-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ops-bedrock: Beacon-chain devnet with Dencun + Ecotone upgrade #9117
base: develop
Are you sure you want to change the base?
Conversation
ac19021
to
b7e6afa
Compare
Semgrep found 6 Named return arguments to functions must be appended with an underscore ( |
28fc937
to
0516e9b
Compare
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
0516e9b
to
4d96bf0
Compare
Squashed and rebased on latest |
Wondering if we plan on moving forward with this as we will be needing a devnet for interop development soon |
@tynes yes, moving forward with this. Currently blocked on 2 things:
|
|
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
4d96bf0
to
269b5dc
Compare
Semgrep found 3
Named return arguments to functions must be appended with an underscore ( |
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
How is the progress on this coming along? |
@tynes Blocked by a bunch of other more urgent work unfortunately. Hope to get to it on Friday or Monday. |
This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
Semgrep found 9
No Semgrep found 3 Service 'grafana' is running with a writable root filesystem. This may allow malicious applications to download and run additional payloads, or modify container files. If an application inside a container has to save something temporarily consider using a tmpfs. Add 'read_only: true' to this service to prevent this. Ignore this finding from writable-filesystem-service.Semgrep found 3 Service 'grafana' allows for privilege escalation via setuid or setgid binaries. Add 'no-new-privileges:true' in 'security_opt' to prevent this. Ignore this finding from no-new-privileges.Semgrep found 3 Service port is exposed on all interfaces Ignore this finding from port-all-interfaces.Semgrep found 1 A secret is hard-coded in the application. Secrets stored in source code, such as credentials, identifiers, and other types of sensitive data, can be leaked and used by internal or external malicious actors. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy. View Dataflow Graphflowchart LR
classDef invis fill:white, stroke: none
classDef default fill:#e7f5ff, color:#1c7fd6, stroke: none
subgraph File0["<b>indexer/database/db.go</b>"]
direction LR
%% Source
subgraph Source
direction LR
v0["<a href=https://github.com/ethereum-optimism/optimism/blob/ab31d2b0485f84a9868d9aa6fffbdace836333bc/indexer/database/db.go#L46 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 46] " password=%s"</a>"]
end
%% Intermediate
subgraph Traces0[Traces]
direction TB
v2["<a href=https://github.com/ethereum-optimism/optimism/blob/ab31d2b0485f84a9868d9aa6fffbdace836333bc/indexer/database/db.go#L46 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 46] dsn</a>"]
end
%% Sink
subgraph Sink
direction LR
v1["<a href=https://github.com/ethereum-optimism/optimism/blob/ab31d2b0485f84a9868d9aa6fffbdace836333bc/indexer/database/db.go#L64 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 64] gorm.Open(postgres.Open(dsn), &gormConfig)</a>"]
end
end
%% Class Assignment
Source:::invis
Sink:::invis
Traces0:::invis
File0:::invis
%% Connections
Source --> Traces0
Traces0 --> Sink
Semgrep found 1 The application uses an empty credential. This can lead to unauthorized access by either an internal or external malicious actor. It is recommended to rotate the secret and retrieve them from a secure secret vault or Hardware Security Module (HSM), alternatively environment variables can be used if allowed by your company policy. View Dataflow Graphflowchart LR
classDef invis fill:white, stroke: none
classDef default fill:#e7f5ff, color:#1c7fd6, stroke: none
subgraph File0["<b>indexer/database/db.go</b>"]
direction LR
%% Source
subgraph Source
direction LR
v0["<a href=https://github.com/ethereum-optimism/optimism/blob/ab31d2b0485f84a9868d9aa6fffbdace836333bc/indexer/database/db.go#L46 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 46] " password=%s"</a>"]
end
%% Intermediate
subgraph Traces0[Traces]
direction TB
v2["<a href=https://github.com/ethereum-optimism/optimism/blob/ab31d2b0485f84a9868d9aa6fffbdace836333bc/indexer/database/db.go#L46 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 46] dsn</a>"]
end
%% Sink
subgraph Sink
direction LR
v1["<a href=https://github.com/ethereum-optimism/optimism/blob/ab31d2b0485f84a9868d9aa6fffbdace836333bc/indexer/database/db.go#L64 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 64] gorm.Open(postgres.Open(dsn), &gormConfig)</a>"]
end
end
%% Class Assignment
Source:::invis
Sink:::invis
Traces0:::invis
File0:::invis
%% Connections
Source --> Traces0
Traces0 --> Sink
Semgrep found 2 Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'. Ignore this finding from no-direct-write-to-responsewriter.Semgrep found 2 If an attacker can supply values that the application then uses to determine which method or field to invoke, the potential exists for the attacker to create control flow paths through the application that were not intended by the application developers. This attack vector may allow the attacker to bypass authentication or access control checks or otherwise cause the application to behave in an unexpected manner. Ignore this finding from unsafe-reflect-by-name.Semgrep found 2 Detected string concatenation with a non-literal variable in a "database/sql" Go SQL statement. This could lead to SQL injection if the variable is user-controlled and not properly sanitized. In order to prevent SQL injection, use parameterized queries or prepared statements instead. You can use prepared statements with the 'Prepare' and 'PrepareContext' calls. Ignore this finding from gosql-sqli. |
run_commands([ | ||
CommandPreset('erc20-test', | ||
['npx', 'hardhat', 'deposit-erc20', '--network', 'devnetL1', | ||
'--l1-contracts-json-path', paths.addresses_json_path, '--signer-index', '14'], | ||
cwd=paths.tasks_dir, timeout=8*60), | ||
# CommandPreset('erc20-test', | ||
# ['npx', 'hardhat', 'deposit-erc20', '--network', 'devnetL1', | ||
# '--l1-contracts-json-path', paths.addresses_json_path, '--signer-index', '14'], | ||
# cwd=paths.tasks_dir, timeout=8*60) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Didn't mean to commit this diff. If reviewers are happy with the op-e2e devnet test, I will just remove this altogether. Can then remove the devnet-tasks
in a follow up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would like to remove these devnet tasks, perhaps its a better idea to see them pass in CI against the new devnet before removing them
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tynes They don't pass and I cannot get them to work. I wasted a lot of time on this. This is the reason I switched to Go tests.
@@ -189,3 +192,14 @@ func (a *Addresses) All() []common.Address { | |||
a.Mallory, | |||
} | |||
} | |||
|
|||
func (s *Secrets) AccountAtIdx(idx int) *ecdsa.PrivateKey { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
perhaps uint
because negative values don't make sense here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's common to use int
s in Go for indices that don't make sense to be negative. So I just followed that convention. E.g. see stdlib, it uses int
indices everywhere. The user of this API is usually an expert who wouldn't put in negative numbers. So I'd just leave it as is.
We are moving towards removing the L2OO and being a fault proofs only sort of system, just wanna make sure that we are on the same page and that this takes that into account, ie no deep assumptions about L2OO in this diff |
@tynes yes, this PR just adds lighthouse, the default local devnet is still FP enabled. |
Description
This PR makes the local devnet to use a real lighthouse Beacon node.
It also enables Delta by default on all e2e tests, plus L1 enables Cancun after a few blocks, and Ecotone a shortly after.
In a follow up PR, Ecotone and Cancun will be enabled at genesis.
The PR also improves fork selection in individual tests and fixes from fork tests (e.g. one Ecotone test didn't call its activation function).
The PR introduces a new package
op-e2e/devnet
to run e2e tests against the local devnet. It provides a minimalSystem
abstraction that works with the withdrawals test, which got extracted and made into a reusable test.ℹ️ For reviewers: the files in
ops-bedrock/data
are auto-generated.Tests
Many fixed.
Additional context
Explicit fork selection in tests is somewhat improved, but is still brittle. We should completely remove fork selection by setting individual
<Fork>TimeOffset
fields in the deploy config and do it by a modular constructor of the configs using theWith...
option pattern.Open TODOs are tracked at #10968
Metadata