaka-prestate +SKIP_DECODE_AND_PRINT=1 just --dotenv-path $(pwd)/.env sign +``` diff --git a/src/tasks/sep/034-op-ink-sep-fusaka-prestate/VALIDATION.md b/src/tasks/sep/034-op-ink-sep-fusaka-prestate/VALIDATION.md new file mode 100644 index 000000000..6228ec8d7 --- /dev/null +++ b/src/tasks/sep/034-op-ink-sep-fusaka-prestate/VALIDATION.md @@ -0,0 +1,42 @@ +# Validation + +This document can be used to validate the inputs and result of the execution of the upgrade transaction which you are +signing. + +The steps are: + +1. [Validate the Domain and Message Hashes](#expected-domain-and-message-hashes) +2. [Verifying the state changes via the normalized state diff hash](#normalized-state-diff-hash-attestation) +3. [Verifying the transaction input](#understanding-task-calldata) +4. [Verifying the state changes](#task-state-changes) + +## Expected Domain and Message Hashes + +First, we need to validate the domain and message hashes. These values should match both the values on your ledger and +the values printed to the terminal when you run the task. + +> [!CAUTION] +> +> Before signing, ensure the below hashes match what is on your ledger. +> +> ### Security Council Safe (`0xf64bc17485f0B4Ea5F06A96514182FC4cB561977`) +> +> - Domain Hash: `0xbe081970e9fc104bd1ea27e375cd21ec7bb1eec56bfe43347c3e36c5d27b8533` +> - Message Hash: `0xa311fd9776ab0338d1680920fd903a3eeb8127b6157a7d8adb9c9250c51a3552` +> +> ### Foundation Safe (`0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B`) +> +> - Domain Hash: `0x37e1f5dd3b92a004a23589b741196c8a214629d4ea3a690ec8e41ae45c689cbb` +> - Message Hash: `0x0100ad527dc0a5bfde1487c1e459f345375c236cdcdd25855dbe4ce4a1ea023e` +## Normalized State Diff Hash Attestation + +The normalized state diff hash **MUST** match the hash produced by the state changes attested to in the state diff audit report. As a signer, you are responsible for verifying that this hash is correct. Please compare the hash below with the one in the audit report. If no audit report is available for this task, you must still ensure that the normalized state diff hash matches the output in your terminal. + +**Normalized hash:** `0x46c2ce3b0ad59afaa4b38c2240580cd823c763fc52dccb3b4e3631b7e500409e` + +## Task Calldata + +Calldata: +``` +0x82ad56cb0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000200000000000000000000000003bb6437aba031afbf9cb3538fa064161e2bf2d780000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000001049a72745b00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000002000000000000000000000000034edd2a225f7f429a63e0f1d2084b9e0a93b538000000000000000000000000189abaaaa82dfc015a588a7dbad6f13b1d3485bc0339db503776757491b9f3038bf6f1d37b7988a2f75e823fe2656c1352ef2f9100000000000000000000000005c993e60179f28bf649a2bb5b00b5f4283bd525000000000000000000000000d7db319a49362b2328cf417a934300cccb442c8d0339db503776757491b9f3038bf6f1d37b7988a2f75e823fe2656c1352ef2f9100000000000000000000000000000000000000000000000000000000 +``` \ No newline at end of file diff --git a/src/tasks/sep/034-op-ink-sep-fusaka-prestate/config.toml b/src/tasks/sep/034-op-ink-sep-fusaka-prestate/config.toml new file mode 100644 index 000000000..4cd40df06 --- /dev/null +++ b/src/tasks/sep/034-op-ink-sep-fusaka-prestate/config.toml @@ -0,0 +1,33 @@ +templateName = "OPCMUpdatePrestateV410" + +[[l2chains]] +chainId = 11155420 +name = "OP Sepolia Testnet" + +[[l2chains]] +chainId = 763373 +name = "Ink Sepolia Testnet" + +[[opcmUpgrades]] +chainId = 11155420 +absolutePrestate = "0x0339db503776757491b9f3038bf6f1d37b7988a2f75e823fe2656c1352ef2f91" # Fusaka Absolute Prestate published here https://github.com/ethereum-optimism/superchain-registry/blob/df5d4feb51f5d698d043a72ac2c6dfa9ce2a4afa/validation/standard/standard-prestates.toml#L6C7-L6C73 +expectedValidationErrors = "OVERRIDES-L1PAOMULTISIG,OVERRIDES-CHALLENGER" # The template provides PAO and Challenger overrides to the validator from the SCR. These simply indicate overrides were used. + +[[opcmUpgrades]] +chainId = 763373 +absolutePrestate = "0x0339db503776757491b9f3038bf6f1d37b7988a2f75e823fe2656c1352ef2f91" # Fusaka Absolute Prestate published here https://github.com/ethereum-optimism/superchain-registry/blob/df5d4feb51f5d698d043a72ac2c6dfa9ce2a4afa/validation/standard/standard-prestates.toml#L6C7-L6C73 +expectedValidationErrors = "OVERRIDES-L1PAOMULTISIG,OVERRIDES-CHALLENGER" # The template provides PAO and Challenger overrides to the validator from the SCR. These simply indicate overrides were used. + +[addresses] +OPCM = "0x3bb6437aba031afbf9cb3538fa064161e2bf2d78" # version 3.2.0 https://github.com/ethereum-optimism/superchain-registry/blob/40526b1288534f6b84b7aae21d13c0b5f5b12f47/validation/standard/standard-versions-sepolia.toml#L23 + +[stateOverrides] +0x1Eb2fFc903729a0F03966B917003800b145F56E2 = [ # L1PAO + {key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 37} +] +0xf64bc17485f0B4Ea5F06A96514182FC4cB561977 = [ # SC + {key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 48} +] +0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B = [ # FUS + {key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 51} +] diff --git a/src/template/OPCMUpdatePrestateV410.sol b/src/template/OPCMUpdatePrestateV410.sol new file mode 100644 index 000000000..723bf4082 --- /dev/null +++ b/src/template/OPCMUpdatePrestateV410.sol @@ -0,0 +1,165 @@ +// SPDX-License-Identifier: MIT +pragma solidity 0.8.15; + +import {ISystemConfig, IProxyAdmin} from "@eth-optimism-bedrock/interfaces/L1/IOPContractsManager.sol"; +import {IOPContractsManager} from "lib/optimism/packages/contracts-bedrock/interfaces/L1/IOPContractsManager.sol"; +import {Claim} from "@eth-optimism-bedrock/src/dispute/lib/Types.sol"; +import {VmSafe} from "forge-std/Vm.sol"; +import {stdToml} from "forge-std/StdToml.sol"; +import {console2 as console} from "forge-std/console2.sol"; +import {LibString} from "solady/utils/LibString.sol"; + +import {SuperchainAddressRegistry} from "src/SuperchainAddressRegistry.sol"; +import {OPCMTaskBase} from "src/tasks/types/OPCMTaskBase.sol"; +import {Action} from "src/libraries/MultisigTypes.sol"; + +/// @notice This template provides OPCM-based absolute prestate updates. +/// Supports: op-contracts/v4.1.0 +contract OPCMUpdatePrestateV410 is OPCMTaskBase { + using stdToml for string; + using LibString for string; + + /// @notice Struct to store inputs for OPCM.updatePrestate() function per l2 chain + struct OPCMUpgrade { + Claim absolutePrestate; + uint256 chainId; + string expectedValidationErrors; + } + + /// @notice Mapping of l2 chain IDs to their respective prestates + mapping(uint256 => OPCMUpgrade) public upgrades; + + /// @notice The Standard Validator returned by OPCM + IOPContractsManagerStandardValidator public STANDARD_VALIDATOR; + + /// @notice Returns the storage write permissions required for this task + function _taskStorageWrites() internal pure virtual override returns (string[] memory) { + string[] memory storageWrites = new string[](1); + storageWrites[0] = "DisputeGameFactoryProxy"; + return storageWrites; + } + + /// @notice Sets up the template with implementation configurations from a TOML file. + function _templateSetup(string memory taskConfigFilePath, address rootSafe) internal override { + super._templateSetup(taskConfigFilePath, rootSafe); + string memory tomlContent = vm.readFile(taskConfigFilePath); + + OPCMUpgrade[] memory _upgrades = abi.decode(tomlContent.parseRaw(".opcmUpgrades"), (OPCMUpgrade[])); + for (uint256 i = 0; i < _upgrades.length; i++) { + console.log("Adding upgrade - chainID: %s, absolutePrestate:", _upgrades[i].chainId); + console.logBytes32(Claim.unwrap(_upgrades[i].absolutePrestate)); + console.log("Expected errors: %s", _upgrades[i].expectedValidationErrors); + upgrades[_upgrades[i].chainId] = _upgrades[i]; + } + + address OPCM = tomlContent.readAddress(".addresses.OPCM"); + OPCM_TARGETS.push(OPCM); + require(IOPContractsManager(OPCM).version().eq("3.2.0"), "Incorrect OPCM - expected version 3.2.0"); + vm.label(OPCM, "OPCM"); + + // Fetch the validator directly from OPCM so it doesn't need to be configured in TOML + address validatorAddr = address(IOPCM(OPCM).opcmStandardValidator()); + require(validatorAddr != address(0), "OPCM returned zero validator"); + require(validatorAddr.code.length > 0, "Validator has no code"); + STANDARD_VALIDATOR = IOPContractsManagerStandardValidator(validatorAddr); + vm.label(address(STANDARD_VALIDATOR), "OPCMStandardValidator"); + } + + /// @notice Before implementing the `_build` function, template developers must consider the following: + /// 1. Which Multicall contract does this template use — `Multicall3` or `Multicall3Delegatecall`? + /// 2. Based on the contract, should the target be called using `call` or `delegatecall`? + /// 3. Ensure that the call to the target uses the appropriate method (`call` or `delegatecall`) accordingly. + /// Guidelines: + /// - `Multicall3Delegatecall`: + /// If the template inherits from `OPCMTaskBase`, it uses the `Multicall3Delegatecall` contract. + /// In this case, calls to the target **must** use `delegatecall`, e.g.: + /// `(bool success,) = OPCM.delegatecall(abi.encodeWithSelector(IOPCMPrestateUpdate.upgrade.selector, opChainConfigs));` + function _build(address) internal override { + SuperchainAddressRegistry.ChainInfo[] memory chains = superchainAddrRegistry.getChains(); + IOPContractsManager.OpChainConfig[] memory opChainConfigs = + new IOPContractsManager.OpChainConfig[](chains.length); + + for (uint256 i = 0; i < chains.length; i++) { + uint256 chainId = chains[i].chainId; + opChainConfigs[i] = IOPContractsManager.OpChainConfig({ + systemConfigProxy: ISystemConfig(superchainAddrRegistry.getAddress("SystemConfigProxy", chainId)), + proxyAdmin: IProxyAdmin(superchainAddrRegistry.getAddress("ProxyAdmin", chainId)), + absolutePrestate: upgrades[chainId].absolutePrestate + }); + } + + (bool success,) = OPCM_TARGETS[0].delegatecall( + abi.encodeWithSelector(IOPCMPrestateUpdate.updatePrestate.selector, opChainConfigs) + ); + require(success, "OPCM.updatePrestate() failed"); + } + + /// @notice This method performs all validations and assertions that verify the calls executed as expected. + function _validate(VmSafe.AccountAccess[] memory, Action[] memory, address) internal view override { + SuperchainAddressRegistry.ChainInfo[] memory chains = superchainAddrRegistry.getChains(); + + for (uint256 i = 0; i < chains.length; i++) { + uint256 chainId = chains[i].chainId; + bytes32 expAbsolutePrestate = Claim.unwrap(upgrades[chainId].absolutePrestate); + string memory expErrors = upgrades[chainId].expectedValidationErrors; + address proxyAdmin = superchainAddrRegistry.getAddress("ProxyAdmin", chainId); + address sysCfg = superchainAddrRegistry.getAddress("SystemConfigProxy", chainId); + + IOPContractsManagerStandardValidator.ValidationInput memory input = IOPContractsManagerStandardValidator + .ValidationInput({ + proxyAdmin: IProxyAdmin(proxyAdmin), + sysCfg: ISystemConfig(sysCfg), + absolutePrestate: expAbsolutePrestate, + l2ChainID: chainId + }); + + IOPContractsManagerStandardValidator.ValidationOverrides memory overrides_ = + IOPContractsManagerStandardValidator.ValidationOverrides({ + l1PAOMultisig: superchainAddrRegistry.getAddress("ProxyAdminOwner", chainId), + challenger: superchainAddrRegistry.getAddress("Challenger", chainId) + }); + + string memory errors = + STANDARD_VALIDATOR.validateWithOverrides({_input: input, _allowFailure: true, _overrides: overrides_}); + + require(errors.eq(expErrors), string.concat("Unexpected errors: ", errors, "; expected: ", expErrors)); + } + } + + /// @notice Override to return a list of addresses that should not be checked for code length. + function _getCodeExceptions() internal view virtual override returns (address[] memory) {} +} + +interface IOPCMPrestateUpdate { + function updatePrestate(IOPContractsManager.OpChainConfig[] memory _prestateUpdateInputs) external; +} + +/// @notice Interface to retrieve the standard validator from OPCM. +interface IOPCM { + function opcmStandardValidator() external view returns (IOPContractsManagerStandardValidator); +} + +/// @notice Validator interface for validateWithOverrides usage. +interface IOPContractsManagerStandardValidator { + struct ValidationInput { + IProxyAdmin proxyAdmin; + ISystemConfig sysCfg; + bytes32 absolutePrestate; + uint256 l2ChainID; + } + + struct ValidationOverrides { + address l1PAOMultisig; + address challenger; + } + + function validate(ValidationInput memory _input, bool _allowFailure) external view returns (string memory); + + function validateWithOverrides( + ValidationInput memory _input, + bool _allowFailure, + ValidationOverrides memory _overrides + ) external view returns (string memory); + + function version() external view returns (string memory); +} diff --git a/test/tasks/Regression.t.sol b/test/tasks/Regression.t.sol index b16ffbd3c..f700e709c 100644 --- a/test/tasks/Regression.t.sol +++ b/test/tasks/Regression.t.sol @@ -11,6 +11,7 @@ import {OPCMUpgradeV200} from "src/template/OPCMUpgradeV200.sol"; import {OPCMUpgradeV300} from "src/template/OPCMUpgradeV300.sol"; import {OPCMUpgradeV400} from "src/template/OPCMUpgradeV400.sol"; import {OPCMUpdatePrestateV300} from "src/template/OPCMUpdatePrestateV300.sol"; +import {OPCMUpdatePrestateV410} from "src/template/OPCMUpdatePrestateV410.sol"; import {SetRespectedGameTypeTemplate} from "src/template/SetRespectedGameTypeTemplate.sol"; import {UpdateRetirementTimestampV200} from "src/template/UpdateRetirementTimestampV200.sol"; import {UpdateRetirementTimestampV400} from "src/template/UpdateRetirementTimestampV400.sol"; @@ -418,6 +419,35 @@ contract RegressionTest is Test { _assertDataToSignNestedMultisig(multisigTask, actions, expectedDataToSign, MULTICALL3_ADDRESS, rootSafe); } + /// @notice Expected call data and data to sign generated by manually running the OPCMUpdatePrestateV410 template at block 9327881 on sepolia + /// Simulate from task directory (test/tasks/example/sep/028-opcm-update-prestate-v410) with: + /// SIMULATE_WITHOUT_LEDGER=1 just --dotenv-path "$(pwd)/.env" --justfile ../../../../../src/justfile simulate + function testRegressionCallDataMatches_OPCMUpdatePrestateV410() public { + string memory taskConfigFilePath = "test/tasks/example/sep/028-opcm-update-prestate-v410/config.toml"; + // Call data generated by manually running the OPCMUpdatePrestateV410 template at block 9327881 on sepolia. + string memory expectedCallData = + "0x82ad56cb0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000200000000000000000000000003bb6437aba031afbf9cb3538fa064161e2bf2d780000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a49a72745b00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000001000000000000000000000000034edd2a225f7f429a63e0f1d2084b9e0a93b538000000000000000000000000189abaaaa82dfc015a588a7dbad6f13b1d3485bcdead00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; + MultisigTask multisigTask = new OPCMUpdatePrestateV410(); + address rootSafe = address(0x1Eb2fFc903729a0F03966B917003800b145F56E2); + address foundationChildMultisig = 0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B; + address[] memory allSafes = MultisigTaskTestHelper.getAllSafes(rootSafe, foundationChildMultisig); + + (Action[] memory actions, uint256[] memory allOriginalNonces) = + _setupAndSimulate(taskConfigFilePath, 9327881, "sepolia", multisigTask, allSafes); + + _assertCallDataMatches(multisigTask, actions, allSafes, allOriginalNonces, expectedCallData); + + // Data to sign generated by manually running the OPCMUpdatePrestateV410 template at block 9327881 on sepolia. + string[] memory expectedDataToSign = new string[](2); + // Foundation + expectedDataToSign[0] = + "0x190137e1f5dd3b92a004a23589b741196c8a214629d4ea3a690ec8e41ae45c689cbb08ad152c64b380ea271693325a628e4a7aa2d70ff311f22cc0ceff34c34d9877"; + // Security council + expectedDataToSign[1] = + "0x1901be081970e9fc104bd1ea27e375cd21ec7bb1eec56bfe43347c3e36c5d27b8533766facb22395ca23edfd1485fd285bfeb3c25354a43ebd02ef6f8d072c69aa14"; + _assertDataToSignNestedMultisig(multisigTask, actions, expectedDataToSign, MULTICALL3_ADDRESS, rootSafe); + } + /// @notice Expected call data and data to sign generated by manually running the TransferL2PAOFromL1 template at block 22447773 on mainnet. /// Simulate from task directory (test/tasks/example/eth/008-transfer-l2pao) with: /// SIMULATE_WITHOUT_LEDGER=1 just --dotenv-path $(pwd)/.env --justfile ../../../../../src/nested.just simulate diff --git a/test/tasks/example/sep/028-opcm-update-prestate-v410/.env b/test/tasks/example/sep/028-opcm-update-prestate-v410/.env new file mode 100644 index 000000000..4387ef676 --- /dev/null +++ b/test/tasks/example/sep/028-opcm-update-prestate-v410/.env @@ -0,0 +1,3 @@ +TENDERLY_GAS=15000000 +FORK_BLOCK_NUMBER=9327881 +NESTED_SAFE_NAME_DEPTH_1=foundation diff --git a/test/tasks/example/sep/028-opcm-update-prestate-v410/config.toml b/test/tasks/example/sep/028-opcm-update-prestate-v410/config.toml new file mode 100644 index 000000000..5fe50931a --- /dev/null +++ b/test/tasks/example/sep/028-opcm-update-prestate-v410/config.toml @@ -0,0 +1,24 @@ +templateName = "OPCMUpdatePrestateV410" + +[[l2chains]] +chainId = 11155420 +name = "OP Sepolia Testnet" + +[[opcmUpgrades]] +chainId = 11155420 +absolutePrestate = "0xdead000000000000000000000000000000000000000000000000000000000000" # Dummy test prestate +expectedValidationErrors = "OVERRIDES-L1PAOMULTISIG,OVERRIDES-CHALLENGER" # The template provides PAO and Challenger overrides to the validator from the SCR. These simply indicate overrides were used. + +[addresses] +OPCM = "0x3bb6437aba031afbf9cb3538fa064161e2bf2d78" # version 3.2.0 https://github.com/ethereum-optimism/superchain-registry/blob/40526b1288534f6b84b7aae21d13c0b5f5b12f47/validation/standard/standard-versions-sepolia.toml#L23 + +[stateOverrides] +0x1Eb2fFc903729a0F03966B917003800b145F56E2 = [ # L1PAO + {key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 37} +] +0xf64bc17485f0B4Ea5F06A96514182FC4cB561977 = [ # SC + {key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 48} +] +0xDEe57160aAfCF04c34C887B5962D0a69676d3C8B = [ # FUS + {key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 51} +]