Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(protocol): update L1 / L2 deployment scripts #16913

Merged
merged 5 commits into from
Apr 29, 2024
Merged

feat(protocol): update L1 / L2 deployment scripts #16913

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e0710a5
feat(protocol): update L1 / L2 deployment scripts
davidtaikocha Apr 29, 2024
2116372
Merge branch 'main' into update-l2-l2-deployment
davidtaikocha Apr 29, 2024
e9d620d
Merge branch 'main' into update-l2-l2-deployment
davidtaikocha Apr 29, 2024
369038d
feat(protocol): update L1 / L2 deployment scripts
davidtaikocha Apr 29, 2024
1a2d2bb
Merge branch 'main' into update-l2-l2-deployment
dantaik Apr 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 13 additions & 14 deletions packages/protocol/genesis/GenerateGenesis.g.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
vm.readFile(string.concat(vm.projectRoot(), "/deployments/genesis_config.json"));
string private genesisAllocJSON =
vm.readFile(string.concat(vm.projectRoot(), "/deployments/genesis_alloc.json"));
address private ownerTimelockController = configJSON.readAddress(".ownerTimelockController");
address private ownerSecurityCouncil = configJSON.readAddress(".ownerSecurityCouncil");
address private contractOwner = configJSON.readAddress(".contractOwner");
uint256 private l1ChainId = configJSON.readUint(".l1ChainId");

function testSharedContractsDeployment() public {
Expand Down Expand Up @@ -61,7 +60,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
checkDeployedCode("RollupAddressManager");

// check proxy implementations
checkProxyImplementation("TaikoL2", ownerTimelockController);
checkProxyImplementation("TaikoL2", contractOwner);
checkProxyImplementation("RollupAddressManager");

// check proxies
Expand All @@ -73,7 +72,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
AddressManager addressManagerProxy =
AddressManager(getPredeployedContractAddress("SharedAddressManager"));

assertEq(ownerSecurityCouncil, addressManagerProxy.owner());
assertEq(contractOwner, addressManagerProxy.owner());

checkSavedAddress(addressManagerProxy, "Bridge", "bridge");
checkSavedAddress(addressManagerProxy, "ERC20Vault", "erc20_vault");
Expand All @@ -92,7 +91,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
AddressManager addressManagerProxy =
AddressManager(getPredeployedContractAddress("RollupAddressManager"));

assertEq(ownerSecurityCouncil, addressManagerProxy.owner());
assertEq(contractOwner, addressManagerProxy.owner());

checkSavedAddress(addressManagerProxy, "TaikoL2", "taiko");
checkSavedAddress(addressManagerProxy, "SignalService", "signal_service");
Expand All @@ -107,7 +106,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
function testTaikoL2() public {
TaikoL2 taikoL2Proxy = TaikoL2(getPredeployedContractAddress("TaikoL2"));

assertEq(ownerTimelockController, taikoL2Proxy.owner());
assertEq(contractOwner, taikoL2Proxy.owner());
assertEq(l1ChainId, taikoL2Proxy.l1ChainId());

vm.startPrank(taikoL2Proxy.GOLDEN_TOUCH_ADDRESS());
Expand Down Expand Up @@ -152,7 +151,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
addressManager.setAddress(1, "bridge", bridgeAddress);
vm.stopPrank();

assertEq(ownerSecurityCouncil, bridgeProxy.owner());
assertEq(contractOwner, bridgeProxy.owner());

vm.expectRevert(Bridge.B_PERMISSION_DENIED.selector);
bridgeProxy.processMessage(
Expand All @@ -174,7 +173,7 @@ contract TestGenerateGenesis is Test, AddressResolver {

assertEq(bridgeProxy.paused(), false);

vm.startPrank(ownerSecurityCouncil);
vm.startPrank(contractOwner);
bridgeProxy.pause();
assertEq(bridgeProxy.paused(), true);

Expand Down Expand Up @@ -212,7 +211,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
AddressManager addressManager =
AddressManager(getPredeployedContractAddress("SharedAddressManager"));

assertEq(ownerSecurityCouncil, erc20VaultProxy.owner());
assertEq(contractOwner, erc20VaultProxy.owner());

vm.startPrank(addressManager.owner());
addressManager.setAddress(1, "bridge", bridgeAddress);
Expand All @@ -234,7 +233,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
AddressManager addressManager =
AddressManager(getPredeployedContractAddress("SharedAddressManager"));

assertEq(ownerSecurityCouncil, erc721VaultProxy.owner());
assertEq(contractOwner, erc721VaultProxy.owner());

vm.startPrank(addressManager.owner());
addressManager.setAddress(1, "bridge", bridgeAddress);
Expand All @@ -256,7 +255,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
AddressManager addressManager =
AddressManager(getPredeployedContractAddress("SharedAddressManager"));

assertEq(ownerSecurityCouncil, erc1155VaultProxy.owner());
assertEq(contractOwner, erc1155VaultProxy.owner());

vm.startPrank(addressManager.owner());
addressManager.setAddress(1, "bridge", bridgeProxyAddress);
Expand All @@ -276,11 +275,11 @@ contract TestGenerateGenesis is Test, AddressResolver {
SignalService signalServiceProxy =
SignalService(getPredeployedContractAddress("SignalService"));

assertEq(ownerSecurityCouncil, signalServiceProxy.owner());
assertEq(contractOwner, signalServiceProxy.owner());

signalServiceProxy.sendSignal(keccak256(abi.encodePacked(block.prevrandao)));

vm.startPrank(ownerSecurityCouncil);
vm.startPrank(contractOwner);

// SignalService signalService =
// SignalService(payable(getPredeployedContractAddress("SignalServiceImpl")));
Expand Down Expand Up @@ -314,7 +313,7 @@ contract TestGenerateGenesis is Test, AddressResolver {
)
private
{
return checkProxyImplementation(proxyName, ownerSecurityCouncil);
return checkProxyImplementation(proxyName, contractOwner);
}

function checkProxyImplementation(
Expand Down
3 changes: 1 addition & 2 deletions packages/protocol/genesis/test_config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,7 @@
const ADDRESS_LENGTH = 40;

module.exports = {
ownerTimelockController: "0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266",
ownerSecurityCouncil: "0x70997970C51812dc3A010C7d01b50e0d17dc79C8",
contractOwner: "0x70997970C51812dc3A010C7d01b50e0d17dc79C8",
l1ChainId: 1,
chainId: 167,
seedAccounts: [
Expand Down
121 changes: 35 additions & 86 deletions packages/protocol/script/DeployOnL1.s.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@ import "../contracts/L1/tiers/DevnetTierProvider.sol";
import "../contracts/L1/tiers/TierProviderV1.sol";
import "../contracts/L1/tiers/TierProviderV2.sol";
import "../contracts/L1/hooks/AssignmentHook.sol";
import "../contracts/L1/gov/TaikoTimelockController.sol";
import "../contracts/L1/gov/TaikoGovernor.sol";
import "../contracts/bridge/Bridge.sol";
import "../contracts/tokenvault/ERC20Vault.sol";
import "../contracts/tokenvault/ERC1155Vault.sol";
Expand All @@ -36,12 +34,10 @@ import { P256Verifier } from "p256-verifier/src/P256Verifier.sol";
/// @notice This script deploys the core Taiko protocol smart contract on L1,
/// initializing the rollup.
contract DeployOnL1 is DeployCapability {
uint256 public constant NUM_GUARDIANS = 5;
uint256 public constant NUM_MIN_MAJORITY_GUARDIANS = 7;
uint256 public constant NUM_MIN_MINORITY_GUARDIANS = 2;

address public constant MAINNET_SECURITY_COUNCIL = 0x7C50d60743D3FCe5a39FdbF687AFbAe5acFF49Fd;

address securityCouncil =
block.chainid == 1 ? MAINNET_SECURITY_COUNCIL : vm.envAddress("SECURITY_COUNCIL");
address public constant MAINNET_CONTRACT_OWNER = 0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F; // admin.taiko.eth

modifier broadcast() {
uint256 privateKey = vm.envUint("PRIVATE_KEY");
Expand All @@ -54,16 +50,18 @@ contract DeployOnL1 is DeployCapability {
function run() external broadcast {
addressNotNull(vm.envAddress("TAIKO_L2_ADDRESS"), "TAIKO_L2_ADDRESS");
addressNotNull(vm.envAddress("L2_SIGNAL_SERVICE"), "L2_SIGNAL_SERVICE");
addressNotNull(vm.envAddress("CONTRACT_OWNER"), "CONTRACT_OWNER");

require(vm.envBytes32("L2_GENESIS_HASH") != 0, "L2_GENESIS_HASH");
address contractOwner = vm.envAddress("CONTRACT_OWNER");

// ---------------------------------------------------------------
// Deploy shared contracts
(address sharedAddressManager, address timelock, address governor) = deploySharedContracts();
(address sharedAddressManager) = deploySharedContracts(contractOwner);
console2.log("sharedAddressManager: ", sharedAddressManager);
console2.log("timelock: ", timelock);
// ---------------------------------------------------------------
// Deploy rollup contracts
address rollupAddressManager = deployRollupContracts(sharedAddressManager, timelock);
address rollupAddressManager = deployRollupContracts(sharedAddressManager, contractOwner);

// ---------------------------------------------------------------
// Signal service need to authorize the new rollup
Expand Down Expand Up @@ -92,24 +90,8 @@ contract DeployOnL1 is DeployCapability {
console2.log("signalService.owner(): ", signalService.owner());
console2.log("------------------------------------------");

TaikoTimelockController _timelock = TaikoTimelockController(payable(timelock));

if (signalService.owner() == msg.sender) {
// Setup time lock roles
// Only the governor can make proposals after holders voting.
_timelock.grantRole(_timelock.PROPOSER_ROLE(), governor);
_timelock.grantRole(_timelock.PROPOSER_ROLE(), msg.sender);

// Granting address(0) the executor role to allow open execution.
_timelock.grantRole(_timelock.EXECUTOR_ROLE(), address(0));
_timelock.grantRole(_timelock.EXECUTOR_ROLE(), msg.sender);

_timelock.grantRole(_timelock.TIMELOCK_ADMIN_ROLE(), securityCouncil);
_timelock.grantRole(_timelock.PROPOSER_ROLE(), securityCouncil);
_timelock.grantRole(_timelock.EXECUTOR_ROLE(), securityCouncil);

signalService.transferOwnership(timelock);
acceptOwnership(signalServiceAddr, TimelockControllerUpgradeable(payable(timelock)));
signalService.transferOwnership(contractOwner);
} else {
console2.log("------------------------------------------");
console2.log("Warning - you need to transact manually:");
Expand Down Expand Up @@ -138,35 +120,21 @@ contract DeployOnL1 is DeployCapability {

// ---------------------------------------------------------------
// Deploy other contracts
deployAuxContracts();
if (block.chainid != 1) {
deployAuxContracts();
}

if (AddressManager(sharedAddressManager).owner() == msg.sender) {
AddressManager(sharedAddressManager).transferOwnership(timelock);
acceptOwnership(sharedAddressManager, TimelockControllerUpgradeable(payable(timelock)));
console2.log("** sharedAddressManager ownership transferred to timelock:", timelock);
AddressManager(sharedAddressManager).transferOwnership(contractOwner);
console2.log("** sharedAddressManager ownership transferred to:", contractOwner);
}

AddressManager(rollupAddressManager).transferOwnership(timelock);
acceptOwnership(rollupAddressManager, TimelockControllerUpgradeable(payable(timelock)));
console2.log("** rollupAddressManager ownership transferred to timelock:", timelock);

_timelock.revokeRole(_timelock.TIMELOCK_ADMIN_ROLE(), address(this));
_timelock.revokeRole(_timelock.PROPOSER_ROLE(), msg.sender);
_timelock.revokeRole(_timelock.EXECUTOR_ROLE(), msg.sender);
_timelock.transferOwnership(securityCouncil);
_timelock.renounceRole(_timelock.TIMELOCK_ADMIN_ROLE(), msg.sender);
AddressManager(rollupAddressManager).transferOwnership(contractOwner);
console2.log("** rollupAddressManager ownership transferred to:", contractOwner);
}

function deploySharedContracts()
internal
returns (address sharedAddressManager, address timelock, address governor)
{
// Deploy the timelock
timelock = deployProxy({
name: "timelock_controller",
impl: address(new TaikoTimelockController()),
data: abi.encodeCall(TaikoTimelockController.init, (address(0), 7 days))
});
function deploySharedContracts(address owner) internal returns (address sharedAddressManager) {
addressNotNull(owner, "owner");

sharedAddressManager = vm.envAddress("SHARED_ADDRESS_MANAGER");
if (sharedAddressManager == address(0)) {
Expand All @@ -185,7 +153,7 @@ contract DeployOnL1 is DeployCapability {
data: abi.encodeCall(
TaikoToken.init,
(
timelock,
owner,
vm.envString("TAIKO_TOKEN_NAME"),
vm.envString("TAIKO_TOKEN_SYMBOL"),
vm.envAddress("TAIKO_TOKEN_PREMINT_RECIPIENT")
Expand All @@ -195,19 +163,6 @@ contract DeployOnL1 is DeployCapability {
});
}

governor = deployProxy({
name: "taiko_governor",
impl: address(new TaikoGovernor()),
data: abi.encodeCall(
TaikoGovernor.init,
(
timelock,
IVotesUpgradeable(taikoToken),
TimelockControllerUpgradeable(payable(timelock))
)
)
});

// Deploy Bridging contracts
deployProxy({
name: "signal_service",
Expand All @@ -219,7 +174,7 @@ contract DeployOnL1 is DeployCapability {
deployProxy({
name: "bridge",
impl: address(new Bridge()),
data: abi.encodeCall(Bridge.init, (timelock, sharedAddressManager)),
data: abi.encodeCall(Bridge.init, (owner, sharedAddressManager)),
registerTo: sharedAddressManager
});

Expand All @@ -236,21 +191,21 @@ contract DeployOnL1 is DeployCapability {
deployProxy({
name: "erc20_vault",
impl: address(new ERC20Vault()),
data: abi.encodeCall(ERC20Vault.init, (timelock, sharedAddressManager)),
data: abi.encodeCall(ERC20Vault.init, (owner, sharedAddressManager)),
registerTo: sharedAddressManager
});

deployProxy({
name: "erc721_vault",
impl: address(new ERC721Vault()),
data: abi.encodeCall(ERC721Vault.init, (timelock, sharedAddressManager)),
data: abi.encodeCall(ERC721Vault.init, (owner, sharedAddressManager)),
registerTo: sharedAddressManager
});

deployProxy({
name: "erc1155_vault",
impl: address(new ERC1155Vault()),
data: abi.encodeCall(ERC1155Vault.init, (timelock, sharedAddressManager)),
data: abi.encodeCall(ERC1155Vault.init, (owner, sharedAddressManager)),
registerTo: sharedAddressManager
});

Expand All @@ -277,13 +232,13 @@ contract DeployOnL1 is DeployCapability {

function deployRollupContracts(
address _sharedAddressManager,
address timelock
address owner
)
internal
returns (address rollupAddressManager)
{
addressNotNull(_sharedAddressManager, "sharedAddressManager");
addressNotNull(timelock, "timelock");
addressNotNull(owner, "owner");

rollupAddressManager = deployProxy({
name: "rollup_address_manager",
Expand All @@ -303,7 +258,7 @@ contract DeployOnL1 is DeployCapability {
data: abi.encodeCall(
TaikoL1.init,
(
timelock,
owner,
rollupAddressManager,
vm.envBytes32("L2_GENESIS_HASH"),
vm.envBool("PAUSE_TAIKO_L1")
Expand All @@ -315,20 +270,20 @@ contract DeployOnL1 is DeployCapability {
deployProxy({
name: "assignment_hook",
impl: address(new AssignmentHook()),
data: abi.encodeCall(AssignmentHook.init, (timelock, rollupAddressManager))
data: abi.encodeCall(AssignmentHook.init, (owner, rollupAddressManager))
});

deployProxy({
name: "tier_provider",
impl: deployTierProvider(vm.envString("TIER_PROVIDER")),
data: abi.encodeCall(TierProviderV1.init, (timelock)),
data: abi.encodeCall(TierProviderV1.init, (owner)),
registerTo: rollupAddressManager
});

deployProxy({
name: "tier_sgx",
impl: address(new SgxVerifier()),
data: abi.encodeCall(SgxVerifier.init, (timelock, rollupAddressManager)),
data: abi.encodeCall(SgxVerifier.init, (owner, rollupAddressManager)),
registerTo: rollupAddressManager
});

Expand All @@ -355,11 +310,13 @@ contract DeployOnL1 is DeployCapability {

address[] memory guardians = vm.envAddress("GUARDIAN_PROVERS", ",");

GuardianProver(guardianProverMinority).setGuardians(guardians, 1);
GuardianProver(guardianProverMinority).transferOwnership(timelock);
GuardianProver(guardianProverMinority).setGuardians(
guardians, uint8(NUM_MIN_MINORITY_GUARDIANS)
);
GuardianProver(guardianProverMinority).transferOwnership(owner);

GuardianProver(guardianProver).setGuardians(guardians, uint8(vm.envUint("MIN_GUARDIANS")));
GuardianProver(guardianProver).transferOwnership(timelock);
GuardianProver(guardianProver).setGuardians(guardians, uint8(NUM_MIN_MAJORITY_GUARDIANS));
GuardianProver(guardianProver).transferOwnership(owner);

// No need to proxy these, because they are 3rd party. If we want to modify, we simply
// change the registerAddress("automata_dcap_attestation", address(attestation));
Expand Down Expand Up @@ -400,12 +357,4 @@ contract DeployOnL1 is DeployCapability {
function addressNotNull(address addr, string memory err) private pure {
require(addr != address(0), err);
}

function acceptOwnership(address proxy, TimelockControllerUpgradeable timelock) internal {
bytes32 salt = bytes32(block.timestamp);
bytes memory payload = abi.encodeCall(Ownable2StepUpgradeable(proxy).acceptOwnership, ());

timelock.schedule(proxy, 0, payload, bytes32(0), salt, 0);
timelock.execute(proxy, 0, payload, bytes32(0), salt);
}
}
5 changes: 2 additions & 3 deletions packages/protocol/script/test_deploy_on_l1.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,10 @@ export PRIVATE_KEY=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f
PROPOSER=0x0000000000000000000000000000000000000000 \
TAIKO_TOKEN=0x0000000000000000000000000000000000000000 \
PROPOSER_ONE=0x0000000000000000000000000000000000000000 \
GUARDIAN_PROVERS="0x1000777700000000000000000000000000000001,0x1000777700000000000000000000000000000002,0x1000777700000000000000000000000000000003,0x1000777700000000000000000000000000000004,0x1000777700000000000000000000000000000005" \
MIN_GUARDIANS=3 \
GUARDIAN_PROVERS="0x1000777700000000000000000000000000000001,0x1000777700000000000000000000000000000002,0x1000777700000000000000000000000000000003,0x1000777700000000000000000000000000000004,0x1000777700000000000000000000000000000005,0x1000777700000000000000000000000000000006,0x1000777700000000000000000000000000000007" \
TAIKO_L2_ADDRESS=0x1000777700000000000000000000000000000001 \
L2_SIGNAL_SERVICE=0x1000777700000000000000000000000000000007 \
SECURITY_COUNCIL=0x60997970C51812dc3A010C7d01b50e0d17dc79C8 \
CONTRACT_OWNER=0x60997970C51812dc3A010C7d01b50e0d17dc79C8 \
TAIKO_TOKEN_PREMINT_RECIPIENT=0xa0Ee7A142d267C1f36714E4a8F75612F20a79720 \
TAIKO_TOKEN_NAME="Taiko Token Katla" \
TAIKO_TOKEN_SYMBOL=TTKOk \
Expand Down
Loading