Skip to content

Commit

Permalink
Merge pull request #1021 from matter-labs/ra/fix-oz-library
Browse files Browse the repository at this point in the history
feat: ZKChain Upgrades and Libraries Diff Audit
  • Loading branch information
StanislavBreadless authored Oct 27, 2024
2 parents 21ac083 + 623e131 commit bc4674b
Show file tree
Hide file tree
Showing 30 changed files with 134 additions and 107 deletions.
4 changes: 2 additions & 2 deletions l1-contracts/contracts/bridge/L2SharedBridgeLegacy.sol
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import {UpgradeableBeacon} from "@openzeppelin/contracts-v4/proxy/beacon/Upgrade

import {BridgedStandardERC20} from "./BridgedStandardERC20.sol";

import {DEPLOYER_SYSTEM_CONTRACT, L2_ASSET_ROUTER_ADDR, L2_NATIVE_TOKEN_VAULT_ADDR} from "../common/L2ContractAddresses.sol";
import {L2_DEPLOYER_SYSTEM_CONTRACT_ADDR, L2_ASSET_ROUTER_ADDR, L2_NATIVE_TOKEN_VAULT_ADDR} from "../common/L2ContractAddresses.sol";
import {SystemContractsCaller} from "../common/libraries/SystemContractsCaller.sol";
import {L2ContractHelper, IContractDeployer} from "../common/libraries/L2ContractHelper.sol";
import {AddressAliasHelper} from "../vendor/AddressAliasHelper.sol";
Expand Down Expand Up @@ -175,7 +175,7 @@ contract L2SharedBridgeLegacy is IL2SharedBridgeLegacy, Initializable {
function deployBeaconProxy(bytes32 salt) external onlyNTV returns (address proxy) {
(bool success, bytes memory returndata) = SystemContractsCaller.systemCallWithReturndata(
uint32(gasleft()),
DEPLOYER_SYSTEM_CONTRACT,
L2_DEPLOYER_SYSTEM_CONTRACT_ADDR,
0,
abi.encodeCall(
IContractDeployer.create2,
Expand Down
15 changes: 0 additions & 15 deletions l1-contracts/contracts/bridge/interfaces/IL2Bridge.sol

This file was deleted.

4 changes: 2 additions & 2 deletions l1-contracts/contracts/bridge/ntv/L2NativeTokenVault.sol
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import {NativeTokenVault} from "./NativeTokenVault.sol";
import {IL2SharedBridgeLegacy} from "../interfaces/IL2SharedBridgeLegacy.sol";
import {BridgedStandardERC20} from "../BridgedStandardERC20.sol";

import {DEPLOYER_SYSTEM_CONTRACT, L2_ASSET_ROUTER_ADDR} from "../../common/L2ContractAddresses.sol";
import {L2_DEPLOYER_SYSTEM_CONTRACT_ADDR, L2_ASSET_ROUTER_ADDR} from "../../common/L2ContractAddresses.sol";
import {L2ContractHelper, IContractDeployer} from "../../common/libraries/L2ContractHelper.sol";

import {SystemContractsCaller} from "../../common/libraries/SystemContractsCaller.sol";
Expand Down Expand Up @@ -163,7 +163,7 @@ contract L2NativeTokenVault is IL2NativeTokenVault, NativeTokenVault {

(bool success, bytes memory returndata) = SystemContractsCaller.systemCallWithReturndata(
uint32(gasleft()),
DEPLOYER_SYSTEM_CONTRACT,
L2_DEPLOYER_SYSTEM_CONTRACT_ADDR,
0,
abi.encodeCall(
IContractDeployer.create2,
Expand Down
7 changes: 5 additions & 2 deletions l1-contracts/contracts/bridgehub/IMessageRoot.sol
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,11 @@ pragma solidity 0.8.24;

import {IBridgehub} from "./IBridgehub.sol";

/// @author Matter Labs
/// @custom:security-contact [email protected]
/**
* @author Matter Labs
* @notice MessageRoot contract is responsible for storing and aggregating the roots of the batches from different chains into the MessageRoot.
* @custom:security-contact [email protected]
*/
interface IMessageRoot {
function BRIDGE_HUB() external view returns (IBridgehub);

Expand Down
1 change: 0 additions & 1 deletion l1-contracts/contracts/common/Config.sol
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ uint256 constant MAX_L2_TO_L1_LOGS_COMMITMENT_BYTES = 4 + L2_TO_L1_LOG_SERIALIZE
/// @dev Actually equal to the `keccak256(new bytes(L2_TO_L1_LOG_SERIALIZE_SIZE))`
bytes32 constant L2_L1_LOGS_TREE_DEFAULT_LEAF_HASH = 0x72abee45b59e344af8a6e520241c4744aff26ed411f4c4b00f8af09adada43ba;

// TODO: change constant to the real root hash of empty Merkle tree (SMA-184)
bytes32 constant DEFAULT_L2_LOGS_TREE_ROOT_HASH = bytes32(0);

/// @dev Denotes the type of the ZKsync transaction that came from L1.
Expand Down
5 changes: 1 addition & 4 deletions l1-contracts/contracts/common/L2ContractAddresses.sol
Original file line number Diff line number Diff line change
Expand Up @@ -69,15 +69,12 @@ interface IL2Messenger {
/// if the assetId can be calculated with this address then it is in fact an NTV asset
address constant L2_NATIVE_TOKEN_VAULT_ADDR = address(0x10004);

/// @dev the address of the l2 asse3t router.
/// @dev the address of the l2 asset router.
address constant L2_MESSAGE_ROOT_ADDR = address(0x10005);

/// @dev the offset for the system contracts
uint160 constant SYSTEM_CONTRACTS_OFFSET = 0x8000; // 2^15

/// @dev the address of the deployer system contract
address constant DEPLOYER_SYSTEM_CONTRACT = address(SYSTEM_CONTRACTS_OFFSET + 0x06);

/// @dev the address of the l2 messenger system contract
IL2Messenger constant L2_MESSENGER = IL2Messenger(address(SYSTEM_CONTRACTS_OFFSET + 0x08));

Expand Down
3 changes: 2 additions & 1 deletion l1-contracts/contracts/common/libraries/DataEncoding.sol
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,8 @@ library DataEncoding {
}
}

/// @notice Encodes the token data by combining chain id, asset deployment tracker and asset data.
/// @notice Encodes the token data by combining chain id, and its metadata.
/// @dev Note that all the metadata of the token is expected to be ABI encoded.
/// @param _chainId The id of the chain token is native to.
/// @param _name The name of the token.
/// @param _symbol The symbol of the token.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ library SystemContractsCaller {
assembly {
dataStart := add(data, 0x20)
}
uint32 dataLength = uint32(Utils.safeCastToU32(data.length));
uint32 dataLength = Utils.safeCastToU32(data.length);

uint256 farCallAbi = getFarCallABI({
dataOffset: 0,
Expand Down
7 changes: 0 additions & 7 deletions l1-contracts/contracts/common/libraries/UnsafeBytes.sol
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,6 @@ library UnsafeBytes {
}
}

function readUint128(bytes memory _bytes, uint256 _start) internal pure returns (uint128 result, uint256 offset) {
assembly {
offset := add(_start, 16)
result := mload(add(_bytes, offset))
}
}

function readUint256(bytes memory _bytes, uint256 _start) internal pure returns (uint256 result, uint256 offset) {
assembly {
offset := add(_start, 32)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ contract CustomUpgradeTest is BaseZkSyncUpgrade {
/// upgrade.
function _postUpgrade(bytes calldata _customCallDataForUpgrade) internal override {}

/// @notice The main function that will be called by the upgrade proxy.
/// @notice The main function that will be delegate-called by the chain.
/// @param _proposedUpgrade The upgrade to be executed.
function upgrade(ProposedUpgrade calldata _proposedUpgrade) public override returns (bytes32) {
(uint32 newMinorVersion, bool isPatchOnly) = _setNewProtocolVersion(_proposedUpgrade.newProtocolVersion);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import {TWO_BRIDGES_MAGIC_VALUE, ETH_TOKEN_ADDRESS} from "../../common/Config.so
import {IL1NativeTokenVault} from "../../bridge/ntv/L1NativeTokenVault.sol";
import {L2_NATIVE_TOKEN_VAULT_ADDR} from "../../common/L2ContractAddresses.sol";
import {SafeERC20} from "@openzeppelin/contracts-v4/token/ERC20/utils/SafeERC20.sol";
import {IL2Bridge} from "../../bridge/interfaces/IL2Bridge.sol";
import {IL2SharedBridgeLegacy} from "../../bridge/interfaces/IL2SharedBridgeLegacy.sol";
import {IL2SharedBridgeLegacyFunctions} from "../../bridge/interfaces/IL2SharedBridgeLegacyFunctions.sol";

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import {ReentrancyGuard} from "../common/ReentrancyGuard.sol";
import {AlreadyWhitelisted, InvalidSelector, NotWhitelisted, ZeroAddress} from "../common/L1ContractErrors.sol";
import {ITransactionFilterer} from "../state-transition/chain-interfaces/ITransactionFilterer.sol";
import {IBridgehub} from "../bridgehub/IBridgehub.sol";
import {IL2Bridge} from "../bridge/interfaces/IL2Bridge.sol";
import {IAssetRouterBase} from "../bridge/asset-router/IAssetRouterBase.sol";
import {IL2AssetRouter} from "../bridge/asset-router/IL2AssetRouter.sol";

Expand Down Expand Up @@ -86,25 +85,22 @@ contract GatewayTransactionFilterer is ITransactionFilterer, ReentrancyGuard, Ow

if (IL2AssetRouter.setAssetHandlerAddress.selector == l2TxSelector) {
(, bytes32 decodedAssetId, ) = abi.decode(l2Calldata[4:], (uint256, bytes32, address));
return _checkSTMAssetId(decodedAssetId);
return _checkCTMAssetId(decodedAssetId);
}

if (
IAssetRouterBase.finalizeDeposit.selector != l2TxSelector &&
IL2Bridge.finalizeDeposit.selector != l2TxSelector
) {
if (IAssetRouterBase.finalizeDeposit.selector != l2TxSelector) {
revert InvalidSelector(l2TxSelector);
}

(, bytes32 decodedAssetId, ) = abi.decode(l2Calldata[4:], (uint256, bytes32, bytes));
return _checkSTMAssetId(decodedAssetId);
return _checkCTMAssetId(decodedAssetId);
}

return whitelistedSenders[sender];
}

function _checkSTMAssetId(bytes32 assetId) internal view returns (bool) {
address stmAddress = BRIDGE_HUB.ctmAssetIdToAddress(assetId);
return stmAddress != address(0);
function _checkCTMAssetId(bytes32 assetId) internal view returns (bool) {
address ctmAddress = BRIDGE_HUB.ctmAssetIdToAddress(assetId);
return ctmAddress != address(0);
}
}
2 changes: 1 addition & 1 deletion l1-contracts/contracts/upgrades/BaseZkSyncUpgrade.sol
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ abstract contract BaseZkSyncUpgrade is ZKChainBase {
/// @notice Notifies about complete upgrade
event UpgradeComplete(uint256 indexed newProtocolVersion, bytes32 indexed l2UpgradeTxHash, ProposedUpgrade upgrade);

/// @notice The main function that will be provided by the upgrade proxy
/// @notice The main function that will be delegate-called by the chain.
/// @dev This is a virtual function and should be overridden by custom upgrade implementations.
/// @param _proposedUpgrade The upgrade to be executed.
/// @return txHash The hash of the L2 system contract upgrade transaction.
Expand Down
2 changes: 1 addition & 1 deletion l1-contracts/contracts/upgrades/DefaultUpgrade.sol
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import {BaseZkSyncUpgrade, ProposedUpgrade} from "./BaseZkSyncUpgrade.sol";
/// @author Matter Labs
/// @custom:security-contact [email protected]
contract DefaultUpgrade is BaseZkSyncUpgrade {
/// @notice The main function that will be called by the upgrade proxy.
/// @notice The main function that will be delegate-called by the chain.
/// @param _proposedUpgrade The upgrade to be executed.
function upgrade(ProposedUpgrade calldata _proposedUpgrade) public override returns (bytes32) {
super.upgrade(_proposedUpgrade);
Expand Down
10 changes: 6 additions & 4 deletions l1-contracts/contracts/upgrades/GatewayUpgrade.sol
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,17 @@ contract GatewayUpgrade is BaseZkSyncUpgrade {
using PriorityQueue for PriorityQueue.Queue;
using PriorityTree for PriorityTree.Tree;

/// @notice The address of this contract.
/// @dev needed as this address is delegateCalled, and we delegateCall it again.
address public immutable THIS_ADDRESS;

constructor() {
THIS_ADDRESS = address(this);
}

/// @notice The main function that will be called by the upgrade proxy.
/// @notice The main function that will be delegate-called by the chain.
/// @param _proposedUpgrade The upgrade to be executed.
/// @dev Doesn't require any access-control restrictions as the contract is used in the delegate call.
function upgrade(ProposedUpgrade calldata _proposedUpgrade) public override returns (bytes32) {
GatewayUpgradeEncodedInput memory encodedInput = abi.decode(
_proposedUpgrade.postUpgradeCalldata,
Expand Down Expand Up @@ -72,16 +75,15 @@ contract GatewayUpgrade is BaseZkSyncUpgrade {
);

// slither-disable-next-line controlled-delegatecall
(bool success, ) = THIS_ADDRESS.delegatecall(
abi.encodeWithSelector(IGatewayUpgrade.upgradeExternal.selector, proposedUpgrade)
);
(bool success, ) = THIS_ADDRESS.delegatecall(abi.encodeCall(IGatewayUpgrade.upgradeExternal, proposedUpgrade));
if (!success) {
revert GatewayUpgradeFailed();
}
return Diamond.DIAMOND_INIT_SUCCESS_RETURN_VALUE;
}

/// @notice The function that will be called from this same contract, we need an external call to be able to modify _proposedUpgrade (memory/calldata).
/// @dev Doesn't require any access-control restrictions as the contract is used in the delegate call.
function upgradeExternal(ProposedUpgrade calldata _proposedUpgrade) external {
super.upgrade(_proposedUpgrade);
}
Expand Down
8 changes: 8 additions & 0 deletions l1-contracts/contracts/upgrades/IGatewayUpgrade.sol
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@ pragma solidity 0.8.24;

import {ProposedUpgrade} from "./BaseZkSyncUpgrade.sol";

/**
* @author Matter Labs
* @custom:security-contact [email protected]
* @notice Gateway upgrade interface. Used for the protocol upgrade that introduces the Gateway.
*/
interface IGatewayUpgrade {
/// @notice The upgrade function called from within this same contract
/// @dev This is needed for memory -> calldata conversion of the _upgrade arg.
/// @param _upgrade The upgrade to be executed.
function upgradeExternal(ProposedUpgrade calldata _upgrade) external returns (bytes32);
}
17 changes: 17 additions & 0 deletions l1-contracts/contracts/upgrades/IL1GenesisUpgrade.sol
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,32 @@ pragma solidity 0.8.24;

import {L2CanonicalTransaction} from "../common/Messaging.sol";

/**
* @author Matter Labs
* @custom:security-contact [email protected]
* @notice L1 genesis upgrade interface. Every chain has to process an upgrade txs at its genesis.
* @notice This is needed to set system params like the chainId and to deploy some system contracts.
*/
interface IL1GenesisUpgrade {
/// @dev emitted when a chain registers and a GenesisUpgrade happens
/// @param _zkChain the address of the zk chain
/// @param _l2Transaction the l2 genesis upgrade transaction
/// @param _protocolVersion the current protocol version
/// @param _factoryDeps the factory dependencies needed for the upgrade
event GenesisUpgrade(
address indexed _zkChain,
L2CanonicalTransaction _l2Transaction,
uint256 indexed _protocolVersion,
bytes[] _factoryDeps
);

/// @notice The main function that will be called by the Admin facet at genesis.
/// @param _l1GenesisUpgrade the address of the l1 genesis upgrade
/// @param _chainId the chain id
/// @param _protocolVersion the current protocol version
/// @param _l1CtmDeployerAddress the address of the l1 ctm deployer
/// @param _forceDeployments the force deployments
/// @param _factoryDeps the factory dependencies
function genesisUpgrade(
address _l1GenesisUpgrade,
uint256 _chainId,
Expand Down
8 changes: 7 additions & 1 deletion l1-contracts/contracts/upgrades/L1GenesisUpgrade.sol
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,13 @@ import {L1GatewayHelper} from "./L1GatewayHelper.sol";
/// @author Matter Labs
/// @custom:security-contact [email protected]
contract L1GenesisUpgrade is IL1GenesisUpgrade, BaseZkSyncUpgradeGenesis {
/// @notice The main function that will be called by the upgrade proxy.
/// @notice The main function that will be called by the Admin facet.
/// @param _l1GenesisUpgrade the address of the l1 genesis upgrade
/// @param _chainId the chain id
/// @param _protocolVersion the current protocol version
/// @param _l1CtmDeployerAddress the address of the l1 ctm deployer
/// @param _fixedForceDeploymentsData the force deployments data
/// @param _factoryDeps the factory dependencies
function genesisUpgrade(
address _l1GenesisUpgrade,
uint256 _chainId,
Expand Down
1 change: 0 additions & 1 deletion l1-contracts/deploy-scripts/DeployL1.s.sol
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@ import {BridgedStandardERC20} from "contracts/bridge/BridgedStandardERC20.sol";
import {AddressHasNoCode} from "./ZkSyncScriptErrors.sol";
import {ICTMDeploymentTracker} from "contracts/bridgehub/ICTMDeploymentTracker.sol";
import {IMessageRoot} from "contracts/bridgehub/IMessageRoot.sol";
import {IL2ContractDeployer} from "contracts/common/interfaces/IL2ContractDeployer.sol";
import {L2ContractHelper} from "contracts/common/libraries/L2ContractHelper.sol";
import {AddressAliasHelper} from "contracts/vendor/AddressAliasHelper.sol";
import {IL1Nullifier} from "contracts/bridge/L1Nullifier.sol";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,7 @@ import {BridgedStandardERC20} from "contracts/bridge/BridgedStandardERC20.sol";
import {L2AssetRouter} from "contracts/bridge/asset-router/L2AssetRouter.sol";
import {IL2NativeTokenVault} from "contracts/bridge/ntv/IL2NativeTokenVault.sol";

import {UpgradeableBeacon} from "@openzeppelin/contracts-v4/proxy/beacon/UpgradeableBeacon.sol";
import {BeaconProxy} from "@openzeppelin/contracts-v4/proxy/beacon/BeaconProxy.sol";

import {Unauthorized, BridgeMintNotImplemented} from "contracts/common/L1ContractErrors.sol";
import {L2_ASSET_ROUTER_ADDR, L2_NATIVE_TOKEN_VAULT_ADDR, L2_BRIDGEHUB_ADDR} from "contracts/common/L2ContractAddresses.sol";
import {ETH_TOKEN_ADDRESS, SETTLEMENT_LAYER_RELAY_SENDER} from "contracts/common/Config.sol";

Expand All @@ -31,7 +29,6 @@ import {IZKChain} from "contracts/state-transition/chain-interfaces/IZKChain.sol
import {SystemContractsArgs} from "./_SharedL2ContractL1DeployerUtils.sol";

import {DeployUtils} from "deploy-scripts/DeployUtils.s.sol";
import {Unauthorized, BridgeMintNotImplemented} from "contracts/common/L1ContractErrors.sol";

abstract contract L2WethTestAbstract is Test, SharedL2ContractDeployer {
function test_shouldDepositWethByCallingDeposit() public {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -121,16 +121,16 @@ contract PermanentRestrictionTest is ChainTypeManagerTest {
return permRestriction.isAdminOfAChain(chainAddr);
}

function test_tryCompareAdminOfAChainIsAddressZero() public {
assertFalse(isAddressAdmin(address(0), owner));
function test_isAdminOfAChainIsAddressZero() public {
assertFalse(permRestriction.isAdminOfAChain(address(0)));
}

function test_tryCompareAdminOfAChainNotAHyperchain() public {
assertFalse(isAddressAdmin(makeAddr("random"), owner));
function test_isAdminOfAChainNotAHyperchain() public {
assertFalse(permRestriction.isAdminOfAChain(makeAddr("random")));
}

function test_tryCompareAdminOfAChainNotAnAdmin() public {
assertFalse(isAddressAdmin(hyperchain, owner));
function test_isAdminOfAChainOfAChainNotAnAdmin() public {
assertFalse(permRestriction.isAdminOfAChain(hyperchain));
}

function test_tryCompareAdminOfAChain() public {
Expand Down
8 changes: 3 additions & 5 deletions l1-contracts/test/foundry/l2/integration/L2Utils.sol
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@ pragma solidity ^0.8.20;
import {Vm} from "forge-std/Vm.sol";
import "forge-std/console.sol";

import {UpgradeableBeacon} from "@openzeppelin/contracts-v4/proxy/beacon/UpgradeableBeacon.sol";
import {BeaconProxy} from "@openzeppelin/contracts-v4/proxy/beacon/BeaconProxy.sol";
import {DEPLOYER_SYSTEM_CONTRACT, L2_ASSET_ROUTER_ADDR, L2_NATIVE_TOKEN_VAULT_ADDR, L2_BRIDGEHUB_ADDR, L2_MESSAGE_ROOT_ADDR} from "contracts/common/L2ContractAddresses.sol";
import {L2_DEPLOYER_SYSTEM_CONTRACT_ADDR, L2_ASSET_ROUTER_ADDR, L2_NATIVE_TOKEN_VAULT_ADDR, L2_BRIDGEHUB_ADDR, L2_MESSAGE_ROOT_ADDR} from "contracts/common/L2ContractAddresses.sol";
import {IContractDeployer, L2ContractHelper} from "contracts/common/libraries/L2ContractHelper.sol";
import {TransparentUpgradeableProxy} from "@openzeppelin/contracts-v4/proxy/transparent/TransparentUpgradeableProxy.sol";

Expand Down Expand Up @@ -70,7 +68,7 @@ library L2Utils {
*/
function initSystemContracts(SystemContractsArgs memory _args) internal {
bytes memory contractDeployerBytecode = readSystemContractsBytecode("ContractDeployer");
vm.etch(DEPLOYER_SYSTEM_CONTRACT, contractDeployerBytecode);
vm.etch(L2_DEPLOYER_SYSTEM_CONTRACT_ADDR, contractDeployerBytecode);
forceDeploySystemContracts(_args);
}

Expand Down Expand Up @@ -213,7 +211,7 @@ library L2Utils {
});

vm.prank(L2_FORCE_DEPLOYER_ADDR);
IContractDeployer(DEPLOYER_SYSTEM_CONTRACT).forceDeployOnAddresses(deployments);
IContractDeployer(L2_DEPLOYER_SYSTEM_CONTRACT_ADDR).forceDeployOnAddresses(deployments);
}

function deployViaCreat2L2(
Expand Down
Loading

0 comments on commit bc4674b

Please sign in to comment.