Merge branch 'main' into update_mainnet_deployment

.github/workflows/supplementary-contracts.yml

@@ -31,10 +31,15 @@ jobs:
       - name: Install pnpm dependencies
         uses: ./.github/actions/install-pnpm-dependencies
 
-      - name: Check formatting
-        working-directory: ./packages/supplementary-contracts
-        run: forge fmt --check
-
       - name: Unit Tests
         working-directory: ./packages/supplementary-contracts
         run: pnpm clean && pnpm test
+
+      - name: Format solidity && update contract layout table
+        working-directory: ./packages/supplementary-contracts
+        run: pnpm layout && forge fmt
+
+      - name: Commit contract layout table
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: "forge fmt & update contract layout table"

packages/protocol/deployments/mainnet-contract-logs.md

@@ -66,6 +66,17 @@
   - admin.taiko.eth accepted the ownership @tx`0x0ed114fee6de4e3e2206cea44e6632ec0c4588f73648d98d8df5dc0183b07885`
   - upgraded from `0x91d593d34f2E1904cDCe3D5290a74563F87bCF6f` to `0x4A1091c2fb37D9C4a661c2384Ff539d94CCF853D` @commit `b90b932` @tx`0x416560cd96dc75ccffebe889e8d1ab3e08b33f814dc4a2bf7c6f9555071d1f6f`
 
+#### quota_manager
+
+- proxy: `0x91f67118DD47d502B1f0C354D0611997B022f29E`
+- impl: `0x49c5e5F131314Bb24b17E249960F8B12F925ef22`
+- owner: `0x56706F118e42AE069F20c5636141B844D1324AE1`
+- pendingOwner: `admin.taiko.eth`
+- todo:
+  - admin.taiko.eth to accept the owner
+- logs:
+  - deployed on May 13, 2024 at commit `b90b932`
+
 #### erc20_vault
 
 - proxy: `0x996282cA11E5DEb6B5D122CC3B9A1FcAAD4415Ab`

packages/protocol/script/DeployL1QuotaManager.s.sol

@@ -6,8 +6,9 @@ import "../contracts/bridge/QuotaManager.sol";
 
 contract DeployL1QuotaManager is DeployCapability {
     uint256 public privateKey = vm.envUint("PRIVATE_KEY");
-    // MAINNET_SECURITY_COUNCIL: council.taiko.eth (0x7C50d60743D3FCe5a39FdbF687AFbAe5acFF49Fd)
-    address public addressManager = vm.envAddress("L1_ROLLUP_ADDRESS_MANAGER");
+    // MAINNET_L1_SHARED_ADDRESS_MANAGER: 0xEf9EaA1dd30a9AA1df01c36411b5F082aA65fBaa
+    address public addressManager = vm.envAddress("L1_SHARED_ADDRESS_MANAGER");
+    // MAINNET_OWNER: admin.taiko.eth (0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F)
     address public owner = vm.envAddress("OWNER");
 
     modifier broadcast() {

packages/protocol/script/SetDcapParams.s.sol

@@ -11,43 +11,50 @@ contract SetDcapParams is Script, AttestationBase {
     address public dcapAttestationAddress = vm.envAddress("ATTESTATION_ADDRESS");
     address public sgxVerifier = vm.envAddress("SGX_VERIFIER_ADDRESS");
     address public pemCertChainLibAddr = vm.envAddress("PEM_CERTCHAIN_ADDRESS");
-    // TASK_FLAG: [setMrEnclave,setMrSigner,configQE,configTCB,registerSgxInstanceWithQuote]
-    bool[] internal defaultTaskFlags = [true, true, true, true, true];
-    bool[] public taskFlags = vm.envOr("TASK_ENABLE", ",", defaultTaskFlags);
+    // TASK_FLAG:
+    // [setMrEnclave,setMrSigner,configQE,configTCB,enableMrCheck,registerSgxInstanceWithQuote]
+    uint256[] internal defaultTaskFlags = [1, 1, 1, 1, 1, 1];
+    uint256[] public taskFlags = vm.envOr("TASK_ENABLE", ",", defaultTaskFlags);
 
     function run() external {
         require(ownerPrivateKey != 0, "PRIVATE_KEY not set");
         require(dcapAttestationAddress != address(0), "ATTESTATION_ADDRESS not set");
 
         vm.startBroadcast(ownerPrivateKey);
-        if (taskFlags[0]) {
-            _setMrEnclave();
+        if (taskFlags[0] != 0) {
+            bool enable = (taskFlags[0] == 1);
+            _setMrEnclave(enable);
         }
-        if (taskFlags[1]) {
-            _setMrSigner();
+        if (taskFlags[1] != 0) {
+            bool enable = (taskFlags[1] == 1);
+            _setMrSigner(enable);
         }
-        if (taskFlags[2]) {
+        if (taskFlags[2] != 0) {
             _configureQeIdentityJson();
         }
-        if (taskFlags[3]) {
+        if (taskFlags[3] != 0) {
             _configureTcbInfoJson();
         }
-        if (taskFlags[4]) {
+        if (taskFlags[4] != 0) {
+            toggleCheckQuoteValidity(dcapAttestationAddress);
+        }
+        if (taskFlags[5] != 0) {
             _registerSgxInstanceWithQuoteBytes();
         }
 
         vm.stopBroadcast();
     }
 
-    function _setMrEnclave() internal {
+    function _setMrEnclave(bool enable) internal {
         mrEnclave = vm.envBytes32("MR_ENCLAVE");
-        setMrEnclave(dcapAttestationAddress, mrEnclave);
+        console2.log("_setMrEnclave set: ", uint256(mrEnclave));
+        setMrEnclave(dcapAttestationAddress, mrEnclave, enable);
         console2.log("MR_ENCLAVE set: ", uint256(mrEnclave));
     }
 
-    function _setMrSigner() internal {
+    function _setMrSigner(bool enable) internal {
         mrSigner = vm.envBytes32("MR_SIGNER");
-        setMrSigner(dcapAttestationAddress, mrSigner);
+        setMrSigner(dcapAttestationAddress, mrSigner, enable);
         console2.log("MR_SIGNER set: ", uint256(mrSigner));
     }
 

packages/protocol/script/config_dcap_sgx_verifier.sh

@@ -7,6 +7,9 @@ usage() {
     --eq file_path: config qe
     --mrenclave hex_string: config mrenclave
     --mrsigner hex_string: config mrsigner
+    --toggle-mr-check: toggle mrenclave/mrsigner check
+    --unset-mrenclave hex_string: disable mrenclave
+    --unset-mrsigner hex_string: disable mrsigner
     --quote string: register sgx instance with quote"
 to configure the dcap verifier contract.
 
@@ -49,6 +52,7 @@ config_qe=0
 set_mrenclave=0
 set_mrsigner=0
 verify_quote=0
+toggle_check=0
 
 # helper function for trimming the file path to vm root
 vm_file_path() {
@@ -76,6 +80,26 @@ while [[ $# -gt 0 ]]; do
             shift
             shift
             ;;
+        --unset-mrenclave)
+            MR_ENCLAVE="$2"
+            echo "Unset MR_ENCLAVE: $MR_ENCLAVE"
+            set_mrenclave=2
+            shift
+            shift
+            ;;
+        --unset-mrsigner)
+            MR_SIGNER="$2"
+            echo "Unset MR_SIGNER: $MR_SIGNER"
+            set_mrsigner=2
+            shift
+            shift
+            ;;
+        --toggle-mr-check)
+            echo "toggle mr check"
+            toggle_check=1
+            shift
+            shift
+            ;;
         --qeid)
             QEID_PATH=$(vm_file_path "$2")
             echo "Config QE file: $QEID_PATH"
@@ -109,7 +133,7 @@ if [ -z $FORK_URL ]; then
 fi
 
 # TASK_FLAG: [setMrEnclave,setMrSigner,configQE,configTCB,registerSgxInstanceWithQuote]
-TASK_ENABLE_MASK="$set_mrenclave,$set_mrsigner,$config_qe,$config_tcb,$verify_quote"
+TASK_ENABLE_MASK=$set_mrenclave,$set_mrsigner,$config_qe,$config_tcb,$toggle_check,$verify_quote
 
 # config the contract
 TASK_ENABLE=$TASK_ENABLE_MASK \

packages/protocol/test/automata-attestation/common/AttestationBase.t.sol

@@ -65,8 +65,8 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils {
             })
         );
 
-        setMrEnclave(address(attestation), mrEnclave);
-        setMrSigner(address(attestation), mrSigner);
+        setMrEnclave(address(attestation), mrEnclave, true);
+        setMrSigner(address(attestation), mrSigner, true);
 
         string memory tcbInfoJson = vm.readFile(string.concat(vm.projectRoot(), tcbInfoPath));
         string memory enclaveIdJson = vm.readFile(string.concat(vm.projectRoot(), idPath));
@@ -81,12 +81,16 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils {
         vm.stopPrank();
     }
 
-    function setMrEnclave(address _attestationAddress, bytes32 _mrEnclave) internal {
-        AutomataDcapV3Attestation(_attestationAddress).setMrEnclave(_mrEnclave, true);
+    function setMrEnclave(address _attestationAddress, bytes32 _mrEnclave, bool enable) internal {
+        AutomataDcapV3Attestation(_attestationAddress).setMrEnclave(_mrEnclave, enable);
     }
 
-    function setMrSigner(address _attestationAddress, bytes32 _mrSigner) internal {
-        AutomataDcapV3Attestation(_attestationAddress).setMrSigner(_mrSigner, true);
+    function setMrSigner(address _attestationAddress, bytes32 _mrSigner, bool enable) internal {
+        AutomataDcapV3Attestation(_attestationAddress).setMrSigner(_mrSigner, enable);
+    }
+
+    function toggleCheckQuoteValidity(address _attestationAddress) internal {
+        AutomataDcapV3Attestation(_attestationAddress).toggleLocalReportCheck();
     }
 
     function configureQeIdentityJson(
@@ -114,13 +118,16 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils {
         console.log("tcbParsedSuccess: %s", tcbParsedSuccess);
     }
 
-    function parsedQuoteAttestation(bytes memory v3QuoteBytes)
+    function verifyParsedQuoteAttestation(
+        bytes memory v3QuoteBytes,
+        bool expected
+    )
         internal
         returns (V3Struct.ParsedV3QuoteStruct memory v3quote)
     {
         v3quote = ParseV3QuoteBytes(address(pemCertChainLib), v3QuoteBytes);
         (bool verified,) = attestation.verifyParsedQuote(v3quote);
-        assertTrue(verified);
+        assertEq(verified, expected);
     }
 
     function registerSgxInstanceWithQuoteBytes(

packages/supplementary-contracts/contract_layout.md

@@ -0,0 +1,17 @@
+## TokenUnlocking
+| Name            | Type        | Slot | Offset | Bytes | Contract                                                   |
+|-----------------|-------------|------|--------|-------|------------------------------------------------------------|
+| _initialized    | uint8       | 0    | 0      | 1     | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| _initializing   | bool        | 0    | 1      | 1     | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| __gap           | uint256[50] | 1    | 0      | 1600  | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| _owner          | address     | 51   | 0      | 20    | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| __gap           | uint256[49] | 52   | 0      | 1568  | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| _status         | uint256     | 101  | 0      | 32    | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| __gap           | uint256[49] | 102  | 0      | 1568  | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| amountVested    | uint256     | 151  | 0      | 32    | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| amountWithdrawn | uint256     | 152  | 0      | 32    | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| recipient       | address     | 153  | 0      | 20    | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| taikoToken      | address     | 154  | 0      | 20    | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| tgeTimestamp    | uint64      | 154  | 20     | 8     | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+| __gap           | uint256[46] | 155  | 0      | 1472  | contracts/tokenUnlocking/TokenUnlocking.sol:TokenUnlocking |
+

packages/supplementary-contracts/contracts/tokenUnlocking/TokenUnlocking.sol

@@ -66,7 +66,10 @@ contract TokenUnlocking is OwnableUpgradeable, ReentrancyGuardUpgradeable {
         external
         initializer
     {
-        if (_taikoToken == address(0) || _recipient == address(0) || _tgeTimestamp == 0) {
+        if (
+            _owner == _recipient || _owner == address(0) || _recipient == address(0)
+                || _taikoToken == address(0) || _tgeTimestamp == 0
+        ) {
             revert INVALID_PARAM();
         }
 

packages/supplementary-contracts/deployments/gen-layouts.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Define the list of contracts to inspect
+contracts=(
+    "TokenUnlocking"
+)
+
+# Empty the output file initially
+output_file="contract_layout.md"
+> $output_file
+
+# Loop over each contract
+for contract in "${contracts[@]}"; do
+    # Run forge inspect and append to the file
+    # Ensure correct concatenation of the command without commas
+    echo "forge inspect ${contract} storagelayout --pretty >> $output_file"
+
+    echo "## ${contract}" >> $output_file
+    forge inspect ${contract} storagelayout --pretty >> $output_file
+    echo "" >> $output_file
+done

packages/supplementary-contracts/package.json

@@ -6,6 +6,7 @@
     "clean": "rm -rf abis cache* && forge clean",
     "compile": "forge build --build-info --extra-output storage-layout",
     "eslint": "pnpm exec eslint --ignore-path .eslintignore --ext .js,.ts .",
+    "layout": "./deployments/gen-layouts.sh",
     "fmt:sol": "forge fmt",
     "lint:sol": "forge fmt && pnpm solhint 'contracts/**/*.sol'",
     "test": "forge test -vvv --match-path test/*.t.sol"

packages/supplementary-contracts/script/tokenVesting/Vest.data.json

@@ -1,18 +1,15 @@
 [
   {
-    "name": "Alice",
     "recipient": "0xa48dEBc18D5e63F1FB94DD513f643e412684f8a4",
     "proxy": "0x33A270541f383A4A48dB6C5f1f00A161b8F79e2a",
     "vestAmount": 35000
   },
   {
-    "name": "Bob",
     "recipient": "0xa48dEBc18D5e63F1FB94DD513f643e412684f8a4",
     "proxy": "0x33A270541f383A4A48dB6C5f1f00A161b8F79e2a",
     "vestAmount": 25000
   },
   {
-    "name": "Carol",
     "recipient": "0xa48dEBc18D5e63F1FB94DD513f643e412684f8a4",
     "proxy": "0x33A270541f383A4A48dB6C5f1f00A161b8F79e2a",
     "vestAmount": 15000

packages/supplementary-contracts/script/tokenVesting/Vest.s.sol

@@ -6,22 +6,18 @@ import "forge-std/src/console2.sol";
 
 import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
-
 import "../../contracts/tokenUnlocking/TokenUnlocking.sol";
 
 contract VestTokenUnlocking is Script {
     using stdJson for string;
 
     struct VestingItem {
-        bytes32 name; // Conversion from json "string" to bytes32 will take place in foundry,
-            // cannot use string here, as json parser cannot interpret string from json, everything
-            // is bytes-chunks. It is more of informational to script executor anyways.
         address recipient;
         address proxy;
         uint256 vestAmount;
     }
 
-    ERC20 private tko = ERC20(vm.envAddress("TAIKO_TOKEN"));
+    ERC20 private tko = ERC20(0x10dea67478c5F8C5E2D90e5E9B26dBe60c54d800);
 
     function run() external {
         vm.startBroadcast();
@@ -32,23 +28,25 @@ contract VestTokenUnlocking is Script {
         );
 
         for (uint256 i; i < items.length; i++) {
-            address proxy = items[i].proxy;
-            console2.logBytes32(items[i].name);
-            console2.log("Grantee unlocking contract address:", proxy);
-            console2.log("Vest amount (TKO):", items[i].vestAmount);
+            if (items[i].vestAmount != 0) {
+                address proxy = items[i].proxy;
+                console2.log("Grantee unlocking contract address:", proxy);
+                console2.log("Vest amount (TKO):", items[i].vestAmount);
 
-            require(TokenUnlocking(proxy).owner() == msg.sender, "msg.sender not owner");
-            require(
-                TokenUnlocking(proxy).recipient() == items[i].recipient, "inconsistent recipient"
-            );
+                require(TokenUnlocking(proxy).owner() == msg.sender, "msg.sender not owner");
+                require(
+                    TokenUnlocking(proxy).recipient() == items[i].recipient,
+                    "inconsistent recipient"
+                );
 
-            uint128 vestAmount = uint128(items[i].vestAmount * 1e18);
-            require(tko.balanceOf(msg.sender) >= vestAmount, "insufficient TKO balance");
+                uint128 vestAmount = uint128(items[i].vestAmount * 1e18);
+                require(tko.balanceOf(msg.sender) >= vestAmount, "insufficient TKO balance");
 
-            tko.approve(proxy, vestAmount);
-            TokenUnlocking(proxy).vest(vestAmount);
+                tko.approve(proxy, vestAmount);
+                TokenUnlocking(proxy).vest(vestAmount);
 
-            console2.log("Vested!\n");
+                console2.log("Vested!\n");
+            }
         }
 
         vm.stopBroadcast();

packages/supplementary-contracts/script/tokenunlocking/Deploy.s.sol

@@ -11,17 +11,14 @@ import "../../contracts/tokenUnlocking/TokenUnlocking.sol";
 contract DeployTokenUnlocking is Script {
     using stdJson for string;
 
-    uint256 public PRIVATE_KEY = vm.envUint("PRIVATE_KEY"); // deployer
-    address public OWNER = vm.envAddress("OWNER");
-    address public TAIKO_TOKEN = vm.envAddress("TAIKO_TOKEN");
-    uint256 public TGE = vm.envUint("TGE_TIMESTAMP");
-    address public IMPL = vm.envAddress("TOKEN_VESTING_IMPL");
+    address public OWNER = 0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F; // admin.taiko.eth
+    address public TAIKO_TOKEN = 0x10dea67478c5F8C5E2D90e5E9B26dBe60c54d800; // token.taiko.eth
+    uint64 public TGE = 1_716_767_999; // Date and time (GMT): Sunday, May 26, 2024 11:59:59 PM
+    address public IMPL = 0x244108e321FE03b0E33FE63Ef62285F05d191a62;
 
     function setUp() public { }
 
     function run() external {
-        address impl = IMPL == address(0) ? address(new TokenUnlocking()) : IMPL;
-
         string memory path = "/script/tokenUnlocking/Deploy.data.json";
         address[] memory recipients = abi.decode(
             vm.parseJson(vm.readFile(string.concat(vm.projectRoot(), path))), (address[])
@@ -30,12 +27,10 @@ contract DeployTokenUnlocking is Script {
         for (uint256 i; i < recipients.length; i++) {
             console2.log("Grantee:", recipients[i]);
 
-            vm.startBroadcast(PRIVATE_KEY);
+            vm.startBroadcast();
             deployProxy({
-                impl: impl,
-                data: abi.encodeCall(
-                    TokenUnlocking.init, (OWNER, TAIKO_TOKEN, recipients[i], uint64(TGE))
-                    )
+                impl: IMPL,
+                data: abi.encodeCall(TokenUnlocking.init, (OWNER, TAIKO_TOKEN, recipients[i], TGE))
             });
             vm.stopBroadcast();
             console2.log("Deployed!\n");