Source Code
Overview
ETH Balance
0 ETH
ETH Value
$0.00
Cross-Chain Transactions
Loading...
Loading
Contract Name:
L2AddressRegistry
Compiler Version
v0.8.16+commit.07a7930e
Optimization Enabled:
Yes with 20000 runs
Other Settings:
london EvmVersion
Contract Source Code (Solidity Standard Json-Input format)
// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol";
import "./L2AddressRegistryInterfaces.sol";
contract L2AddressRegistry is IL2AddressRegistry {
IL2ArbitrumGoverner public immutable coreGov;
IL2ArbitrumGoverner public immutable treasuryGov;
IFixedDelegateErc20Wallet public immutable treasuryWallet;
IArbitrumDAOConstitution public immutable arbitrumDAOConstitution;
ProxyAdmin public immutable govProxyAdmin;
ISecurityCouncilNomineeElectionGovernor public immutable scNomineeElectionGovernor;
constructor(
IL2ArbitrumGoverner _coreGov,
IL2ArbitrumGoverner _treasuryGov,
IFixedDelegateErc20Wallet _treasuryWallet,
IArbitrumDAOConstitution _arbitrumDAOConstitution,
ProxyAdmin _govProxyAdmin,
ISecurityCouncilNomineeElectionGovernor _scNomineeElectionGovernor
) {
require(
_treasuryWallet.owner() == _treasuryGov.timelock(),
"L2AddressRegistry: treasury gov timelock must own treasuryWallet"
);
require(
_arbitrumDAOConstitution.owner() == _coreGov.owner(),
"L2AddressRegistry DAO must own ArbitrumDAOConstitution"
);
coreGov = _coreGov;
treasuryGov = _treasuryGov;
treasuryWallet = _treasuryWallet;
arbitrumDAOConstitution = _arbitrumDAOConstitution;
require(
_govProxyAdmin.getProxyAdmin(TransparentUpgradeableProxy(payable(address(_coreGov))))
== address(_govProxyAdmin),
"GovProxyAdmin must be proxy admin of the core governor"
);
govProxyAdmin = _govProxyAdmin;
scNomineeElectionGovernor = _scNomineeElectionGovernor;
}
function coreGovTimelock() external view returns (IArbitrumTimelock) {
return IArbitrumTimelock(coreGov.timelock());
}
function treasuryGovTimelock() external view returns (IArbitrumTimelock) {
return IArbitrumTimelock(treasuryGov.timelock());
}
function l2ArbitrumToken() external view returns (IL2ArbitrumToken) {
return IL2ArbitrumGoverner(address(coreGov)).token();
}
function scMemberElectionGovernor()
external
view
returns (ISecurityCouncilMemberElectionGovernor)
{
return scNomineeElectionGovernor.securityCouncilMemberElectionGovernor();
}
function securityCouncilManager() external view returns (ISecurityCouncilManager) {
return scNomineeElectionGovernor.securityCouncilManager();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/transparent/ProxyAdmin.sol)
pragma solidity ^0.8.0;
import "./TransparentUpgradeableProxy.sol";
import "../../access/Ownable.sol";
/**
* @dev This is an auxiliary contract meant to be assigned as the admin of a {TransparentUpgradeableProxy}. For an
* explanation of why you would want to use this see the documentation for {TransparentUpgradeableProxy}.
*/
contract ProxyAdmin is Ownable {
/**
* @dev Returns the current implementation of `proxy`.
*
* Requirements:
*
* - This contract must be the admin of `proxy`.
*/
function getProxyImplementation(TransparentUpgradeableProxy proxy) public view virtual returns (address) {
// We need to manually run the static call since the getter cannot be flagged as view
// bytes4(keccak256("implementation()")) == 0x5c60da1b
(bool success, bytes memory returndata) = address(proxy).staticcall(hex"5c60da1b");
require(success);
return abi.decode(returndata, (address));
}
/**
* @dev Returns the current admin of `proxy`.
*
* Requirements:
*
* - This contract must be the admin of `proxy`.
*/
function getProxyAdmin(TransparentUpgradeableProxy proxy) public view virtual returns (address) {
// We need to manually run the static call since the getter cannot be flagged as view
// bytes4(keccak256("admin()")) == 0xf851a440
(bool success, bytes memory returndata) = address(proxy).staticcall(hex"f851a440");
require(success);
return abi.decode(returndata, (address));
}
/**
* @dev Changes the admin of `proxy` to `newAdmin`.
*
* Requirements:
*
* - This contract must be the current admin of `proxy`.
*/
function changeProxyAdmin(TransparentUpgradeableProxy proxy, address newAdmin) public virtual onlyOwner {
proxy.changeAdmin(newAdmin);
}
/**
* @dev Upgrades `proxy` to `implementation`. See {TransparentUpgradeableProxy-upgradeTo}.
*
* Requirements:
*
* - This contract must be the admin of `proxy`.
*/
function upgrade(TransparentUpgradeableProxy proxy, address implementation) public virtual onlyOwner {
proxy.upgradeTo(implementation);
}
/**
* @dev Upgrades `proxy` to `implementation` and calls a function on the new implementation. See
* {TransparentUpgradeableProxy-upgradeToAndCall}.
*
* Requirements:
*
* - This contract must be the admin of `proxy`.
*/
function upgradeAndCall(
TransparentUpgradeableProxy proxy,
address implementation,
bytes memory data
) public payable virtual onlyOwner {
proxy.upgradeToAndCall{value: msg.value}(implementation, data);
}
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
import "@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol";
import "../../interfaces/IArbitrumTimelock.sol";
import "../../interfaces/IFixedDelegateErc20Wallet.sol";
import "../../interfaces/IL2ArbitrumToken.sol";
import "../../interfaces/IL2ArbitrumGovernor.sol";
import "../../interfaces/IArbitrumDAOConstitution.sol";
import "../../security-council-mgmt/interfaces/ISecurityCouncilManager.sol";
import "../../security-council-mgmt/interfaces/ISecurityCouncilNomineeElectionGovernor.sol";
import "../../security-council-mgmt/interfaces/ISecurityCouncilMemberElectionGovernor.sol";
interface ICoreGovTimelockGetter {
function coreGovTimelock() external view returns (IArbitrumTimelock);
}
interface ICoreGovGetter {
function coreGov() external view returns (IL2ArbitrumGoverner);
}
interface ITreasuryGovTimelockGetter {
function treasuryGovTimelock() external view returns (IArbitrumTimelock);
}
interface ITreasuryGovGetter {
function treasuryGov() external view returns (IL2ArbitrumGoverner);
}
interface IDaoTreasuryGetter {
function treasuryWallet() external view returns (IFixedDelegateErc20Wallet);
}
interface IL2ArbitrumTokenGetter {
function l2ArbitrumToken() external view returns (IL2ArbitrumToken);
}
interface IArbitrumDAOConstitutionGetter {
function arbitrumDAOConstitution() external view returns (IArbitrumDAOConstitution);
}
interface IGovProxyAdminGetter {
function govProxyAdmin() external view returns (ProxyAdmin);
}
interface ISecurityCouncilGetters {
function securityCouncilManager() external view returns (ISecurityCouncilManager);
function scNomineeElectionGovernor()
external
view
returns (ISecurityCouncilNomineeElectionGovernor);
function scMemberElectionGovernor()
external
view
returns (ISecurityCouncilMemberElectionGovernor);
}
interface IL2AddressRegistry is
ICoreGovGetter,
ICoreGovTimelockGetter,
ITreasuryGovTimelockGetter,
IDaoTreasuryGetter,
ITreasuryGovGetter,
IL2ArbitrumTokenGetter,
IArbitrumDAOConstitutionGetter,
IGovProxyAdminGetter,
ISecurityCouncilGetters
{}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/transparent/TransparentUpgradeableProxy.sol)
pragma solidity ^0.8.0;
import "../ERC1967/ERC1967Proxy.sol";
/**
* @dev This contract implements a proxy that is upgradeable by an admin.
*
* To avoid https://medium.com/nomic-labs-blog/malicious-backdoors-in-ethereum-proxies-62629adf3357[proxy selector
* clashing], which can potentially be used in an attack, this contract uses the
* https://blog.openzeppelin.com/the-transparent-proxy-pattern/[transparent proxy pattern]. This pattern implies two
* things that go hand in hand:
*
* 1. If any account other than the admin calls the proxy, the call will be forwarded to the implementation, even if
* that call matches one of the admin functions exposed by the proxy itself.
* 2. If the admin calls the proxy, it can access the admin functions, but its calls will never be forwarded to the
* implementation. If the admin tries to call a function on the implementation it will fail with an error that says
* "admin cannot fallback to proxy target".
*
* These properties mean that the admin account can only be used for admin actions like upgrading the proxy or changing
* the admin, so it's best if it's a dedicated account that is not used for anything else. This will avoid headaches due
* to sudden errors when trying to call a function from the proxy implementation.
*
* Our recommendation is for the dedicated account to be an instance of the {ProxyAdmin} contract. If set up this way,
* you should think of the `ProxyAdmin` instance as the real administrative interface of your proxy.
*/
contract TransparentUpgradeableProxy is ERC1967Proxy {
/**
* @dev Initializes an upgradeable proxy managed by `_admin`, backed by the implementation at `_logic`, and
* optionally initialized with `_data` as explained in {ERC1967Proxy-constructor}.
*/
constructor(
address _logic,
address admin_,
bytes memory _data
) payable ERC1967Proxy(_logic, _data) {
_changeAdmin(admin_);
}
/**
* @dev Modifier used internally that will delegate the call to the implementation unless the sender is the admin.
*/
modifier ifAdmin() {
if (msg.sender == _getAdmin()) {
_;
} else {
_fallback();
}
}
/**
* @dev Returns the current admin.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-getProxyAdmin}.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the
* https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
*/
function admin() external ifAdmin returns (address admin_) {
admin_ = _getAdmin();
}
/**
* @dev Returns the current implementation.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-getProxyImplementation}.
*
* TIP: To get this value clients can read directly from the storage slot shown below (specified by EIP1967) using the
* https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
* `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
*/
function implementation() external ifAdmin returns (address implementation_) {
implementation_ = _implementation();
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-changeProxyAdmin}.
*/
function changeAdmin(address newAdmin) external virtual ifAdmin {
_changeAdmin(newAdmin);
}
/**
* @dev Upgrade the implementation of the proxy.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-upgrade}.
*/
function upgradeTo(address newImplementation) external ifAdmin {
_upgradeToAndCall(newImplementation, bytes(""), false);
}
/**
* @dev Upgrade the implementation of the proxy, and then call a function from the new implementation as specified
* by `data`, which should be an encoded function call. This is useful to initialize new storage variables in the
* proxied contract.
*
* NOTE: Only the admin can call this function. See {ProxyAdmin-upgradeAndCall}.
*/
function upgradeToAndCall(address newImplementation, bytes calldata data) external payable ifAdmin {
_upgradeToAndCall(newImplementation, data, true);
}
/**
* @dev Returns the current admin.
*/
function _admin() internal view virtual returns (address) {
return _getAdmin();
}
/**
* @dev Makes sure the admin cannot access the fallback function. See {Proxy-_beforeFallback}.
*/
function _beforeFallback() internal virtual override {
require(msg.sender != _getAdmin(), "TransparentUpgradeableProxy: admin cannot fallback to proxy target");
super._beforeFallback();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20Upgradeable {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `from` to `to` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address from,
address to,
uint256 amount
) external returns (bool);
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
interface IArbitrumTimelock {
function cancel(bytes32 id) external;
function scheduleBatch(
address[] calldata target,
uint256[] calldata payloads,
bytes[] calldata data,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) external;
function getMinDelay() external view returns (uint256 duration);
function updateDelay(uint256 newDelay) external;
function isOperation(bytes32 id) external view returns (bool registered);
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
interface IFixedDelegateErc20Wallet {
function transfer(address _token, address _to, uint256 _amount) external returns (bool);
function owner() external view returns (address);
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "@openzeppelin/contracts-upgradeable/token/ERC20/IERC20Upgradeable.sol";
import "@openzeppelin/contracts-upgradeable/governance/utils/IVotesUpgradeable.sol";
interface IL2ArbitrumToken is IERC20Upgradeable, IVotesUpgradeable {
function mint(address recipient, uint256 amount) external;
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "./IL2ArbitrumToken.sol";
interface IL2ArbitrumGoverner {
// token() is inherited from GovernorVotesUpgradeable
function token() external view returns (IL2ArbitrumToken);
function relay(address target, uint256 value, bytes calldata data) external;
function timelock() external view returns (address);
function votingDelay() external view returns (uint256);
function setVotingDelay(uint256 newVotingDelay) external;
function votingPeriod() external view returns (uint256);
function setVotingPeriod(uint256 newVotingPeriod) external;
function EXCLUDE_ADDRESS() external view returns (address);
function owner() external view returns (address);
function proposalThreshold() external view returns (uint256);
function setProposalThreshold(uint256 newProposalThreshold) external;
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
interface IArbitrumDAOConstitution {
function constitutionHash() external view returns (bytes32);
function setConstitutionHash(bytes32 _constitutionHash) external;
function owner() external view returns (address);
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "../../UpgradeExecRouteBuilder.sol";
import "../Common.sol";
/// @notice Addresses to be given specific roles on the Security Council Manager
struct SecurityCouncilManagerRoles {
address admin;
address cohortUpdator;
address memberAdder;
address[] memberRemovers;
address memberRotator;
address memberReplacer;
address minRotationPeriodSetter;
}
/// @notice Data for a Security Council to be managed
struct SecurityCouncilData {
/// @notice Address of the Security Council
address securityCouncil;
/// @notice Address of the update action contract that contains the logic for
/// updating council membership. Will be delegate called by the upgrade executor
address updateAction;
uint256 chainId;
}
interface ISecurityCouncilManager {
// security council cohort errors
error NotAMember(address member);
error MemberInCohort(address member, Cohort cohort);
error CohortFull(Cohort cohort);
error InvalidNewCohortLength(address[] cohort, uint256 cohortSize);
error CohortLengthMismatch(address[] cohort1, address[] cohort2);
error InvalidCohort(Cohort cohort);
// security council data errors
error MaxSecurityCouncils(uint256 securityCouncilCount);
error SecurityCouncilZeroChainID(SecurityCouncilData securiyCouncilData);
error SecurityCouncilNotInRouter(SecurityCouncilData securiyCouncilData);
error SecurityCouncilNotInManager(SecurityCouncilData securiyCouncilData);
error SecurityCouncilAlreadyInRouter(SecurityCouncilData securiyCouncilData);
// rotation errors
error RotationTooSoon(address rotator, uint256 rotatableWhen);
error GovernorNotReplacer();
error NewMemberIsContender(uint256 proposalId, address newMember);
error NewMemberIsNominee(uint256 proposalId, address newMember);
error NewMemberIsRotating(address newMember);
error NewMemberIsRotatingTarget(address newMember);
error InvalidNewAddress(address newAddress);
function rotatedTo(address) external view returns (address);
function rotatingTo(address) external view returns (address);
function rotationNonce(address) external view returns (uint256);
/// @notice There is a minimum period between when an address can be rotated
/// This is to ensure a single member cannot do many rotations in a row
function minRotationPeriod() external view returns (uint256);
function MIN_ROTATION_PERIOD_SETTER_ROLE() external view returns (bytes32);
function MEMBER_REMOVER_ROLE() external view returns (bytes32);
/// @notice initialize SecurityCouncilManager.
/// @param _firstCohort addresses of first cohort
/// @param _secondCohort addresses of second cohort
/// @param _securityCouncils data of all security councils to manage
/// @param _roles permissions for triggering modifications to security councils
/// @param _l2CoreGovTimelock timelock for core governance / constitutional proposal
/// @param _router UpgradeExecRouteBuilder address
/// @param _minRotationPeriod The minimum amount of time that must happen between address rotations by the same council member
/// Rotations are in race conditions with other actions, so care must be taken to set this parameter to be
/// greater than the time taken for other actions. An example of this is if the removal governor has the removal
/// role it may try to remove an address, but doing so requires passing a vote and in the meantime the address may
/// rotate. If the address is only allowed to rotate once during this period the manager can keep track of this and still
/// and still remove the address, however if the rotation period allows for two rotations the address will not get removed
/// A general rule for setting the min rotation period is: make sure it is longer that the amount of time taken to conduct
/// any other actions on the sec council manager.
function initialize(
address[] memory _firstCohort,
address[] memory _secondCohort,
SecurityCouncilData[] memory _securityCouncils,
SecurityCouncilManagerRoles memory _roles,
address payable _l2CoreGovTimelock,
UpgradeExecRouteBuilder _router,
uint256 _minRotationPeriod
) external;
/// @notice Set the min rotation period. This is the minimum period that must occur
/// between two consecutive rotations by the same member
/// @param _minRotationPeriod The new minimum rotation period to be set
function setMinRotationPeriod(uint256 _minRotationPeriod) external;
/// @notice Replaces a whole cohort.
/// @dev Initiates cross chain messages to update the individual Security Councils.
/// @param _newCohort New cohort members to replace existing cohort. Must have 6 members.
/// @param _cohort Cohort to replace.
function replaceCohort(address[] memory _newCohort, Cohort _cohort) external;
/// @notice Add a member to the specified cohort.
/// Cohorts cannot have more than 6 members, so the cohort must have less than 6 in order to call this.
/// New member cannot already be a member of either cohort.
/// @dev Initiates cross chain messages to update the individual Security Councils.
/// When adding a member, make sure that the key does not conflict with any contenders/nominees of ongoing elections.
/// @param _newMember New member to add
/// @param _cohort Cohort to add member to
function addMember(address _newMember, Cohort _cohort) external;
/// @notice Remove a member.
/// @dev Searches both cohorts for the member.
/// Initiates cross chain messages to update the individual Security Councils
/// @param _member Member to remove
function removeMember(address _member) external;
/// @notice Replace a member in a council - equivalent to removing a member, then adding another in its place.
/// Identities of members should be different.
/// Functionality is equivalent to replaceMember,
/// though emits a different event to distinguish the security council's intent (different identities).
/// @dev Initiates cross chain messages to update the individual Security Councils.
/// When replacing a member, make sure that the key does not conflict with any contenders/nominees of ongoing electoins.
/// @param _memberToReplace Security Council member to remove
/// @param _newMember Security Council member to add in their place
function replaceMember(address _memberToReplace, address _newMember) external;
/// @notice Get the hash to be signed for an existing member rotation
/// @param from The address that will be rotated out. Included in the hash so that other members cant use this message to rotate their address
/// @param nonce The message nonce. Must be equal to the rotationNonce for the member being rotated out
function getRotateMemberHash(address from, uint256 nonce) external view returns (bytes32);
/// @notice Security council member can rotate out their address for a new one
/// @dev Initiates cross chain messages to update the individual Security Councils.
/// Cannot rotate to a contender in an ongoing election, as this could cause a clash that would stop the election result executing
/// @param newMemberAddress The new member address to be rotated to
/// @param memberElectionGovernor The current member election governor - must have the COHORT_REPLACER_ROLE role
/// @param signature A signature from the new member address over the 712 rotateMember hash
function rotateMember(
address newMemberAddress,
address memberElectionGovernor,
bytes calldata signature
) external;
/// @notice Get the hash to be signed for future member rotation
/// @param from The address that will be rotated out. This is included in the hash so that other members cant use this message to rotate their address
/// @param nonce The message nonce. Must be the from address's current rotationNonce
function getSetRotatingToHash(address from, uint256 nonce) external view returns (bytes32);
/// @notice Set an address to be rotated to if the sender is ever elected as a member
/// This enables unelected members to decide where their election address will update to. When a member is elected to the council they
/// are expected to have a high level of security on their member key. Election candidates may not have set up that high level of security before
/// registering their election key, so this method allows them to set up a new key that will be actually installed as the member upon election.
/// If this future rotation causes a clash, the rotation will not be executed and the original address will be installed
/// This rotation only applies to future replaceCohort, mainly used by the member election governor
/// @param newMemberAddress The new member address to be rotated to
/// @param signature A signature from the new member address over the 712 setRotatingTo hash
function setRotatingTo(address newMemberAddress, bytes calldata signature) external;
/// @notice Is the account a member of the first cohort
function firstCohortIncludes(address account) external view returns (bool);
/// @notice Is the account a member of the second cohort
function secondCohortIncludes(address account) external view returns (bool);
/// @notice Is the account a member of the specified cohort
function cohortIncludes(Cohort cohort, address account) external view returns (bool);
/// @notice All members of the first cohort
function getFirstCohort() external view returns (address[] memory);
/// @notice All members of the second cohort
function getSecondCohort() external view returns (address[] memory);
/// @notice All members of both cohorts
function getBothCohorts() external view returns (address[] memory);
/// @notice Length of security councils array
function securityCouncilsLength() external view returns (uint256);
/// @notice Size of cohort under ordinary circumstances
function cohortSize() external view returns (uint256);
/// @notice Add new security council to be included in security council management system.
/// @param _securityCouncilData Security council info
function addSecurityCouncil(SecurityCouncilData memory _securityCouncilData) external;
/// @notice Remove security council from management system.
/// @param _securityCouncilData security council to be removed
function removeSecurityCouncil(SecurityCouncilData memory _securityCouncilData)
external
returns (bool);
/// @notice UpgradeExecRouteBuilder is immutable, so in lieu of upgrading it, it can be redeployed and reset here
/// @param _router new router address
function setUpgradeExecRouteBuilder(UpgradeExecRouteBuilder _router) external;
/// @notice Gets the data that will be used to update each of the security councils
/// @param nonce The nonce used to generate the timelock salts
/// @return The new members to be added to the councils
/// @return The address of the contract that will be called by the l2 timelock
/// @return The data that will be called from the l2 timelock
function getScheduleUpdateInnerData(uint256 nonce)
external
view
returns (address[] memory, address, bytes memory);
/// @notice Generate the salt used in the timelocks when scheduling an update
/// @param _members The new members to be added
/// @param nonce The manager nonce to make the salt unique - current nonce can be found by calling updateNonce
function generateSalt(address[] memory _members, uint256 nonce)
external
pure
returns (bytes32);
/// @notice Each update increments an internal nonce that keeps updates unique, current value stored here
function updateNonce() external returns (uint256);
/// @notice Upgrade an existing contract and add rotation params
function postUpgradeInit(uint256 _minRotationPeriod, address minRotationPeriodSetter)
external;
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "./IElectionGovernor.sol";
import {Cohort} from "../Common.sol";
import "./ISecurityCouncilMemberElectionGovernor.sol";
import "./ISecurityCouncilManager.sol";
interface ISecurityCouncilNomineeElectionGovernorCountingUpgradeable {
/// @notice Whether the contender has enough votes to be a nominee
function isNominee(uint256 proposalId, address contender) external view returns (bool);
}
/// @notice Minimal interface of nominee election governor required by other contracts
interface ISecurityCouncilNomineeElectionGovernor is
IElectionGovernor,
ISecurityCouncilNomineeElectionGovernorCountingUpgradeable
{
/// @notice Whether the account a compliant nominee for a given proposal
/// A compliant nominee is one who is a nominee, and has not been excluded
/// @param proposalId The id of the proposal
/// @param account The account to check
function isCompliantNominee(uint256 proposalId, address account) external view returns (bool);
/// @notice All compliant nominees of a given proposal
/// A compliant nominee is one who is a nominee, and has not been excluded
function compliantNominees(uint256 proposalId) external view returns (address[] memory);
/// @notice Number of elections created
function electionCount() external returns (uint256);
/// @notice Whether the account is a contender for the proposal
function isContender(uint256 proposalId, address possibleContender)
external
view
returns (bool);
function otherCohort() external view returns (Cohort);
/// @notice Security council manager contract
/// @dev Used to execute the election result immediately if <= 6 compliant nominees are chosen
function securityCouncilManager() external view returns (ISecurityCouncilManager);
/// @notice Security council member election governor contract
function securityCouncilMemberElectionGovernor()
external
view
returns (ISecurityCouncilMemberElectionGovernor);
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "./ISecurityCouncilNomineeElectionGovernor.sol";
interface ISecurityCouncilMemberElectionGovernor {
/// @notice Creates a new member election proposal from the most recent nominee election.
function proposeFromNomineeElectionGovernor(uint256 electionIndex) external returns (uint256);
/// @notice The SecurityCouncilNomineeElectionGovernor that creates proposals for this governor and contains the list of compliant nominees
function nomineeElectionGovernor() external returns (ISecurityCouncilNomineeElectionGovernor);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/ERC1967/ERC1967Proxy.sol)
pragma solidity ^0.8.0;
import "../Proxy.sol";
import "./ERC1967Upgrade.sol";
/**
* @dev This contract implements an upgradeable proxy. It is upgradeable because calls are delegated to an
* implementation address that can be changed. This address is stored in storage in the location specified by
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967], so that it doesn't conflict with the storage layout of the
* implementation behind the proxy.
*/
contract ERC1967Proxy is Proxy, ERC1967Upgrade {
/**
* @dev Initializes the upgradeable proxy with an initial implementation specified by `_logic`.
*
* If `_data` is nonempty, it's used as data in a delegate call to `_logic`. This will typically be an encoded
* function call, and allows initializing the storage of the proxy like a Solidity constructor.
*/
constructor(address _logic, bytes memory _data) payable {
_upgradeToAndCall(_logic, _data, false);
}
/**
* @dev Returns the current implementation address.
*/
function _implementation() internal view virtual override returns (address impl) {
return ERC1967Upgrade._getImplementation();
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (governance/utils/IVotes.sol)
pragma solidity ^0.8.0;
/**
* @dev Common interface for {ERC20Votes}, {ERC721Votes}, and other {Votes}-enabled contracts.
*
* _Available since v4.5._
*/
interface IVotesUpgradeable {
/**
* @dev Emitted when an account changes their delegate.
*/
event DelegateChanged(address indexed delegator, address indexed fromDelegate, address indexed toDelegate);
/**
* @dev Emitted when a token transfer or delegate change results in changes to a delegate's number of votes.
*/
event DelegateVotesChanged(address indexed delegate, uint256 previousBalance, uint256 newBalance);
/**
* @dev Returns the current amount of votes that `account` has.
*/
function getVotes(address account) external view returns (uint256);
/**
* @dev Returns the amount of votes that `account` had at the end of a past block (`blockNumber`).
*/
function getPastVotes(address account, uint256 blockNumber) external view returns (uint256);
/**
* @dev Returns the total supply of votes available at the end of a past block (`blockNumber`).
*
* NOTE: This value is the sum of all available votes, which is not necessarily the sum of all delegated votes.
* Votes that have not been delegated are still part of total supply, even though they would not participate in a
* vote.
*/
function getPastTotalSupply(uint256 blockNumber) external view returns (uint256);
/**
* @dev Returns the delegate that `account` has chosen.
*/
function delegates(address account) external view returns (address);
/**
* @dev Delegates votes from the sender to `delegatee`.
*/
function delegate(address delegatee) external;
/**
* @dev Delegates votes from signer to `delegatee`.
*/
function delegateBySig(
address delegatee,
uint256 nonce,
uint256 expiry,
uint8 v,
bytes32 r,
bytes32 s
) external;
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "@arbitrum/nitro-contracts/src/precompiles/ArbSys.sol";
import "./UpgradeExecutor.sol";
import "./L1ArbitrumTimelock.sol";
import "./security-council-mgmt/Common.sol";
interface DefaultGovAction {
function perform() external;
}
/// @notice The location of an upgrade executor, relative to the host chain.
/// Inbox is set to address(0) if the upgrade executor is on the host chain.
/// Inbox is set to the address of the inbox of another Arbitrum chain if the upgrade executor is
/// is not on the host chain.
struct UpExecLocation {
address inbox; // Inbox should be set to address(0) to signify that the upgrade executor is on the L1/host chain
address upgradeExecutor;
}
struct ChainAndUpExecLocation {
uint256 chainId;
UpExecLocation location;
}
/// @notice Builds calldata to target the execution of action contracts in upgrade executors that exist on other chains.
/// Routes target an upgrade executor which is either on the host chain, or can be accessed via the inbox.
/// So routes are of two possible forms:
/// 1. Withdrawal => L1Timelock => UpgradeExecutor
/// 2. Withdrawal => L1Timelock => Inbox => UpgradeExecutor
/// @dev This contract makes the following assumptions:
/// * It is deployed on an L2 - more specifically it has access to an ArbSys which allows it to make withdrawal
/// transactions to a host chain
/// * It can only target one upgrade executor per chain
/// * The upgrade executors being targeted are either on the host chain, or are Arbitrum chains reachable
/// via inboxes on the host chain
/// * There exists a L1 timelock on the host chain
contract UpgradeExecRouteBuilder {
error UpgadeExecDoesntExist(uint256 chainId);
error UpgradeExecAlreadyExists(uint256 chindId);
error ParamLengthMismatch(uint256 len1, uint256 len2);
error EmptyActionBytesData(bytes[]);
/// @notice The magic value used by the L1 timelock to indicate that a retryable ticket should be created
/// See L1ArbitrumTimelock for more details
address public constant RETRYABLE_TICKET_MAGIC = 0xa723C008e76E379c55599D2E4d93879BeaFDa79C;
/// @notice Default args for creating a proposal, used by createProposalWithDefaulArgs and createProposalBatchWithDefaultArgs
/// Default is function selector for a perform function with no args: 'function perform() external'
bytes public constant DEFAULT_GOV_ACTION_CALLDATA =
abi.encodeWithSelector(DefaultGovAction.perform.selector);
uint256 public constant DEFAULT_VALUE = 0;
/// @notice Default predecessor used when calling the L1 timelock
bytes32 public constant DEFAULT_PREDECESSOR = bytes32(0);
/// @notice Address of the L1 timelock targeted by this route builder
address public immutable l1TimelockAddr;
/// @notice The minimum delay of the L1 timelock targeted by this route builder
/// @dev If the min delay for this timelock changes then a new route builder will need to be deployed
uint256 public immutable l1TimelockMinDelay;
/// @notice Upgrade Executor locations for each chain (chainId => location)
mapping(uint256 => UpExecLocation) public upExecLocations;
/// @param _upgradeExecutors Locations of the upgrade executors on each chain
/// @param _l1ArbitrumTimelock Address of the core gov L1 timelock
/// @param _l1TimelockMinDelay Minimum delay for L1 timelock
constructor(
ChainAndUpExecLocation[] memory _upgradeExecutors,
address _l1ArbitrumTimelock,
uint256 _l1TimelockMinDelay
) {
if (_l1ArbitrumTimelock == address(0)) {
revert ZeroAddress();
}
for (uint256 i = 0; i < _upgradeExecutors.length; i++) {
ChainAndUpExecLocation memory chainAndUpExecLocation = _upgradeExecutors[i];
if (chainAndUpExecLocation.location.upgradeExecutor == address(0)) {
revert ZeroAddress();
}
if (upExecLocationExists(chainAndUpExecLocation.chainId)) {
revert UpgradeExecAlreadyExists(chainAndUpExecLocation.chainId);
}
upExecLocations[chainAndUpExecLocation.chainId] = chainAndUpExecLocation.location;
}
l1TimelockAddr = _l1ArbitrumTimelock;
l1TimelockMinDelay = _l1TimelockMinDelay;
}
/// @notice Check if an upgrade executor exists for the supplied chain id
/// @param _chainId ChainId for target UpExecLocation
function upExecLocationExists(uint256 _chainId) public view returns (bool) {
return upExecLocations[_chainId].upgradeExecutor != address(0);
}
/// @notice Creates the to address and calldata to be called to execute a route to a batch of action contracts.
/// See Governance Action Contracts for more details.
/// @param chainIds Chain ids containing the actions to be called
/// @param actionAddresses Addresses of the action contracts to be called
/// @param actionValues Values to call the action contracts with
/// @param actionDatas Call data to call the action contracts with
/// @param predecessor A predecessor value for the l1 timelock operation
/// @param timelockSalt A salt for the l1 timelock operation
function createActionRouteData(
uint256[] memory chainIds,
address[] memory actionAddresses,
uint256[] memory actionValues,
bytes[] memory actionDatas,
bytes32 predecessor,
bytes32 timelockSalt
) public view returns (address, bytes memory) {
if (chainIds.length != actionAddresses.length) {
revert ParamLengthMismatch(chainIds.length, actionAddresses.length);
}
if (chainIds.length != actionValues.length) {
revert ParamLengthMismatch(chainIds.length, actionValues.length);
}
if (chainIds.length != actionDatas.length) {
revert ParamLengthMismatch(chainIds.length, actionDatas.length);
}
address[] memory schedTargets = new address[](chainIds.length);
uint256[] memory schedValues = new uint256[](chainIds.length);
bytes[] memory schedData = new bytes[](chainIds.length);
// for each chain create calldata that targets the upgrade executor
// from the l1 timelock
for (uint256 i = 0; i < chainIds.length; i++) {
UpExecLocation memory upExecLocation = upExecLocations[chainIds[i]];
if (upExecLocation.upgradeExecutor == address(0)) {
revert UpgadeExecDoesntExist(chainIds[i]);
}
if (actionDatas[i].length == 0) {
revert EmptyActionBytesData(actionDatas);
}
bytes memory executorData = abi.encodeWithSelector(
UpgradeExecutor.execute.selector, actionAddresses[i], actionDatas[i]
);
// for L1, inbox is set to address(0):
if (upExecLocation.inbox == address(0)) {
schedTargets[i] = upExecLocation.upgradeExecutor;
schedValues[i] = actionValues[i];
schedData[i] = executorData;
} else {
// For L2 actions, magic is top level target, and value and calldata are encoded in payload
schedTargets[i] = RETRYABLE_TICKET_MAGIC;
schedValues[i] = 0;
schedData[i] = abi.encode(
upExecLocation.inbox,
upExecLocation.upgradeExecutor,
actionValues[i],
0,
0,
executorData
);
}
}
// batch those calls to execute from the l1 timelock
bytes memory timelockCallData = abi.encodeWithSelector(
L1ArbitrumTimelock.scheduleBatch.selector,
schedTargets,
schedValues,
schedData,
predecessor,
timelockSalt,
l1TimelockMinDelay
);
// create a message to initiate a withdrawal to the L1 timelock
return (
address(100),
abi.encodeWithSelector(ArbSys.sendTxToL1.selector, l1TimelockAddr, timelockCallData)
);
}
/// @notice Creates the to address and calldata to be called to execute a route to a batch of action contracts.
/// Uses common defaults for value, calldata and predecessor.
/// See Governance Action Contracts for more details.
/// @param chainIds Chain ids containing the actions to be called
/// @param actionAddresses Addresses of the action contracts to be called
/// @param timelockSalt A salt for the l1 timelock operation
function createActionRouteDataWithDefaults(
uint256[] memory chainIds,
address[] memory actionAddresses,
bytes32 timelockSalt
) public view returns (address, bytes memory) {
uint256[] memory values = new uint256[](chainIds.length);
bytes[] memory actionDatas = new bytes[](chainIds.length);
for (uint256 i = 0; i < chainIds.length; i++) {
actionDatas[i] = DEFAULT_GOV_ACTION_CALLDATA;
values[i] = DEFAULT_VALUE;
}
return createActionRouteData(
chainIds, actionAddresses, values, actionDatas, DEFAULT_PREDECESSOR, timelockSalt
);
}
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
/// @notice Security council members are members of one of two cohorts.
/// Periodically all the positions on a cohort are put up for election,
/// and the are members replaced with new ones.
enum Cohort {
FIRST,
SECOND
}
/// @notice Date struct for convenience
struct Date {
uint256 year;
uint256 month;
uint256 day;
uint256 hour;
}
error ZeroAddress();
error NotAContract(address account);// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
interface IElectionGovernor {
/// @notice Generate arguments to be passed to the governor propose function
/// @param electionIndex The index of the election to create a proposal for
/// @return Targets
/// @return Values
/// @return Calldatas
/// @return Description
function getProposeArgs(uint256 electionIndex)
external
pure
returns (address[] memory, uint256[] memory, bytes[] memory, string memory);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (proxy/Proxy.sol)
pragma solidity ^0.8.0;
/**
* @dev This abstract contract provides a fallback function that delegates all calls to another contract using the EVM
* instruction `delegatecall`. We refer to the second contract as the _implementation_ behind the proxy, and it has to
* be specified by overriding the virtual {_implementation} function.
*
* Additionally, delegation to the implementation can be triggered manually through the {_fallback} function, or to a
* different contract through the {_delegate} function.
*
* The success and return data of the delegated call will be returned back to the caller of the proxy.
*/
abstract contract Proxy {
/**
* @dev Delegates the current call to `implementation`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _delegate(address implementation) internal virtual {
assembly {
// Copy msg.data. We take full control of memory in this inline assembly
// block because it will not return to Solidity code. We overwrite the
// Solidity scratch pad at memory position 0.
calldatacopy(0, 0, calldatasize())
// Call the implementation.
// out and outsize are 0 because we don't know the size yet.
let result := delegatecall(gas(), implementation, 0, calldatasize(), 0, 0)
// Copy the returned data.
returndatacopy(0, 0, returndatasize())
switch result
// delegatecall returns 0 on error.
case 0 {
revert(0, returndatasize())
}
default {
return(0, returndatasize())
}
}
}
/**
* @dev This is a virtual function that should be overridden so it returns the address to which the fallback function
* and {_fallback} should delegate.
*/
function _implementation() internal view virtual returns (address);
/**
* @dev Delegates the current call to the address returned by `_implementation()`.
*
* This function does not return to its internal call site, it will return directly to the external caller.
*/
function _fallback() internal virtual {
_beforeFallback();
_delegate(_implementation());
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if no other
* function in the contract matches the call data.
*/
fallback() external payable virtual {
_fallback();
}
/**
* @dev Fallback function that delegates calls to the address returned by `_implementation()`. Will run if call data
* is empty.
*/
receive() external payable virtual {
_fallback();
}
/**
* @dev Hook that is called before falling back to the implementation. Can happen as part of a manual `_fallback`
* call, or as part of the Solidity `fallback` or `receive` functions.
*
* If overridden should call `super._beforeFallback()`.
*/
function _beforeFallback() internal virtual {}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (proxy/ERC1967/ERC1967Upgrade.sol)
pragma solidity ^0.8.2;
import "../beacon/IBeacon.sol";
import "../../interfaces/draft-IERC1822.sol";
import "../../utils/Address.sol";
import "../../utils/StorageSlot.sol";
/**
* @dev This abstract contract provides getters and event emitting update functions for
* https://eips.ethereum.org/EIPS/eip-1967[EIP1967] slots.
*
* _Available since v4.1._
*
* @custom:oz-upgrades-unsafe-allow delegatecall
*/
abstract contract ERC1967Upgrade {
// This is the keccak-256 hash of "eip1967.proxy.rollback" subtracted by 1
bytes32 private constant _ROLLBACK_SLOT = 0x4910fdfa16fed3260ed0e7147f7cc6da11a60208b5b9406d12a635614ffd9143;
/**
* @dev Storage slot with the address of the current implementation.
* This is the keccak-256 hash of "eip1967.proxy.implementation" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
/**
* @dev Emitted when the implementation is upgraded.
*/
event Upgraded(address indexed implementation);
/**
* @dev Returns the current implementation address.
*/
function _getImplementation() internal view returns (address) {
return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 implementation slot.
*/
function _setImplementation(address newImplementation) private {
require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
}
/**
* @dev Perform implementation upgrade
*
* Emits an {Upgraded} event.
*/
function _upgradeTo(address newImplementation) internal {
_setImplementation(newImplementation);
emit Upgraded(newImplementation);
}
/**
* @dev Perform implementation upgrade with additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCall(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
_upgradeTo(newImplementation);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(newImplementation, data);
}
}
/**
* @dev Perform implementation upgrade with security checks for UUPS proxies, and additional setup call.
*
* Emits an {Upgraded} event.
*/
function _upgradeToAndCallUUPS(
address newImplementation,
bytes memory data,
bool forceCall
) internal {
// Upgrades from old implementations will perform a rollback test. This test requires the new
// implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
// this special case will break upgrade paths from old UUPS implementation to new ones.
if (StorageSlot.getBooleanSlot(_ROLLBACK_SLOT).value) {
_setImplementation(newImplementation);
} else {
try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
require(slot == _IMPLEMENTATION_SLOT, "ERC1967Upgrade: unsupported proxiableUUID");
} catch {
revert("ERC1967Upgrade: new implementation is not UUPS");
}
_upgradeToAndCall(newImplementation, data, forceCall);
}
}
/**
* @dev Storage slot with the admin of the contract.
* This is the keccak-256 hash of "eip1967.proxy.admin" subtracted by 1, and is
* validated in the constructor.
*/
bytes32 internal constant _ADMIN_SLOT = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103;
/**
* @dev Emitted when the admin account has changed.
*/
event AdminChanged(address previousAdmin, address newAdmin);
/**
* @dev Returns the current admin.
*/
function _getAdmin() internal view returns (address) {
return StorageSlot.getAddressSlot(_ADMIN_SLOT).value;
}
/**
* @dev Stores a new address in the EIP1967 admin slot.
*/
function _setAdmin(address newAdmin) private {
require(newAdmin != address(0), "ERC1967: new admin is the zero address");
StorageSlot.getAddressSlot(_ADMIN_SLOT).value = newAdmin;
}
/**
* @dev Changes the admin of the proxy.
*
* Emits an {AdminChanged} event.
*/
function _changeAdmin(address newAdmin) internal {
emit AdminChanged(_getAdmin(), newAdmin);
_setAdmin(newAdmin);
}
/**
* @dev The storage slot of the UpgradeableBeacon contract which defines the implementation for this proxy.
* This is bytes32(uint256(keccak256('eip1967.proxy.beacon')) - 1)) and is validated in the constructor.
*/
bytes32 internal constant _BEACON_SLOT = 0xa3f0ad74e5423aebfd80d3ef4346578335a9a72aeaee59ff6cb3582b35133d50;
/**
* @dev Emitted when the beacon is upgraded.
*/
event BeaconUpgraded(address indexed beacon);
/**
* @dev Returns the current beacon.
*/
function _getBeacon() internal view returns (address) {
return StorageSlot.getAddressSlot(_BEACON_SLOT).value;
}
/**
* @dev Stores a new beacon in the EIP1967 beacon slot.
*/
function _setBeacon(address newBeacon) private {
require(Address.isContract(newBeacon), "ERC1967: new beacon is not a contract");
require(
Address.isContract(IBeacon(newBeacon).implementation()),
"ERC1967: beacon implementation is not a contract"
);
StorageSlot.getAddressSlot(_BEACON_SLOT).value = newBeacon;
}
/**
* @dev Perform beacon upgrade with additional setup call. Note: This upgrades the address of the beacon, it does
* not upgrade the implementation contained in the beacon (see {UpgradeableBeacon-_setImplementation} for that).
*
* Emits a {BeaconUpgraded} event.
*/
function _upgradeBeaconToAndCall(
address newBeacon,
bytes memory data,
bool forceCall
) internal {
_setBeacon(newBeacon);
emit BeaconUpgraded(newBeacon);
if (data.length > 0 || forceCall) {
Address.functionDelegateCall(IBeacon(newBeacon).implementation(), data);
}
}
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
// SPDX-License-Identifier: BUSL-1.1
pragma solidity >=0.4.21 <0.9.0;
/**
* @title System level functionality
* @notice For use by contracts to interact with core L2-specific functionality.
* Precompiled contract that exists in every Arbitrum chain at address(100), 0x0000000000000000000000000000000000000064.
*/
interface ArbSys {
/**
* @notice Get Arbitrum block number (distinct from L1 block number; Arbitrum genesis block has block number 0)
* @return block number as int
*/
function arbBlockNumber() external view returns (uint256);
/**
* @notice Get Arbitrum block hash (reverts unless currentBlockNum-256 <= arbBlockNum < currentBlockNum)
* @return block hash
*/
function arbBlockHash(uint256 arbBlockNum) external view returns (bytes32);
/**
* @notice Gets the rollup's unique chain identifier
* @return Chain identifier as int
*/
function arbChainID() external view returns (uint256);
/**
* @notice Get internal version number identifying an ArbOS build
* @return version number as int
*/
function arbOSVersion() external view returns (uint256);
/**
* @notice Returns 0 since Nitro has no concept of storage gas
* @return uint 0
*/
function getStorageGasAvailable() external view returns (uint256);
/**
* @notice (deprecated) check if current call is top level (meaning it was triggered by an EoA or a L1 contract)
* @dev this call has been deprecated and may be removed in a future release
* @return true if current execution frame is not a call by another L2 contract
*/
function isTopLevelCall() external view returns (bool);
/**
* @notice map L1 sender contract address to its L2 alias
* @param sender sender address
* @param unused argument no longer used
* @return aliased sender address
*/
function mapL1SenderContractAddressToL2Alias(address sender, address unused)
external
pure
returns (address);
/**
* @notice check if the caller (of this caller of this) is an aliased L1 contract address
* @return true iff the caller's address is an alias for an L1 contract address
*/
function wasMyCallersAddressAliased() external view returns (bool);
/**
* @notice return the address of the caller (of this caller of this), without applying L1 contract address aliasing
* @return address of the caller's caller, without applying L1 contract address aliasing
*/
function myCallersAddressWithoutAliasing() external view returns (address);
/**
* @notice Send given amount of Eth to dest from sender.
* This is a convenience function, which is equivalent to calling sendTxToL1 with empty data.
* @param destination recipient address on L1
* @return unique identifier for this L2-to-L1 transaction.
*/
function withdrawEth(address destination) external payable returns (uint256);
/**
* @notice Send a transaction to L1
* @dev it is not possible to execute on the L1 any L2-to-L1 transaction which contains data
* to a contract address without any code (as enforced by the Bridge contract).
* @param destination recipient address on L1
* @param data (optional) calldata for L1 contract call
* @return a unique identifier for this L2-to-L1 transaction.
*/
function sendTxToL1(address destination, bytes calldata data)
external
payable
returns (uint256);
/**
* @notice Get send Merkle tree state
* @return size number of sends in the history
* @return root root hash of the send history
* @return partials hashes of partial subtrees in the send history tree
*/
function sendMerkleTreeState()
external
view
returns (
uint256 size,
bytes32 root,
bytes32[] memory partials
);
/**
* @notice creates a send txn from L2 to L1
* @param position = (level << 192) + leaf = (0 << 192) + leaf = leaf
*/
event L2ToL1Tx(
address caller,
address indexed destination,
uint256 indexed hash,
uint256 indexed position,
uint256 arbBlockNum,
uint256 ethBlockNum,
uint256 timestamp,
uint256 callvalue,
bytes data
);
/// @dev DEPRECATED in favour of the new L2ToL1Tx event above after the nitro upgrade
event L2ToL1Transaction(
address caller,
address indexed destination,
uint256 indexed uniqueId,
uint256 indexed batchNumber,
uint256 indexInBatch,
uint256 arbBlockNum,
uint256 ethBlockNum,
uint256 timestamp,
uint256 callvalue,
bytes data
);
/**
* @notice logs a merkle branch for proof synthesis
* @param reserved an index meant only to align the 4th index with L2ToL1Transaction's 4th event
* @param hash the merkle hash
* @param position = (level << 192) + leaf
*/
event SendMerkleUpdate(
uint256 indexed reserved,
bytes32 indexed hash,
uint256 indexed position
);
error InvalidBlockNumber(uint256 requested, uint256 current);
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
import "@openzeppelin/contracts/utils/Address.sol";
/// @title A root contract from which it execute upgrades
/// @notice Does not contain upgrade logic itself, only the means to call upgrade contracts and execute them
/// @dev We use these upgrade contracts as they allow multiple actions to take place in an upgrade
/// and for these actions to interact. However because we are delegatecalling into these upgrade
/// contracts, it's important that these upgrade contract do not touch or modify contract state.
contract UpgradeExecutor is Initializable, AccessControlUpgradeable, ReentrancyGuard {
using Address for address;
bytes32 public constant ADMIN_ROLE = keccak256("ADMIN_ROLE");
bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE");
/// @notice Emitted when an upgrade execution occurs
event UpgradeExecuted(address indexed upgrade, uint256 value, bytes data);
constructor() {
_disableInitializers();
}
/// @notice Initialise the upgrade executor
/// @param admin The admin who can update other roles, and itself - ADMIN_ROLE
/// @param executors Can call the execute function - EXECUTOR_ROLE
function initialize(address admin, address[] memory executors) public initializer {
require(admin != address(0), "UpgradeExecutor: zero admin");
__AccessControl_init();
_setRoleAdmin(ADMIN_ROLE, ADMIN_ROLE);
_setRoleAdmin(EXECUTOR_ROLE, ADMIN_ROLE);
_setupRole(ADMIN_ROLE, admin);
for (uint256 i = 0; i < executors.length; ++i) {
_setupRole(EXECUTOR_ROLE, executors[i]);
}
}
/// @notice Execute an upgrade by delegate calling an upgrade contract
/// @dev Only executor can call this. Since we're using a delegatecall here the Upgrade contract
/// will have access to the state of this contract - including the roles. Only upgrade contracts
/// that do not touch local state should be used.
function execute(address upgrade, bytes memory upgradeCallData)
public
payable
onlyRole(EXECUTOR_ROLE)
nonReentrant
{
// OZ Address library check if the address is a contract and bubble up inner revert reason
address(upgrade).functionDelegateCall(
upgradeCallData, "UpgradeExecutor: inner delegate call failed without reason"
);
emit UpgradeExecuted(upgrade, msg.value, upgradeCallData);
}
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "@arbitrum/nitro-contracts/src/bridge/IInbox.sol";
import "./L1ArbitrumMessenger.sol";
import "./ArbitrumTimelock.sol";
interface IInboxSubmissionFee {
function calculateRetryableSubmissionFee(uint256 dataLength, uint256 baseFee)
external
view
returns (uint256);
}
/// @title L1 timelock for executing propsals on L1 or forwarding them back to L2
/// @dev Only accepts proposals from a counterparty L2 timelock
/// If ever upgrading to a later version of TimelockControllerUpgradeable be sure to check that
/// no new behaviour has been given to the PROPOSER role, as this is assigned to the bridge
/// and any new behaviour should be overriden to also include the 'onlyCounterpartTimelock' modifier check
contract L1ArbitrumTimelock is ArbitrumTimelock, L1ArbitrumMessenger {
/// @notice The magic address to be used when a retryable ticket is to be created
/// @dev When the target of an proposal is this magic value then the proposal
/// will be formed into a retryable ticket and posted to an inbox provided in
/// the data
/// address below is: address(bytes20(keccak256(bytes("retryable ticket magic"))));
/// we hardcode the bytes rather than the string as it's slightly cheaper
/// we use the bytes20 of the keccak since just the bytes20 of the string doesnt contain
/// many letters which would make EIP-55 checksum checking less useful
address public constant RETRYABLE_TICKET_MAGIC = 0xa723C008e76E379c55599D2E4d93879BeaFDa79C;
/// @notice The inbox for the L2 where governance is based
address public governanceChainInbox;
/// @notice The timelock of the governance contract on L2
address public l2Timelock;
constructor() {
_disableInitializers();
}
/// @notice Initialise the L1 timelock
/// @param minDelay The minimum amount of delay this timelock should enforce
/// @param executors The addresses that can execute a proposal (set address(0) for open execution)
/// @param _governanceChainInbox The address of the inbox contract, for the L2 chain on which governance is based.
/// For the Arbitrum DAO this the Arb1 inbox
/// @param _l2Timelock The address of the timelock on the L2 where governance is based
/// For the Arbitrum DAO this the Arbitrum DAO timelock on Arb1
function initialize(
uint256 minDelay,
address[] memory executors,
address _governanceChainInbox,
address _l2Timelock
) external initializer {
require(_governanceChainInbox != address(0), "L1ArbitrumTimelock: zero inbox");
require(_l2Timelock != address(0), "L1ArbitrumTimelock: zero l2 timelock");
// this timelock doesnt accept any proposers since they wont pass the
// onlyCounterpartTimelock check
address[] memory proposers;
__ArbitrumTimelock_init(minDelay, proposers, executors);
governanceChainInbox = _governanceChainInbox;
l2Timelock = _l2Timelock;
// the bridge is allowed to create proposals
// and we ensure that the l2 caller is the l2timelock
// by using the onlyCounterpartTimelock modifier
address bridge = address(getBridge(_governanceChainInbox));
grantRole(PROPOSER_ROLE, bridge);
}
modifier onlyCounterpartTimelock() {
// this bridge == msg.sender check is redundant in all the places that
// we currently use this modifier since we call a function on super
// that also checks the proposer role, which we enforce is in the intializer above
// so although the msg.sender is being checked against the bridge twice we
// still leave this check here for consistency of this function and in case
// onlyCounterpartTimelock is used on other functions without this proposer check
// in future
address govChainBridge = address(getBridge(governanceChainInbox));
require(msg.sender == govChainBridge, "L1ArbitrumTimelock: not from bridge");
// the outbox reports that the L2 address of the sender is the counterpart gateway
address l2ToL1Sender = super.getL2ToL1Sender(governanceChainInbox);
require(l2ToL1Sender == l2Timelock, "L1ArbitrumTimelock: not from l2 timelock");
_;
}
/// @inheritdoc TimelockControllerUpgradeable
/// @notice Care should be taken when batching together proposals that make cross chain calls
/// Since cross chain calls are async, it is not guaranteed that they will be executed cross
/// chain in the same order that they are executed in this timelock. Do not use
/// the predecessor field to preserve ordering in these situations.
/// @dev Adds the restriction that only the counterparty timelock can call this func
/// @param predecessor Do not use predecessor to preserve ordering for proposals that make cross
/// chain calls, since those calls are executed async it and do not preserve order themselves.
function scheduleBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) public virtual override(TimelockControllerUpgradeable) onlyCounterpartTimelock {
TimelockControllerUpgradeable.scheduleBatch(
targets, values, payloads, predecessor, salt, delay
);
}
/// @inheritdoc TimelockControllerUpgradeable
/// @dev Adds the restriction that only the counterparty timelock can call this func
/// @param predecessor Do not use predecessor to preserve ordering for proposals that make cross
/// chain calls, since those calls are executed async it and do not preserve order themselves.
function schedule(
address target,
uint256 value,
bytes calldata data,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) public virtual override(TimelockControllerUpgradeable) onlyCounterpartTimelock {
TimelockControllerUpgradeable.schedule(target, value, data, predecessor, salt, delay);
}
/// @dev If the target is reserved "magic" retryable ticket address address(bytes20(bytes("retryable ticket magic")))
/// we create a retryable ticket at provided inbox; otherwise, we execute directly
function _execute(address target, uint256 value, bytes calldata data)
internal
virtual
override
{
if (target == RETRYABLE_TICKET_MAGIC) {
// if the target is reserved retryable ticket address,
// we retrieve the inbox from the data object and
// then we create a retryable ticket,
(
address targetInbox,
address l2Target,
uint256 l2Value,
// it isn't strictly necessary to allow gasLimit and maxFeePerGas to be provided
// here as these can be updated when executing the retryable on L2. However, a proposal
// might provide reasonable values here, and in the optimistic case they will provide
// enough gas for l2 execution, and therefore a manual redeem of the retryable on L2 won't
// be required
uint256 gasLimit,
uint256 maxFeePerGas,
bytes memory l2Calldata
) = abi.decode(data, (address, address, uint256, uint256, uint256, bytes));
// submission fee is dependent on base fee, by looking this up here
// and ensuring we send enough value to cover it we can be sure that
// a retryable ticket will be created.
uint256 submissionCost = IInboxSubmissionFee(targetInbox)
.calculateRetryableSubmissionFee(l2Calldata.length, block.basefee);
// create a retryable ticket
// note that the "value" argument has been completely ignored as it cannot . The msg.sender then needs to supply value to this
// function to cover the calculated value.
sendTxToL2CustomRefund(
targetInbox,
l2Target,
// we set the msg.sender as the fee refund address as the sender here as it may be hard
// for the sender here to provide the exact amount of value (that depends on the current basefee)
// so if they provide extra the leftovers will be sent to their address on L2
msg.sender,
// this is the callValueRefundAddress which is able to cancel() the retryable
// it's important that only this address, or another DAO controlled one is able to
// cancel, otherwise anyone could cancel, and therefore block, the upgrade
address(this),
// Enough value needs to be sent to cover both the l2 value and the l2 gas costs
// The value for each of these must be injected via msg.value or via calling receive and providing value earlier
// It is hard for the caller to estimate the submissionCost offchain since by the time the tx is mined the l1 base fee may have changed.
// Therefore it is expected that the caller will need to provide slightly more value than is actually used,
// leaving some surplus in this contrat after execution has completed. This contract does not
// provide a way to retrieve this surplus, since it is expected that the surplus will be very small.
// Should a caller wish to they could call this contract from another one which does the exact submission cost
// estimation, but doing so would likely be more expensive than just sacrificing the surplus/
l2Value + submissionCost + (gasLimit * maxFeePerGas),
l2Value,
L2GasParams({
_maxSubmissionCost: submissionCost,
_maxGas: gasLimit,
_gasPriceBid: maxFeePerGas
}),
l2Calldata
);
} else {
if (data.length != 0) {
// check the target has code if data was supplied
// this is a bit more important than normal here since if the magic is improperly
// specified in the proposal then we'll end up in this code block
// generally though, all proposals with data that specify a target with no code should
// be voted against
uint256 size = target.code.length;
require(size > 0, "L1ArbitrumTimelock: target must be contract");
}
// Not a retryable ticket, so we simply execute
super._execute(target, value, data);
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (proxy/beacon/IBeacon.sol)
pragma solidity ^0.8.0;
/**
* @dev This is the interface that {BeaconProxy} expects of its beacon.
*/
interface IBeacon {
/**
* @dev Must return an address that can be used as a delegate call target.
*
* {BeaconProxy} will check that this address is a contract.
*/
function implementation() external view returns (address);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (interfaces/draft-IERC1822.sol)
pragma solidity ^0.8.0;
/**
* @dev ERC1822: Universal Upgradeable Proxy Standard (UUPS) documents a method for upgradeability through a simplified
* proxy whose upgrades are fully controlled by the current implementation.
*/
interface IERC1822Proxiable {
/**
* @dev Returns the storage slot that the proxiable contract assumes is being used to store the implementation
* address.
*
* IMPORTANT: A proxy pointing at a proxiable contract should not be considered proxiable itself, because this risks
* bricking a proxy that upgrades to it, by delegating to itself until out of gas. Thus it is critical that this
* function revert if invoked through a proxy.
*/
function proxiableUUID() external view returns (bytes32);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
require(isContract(target), "Address: delegate call to non-contract");
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/StorageSlot.sol)
pragma solidity ^0.8.0;
/**
* @dev Library for reading and writing primitive types to specific storage slots.
*
* Storage slots are often used to avoid storage conflict when dealing with upgradeable contracts.
* This library helps with reading and writing to such slots without the need for inline assembly.
*
* The functions in this library return Slot structs that contain a `value` member that can be used to read or write.
*
* Example usage to set ERC1967 implementation slot:
* ```
* contract ERC1967 {
* bytes32 internal constant _IMPLEMENTATION_SLOT = 0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc;
*
* function _getImplementation() internal view returns (address) {
* return StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value;
* }
*
* function _setImplementation(address newImplementation) internal {
* require(Address.isContract(newImplementation), "ERC1967: new implementation is not a contract");
* StorageSlot.getAddressSlot(_IMPLEMENTATION_SLOT).value = newImplementation;
* }
* }
* ```
*
* _Available since v4.1 for `address`, `bool`, `bytes32`, and `uint256`._
*/
library StorageSlot {
struct AddressSlot {
address value;
}
struct BooleanSlot {
bool value;
}
struct Bytes32Slot {
bytes32 value;
}
struct Uint256Slot {
uint256 value;
}
/**
* @dev Returns an `AddressSlot` with member `value` located at `slot`.
*/
function getAddressSlot(bytes32 slot) internal pure returns (AddressSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `BooleanSlot` with member `value` located at `slot`.
*/
function getBooleanSlot(bytes32 slot) internal pure returns (BooleanSlot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Bytes32Slot` with member `value` located at `slot`.
*/
function getBytes32Slot(bytes32 slot) internal pure returns (Bytes32Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
/**
* @dev Returns an `Uint256Slot` with member `value` located at `slot`.
*/
function getUint256Slot(bytes32 slot) internal pure returns (Uint256Slot storage r) {
/// @solidity memory-safe-assembly
assembly {
r.slot := slot
}
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (access/AccessControl.sol)
pragma solidity ^0.8.0;
import "./IAccessControlUpgradeable.sol";
import "../utils/ContextUpgradeable.sol";
import "../utils/StringsUpgradeable.sol";
import "../utils/introspection/ERC165Upgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it.
*/
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControlUpgradeable, ERC165Upgradeable {
function __AccessControl_init() internal onlyInitializing {
}
function __AccessControl_init_unchained() internal onlyInitializing {
}
struct RoleData {
mapping(address => bool) members;
bytes32 adminRole;
}
mapping(bytes32 => RoleData) private _roles;
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with a standardized message including the required role.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*
* _Available since v4.1._
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControlUpgradeable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual override returns (bool) {
return _roles[role].members[account];
}
/**
* @dev Revert with a standard message if `_msgSender()` is missing `role`.
* Overriding this function changes the behavior of the {onlyRole} modifier.
*
* Format of the revert message is described in {_checkRole}.
*
* _Available since v4.6._
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Revert with a standard message if `account` is missing `role`.
*
* The format of the revert reason is given by the following regular expression:
*
* /^AccessControl: account (0x[0-9a-f]{40}) is missing role (0x[0-9a-f]{64})$/
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert(
string(
abi.encodePacked(
"AccessControl: account ",
StringsUpgradeable.toHexString(uint160(account), 20),
" is missing role ",
StringsUpgradeable.toHexString(uint256(role), 32)
)
)
);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual override returns (bytes32) {
return _roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual override onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address account) public virtual override {
require(account == _msgSender(), "AccessControl: can only renounce roles for self");
_revokeRole(role, account);
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event. Note that unlike {grantRole}, this function doesn't perform any
* checks on the calling account.
*
* May emit a {RoleGranted} event.
*
* [WARNING]
* ====
* This function should only be called from the constructor when setting
* up the initial roles for the system.
*
* Using this function in any other way is effectively circumventing the admin
* system imposed by {AccessControl}.
* ====
*
* NOTE: This function is deprecated in favor of {_grantRole}.
*/
function _setupRole(bytes32 role, address account) internal virtual {
_grantRole(role, account);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
bytes32 previousAdminRole = getRoleAdmin(role);
_roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Grants `role` to `account`.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual {
if (!hasRole(role, account)) {
_roles[role].members[account] = true;
emit RoleGranted(role, account, _msgSender());
}
}
/**
* @dev Revokes `role` from `account`.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual {
if (hasRole(role, account)) {
_roles[role].members[account] = false;
emit RoleRevoked(role, account, _msgSender());
}
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[49] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (security/ReentrancyGuard.sol)
pragma solidity ^0.8.0;
/**
* @dev Contract module that helps prevent reentrant calls to a function.
*
* Inheriting from `ReentrancyGuard` will make the {nonReentrant} modifier
* available, which can be applied to functions to make sure there are no nested
* (reentrant) calls to them.
*
* Note that because there is a single `nonReentrant` guard, functions marked as
* `nonReentrant` may not call one another. This can be worked around by making
* those functions `private`, and then adding `external` `nonReentrant` entry
* points to them.
*
* TIP: If you would like to learn more about reentrancy and alternative ways
* to protect against it, check out our blog post
* https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul].
*/
abstract contract ReentrancyGuard {
// Booleans are more expensive than uint256 or any type that takes up a full
// word because each write operation emits an extra SLOAD to first read the
// slot's contents, replace the bits taken up by the boolean, and then write
// back. This is the compiler's defense against contract upgrades and
// pointer aliasing, and it cannot be disabled.
// The values being non-zero value makes deployment a bit more expensive,
// but in exchange the refund on every call to nonReentrant will be lower in
// amount. Since refunds are capped to a percentage of the total
// transaction's gas, it is best to keep them low in cases like this one, to
// increase the likelihood of the full refund coming into effect.
uint256 private constant _NOT_ENTERED = 1;
uint256 private constant _ENTERED = 2;
uint256 private _status;
constructor() {
_status = _NOT_ENTERED;
}
/**
* @dev Prevents a contract from calling itself, directly or indirectly.
* Calling a `nonReentrant` function from another `nonReentrant`
* function is not supported. It is possible to prevent this from happening
* by making the `nonReentrant` function external, and making it call a
* `private` function that does the actual work.
*/
modifier nonReentrant() {
// On the first call to nonReentrant, _notEntered will be true
require(_status != _ENTERED, "ReentrancyGuard: reentrant call");
// Any calls to nonReentrant after this point will fail
_status = _ENTERED;
_;
// By storing the original value once again, a refund is triggered (see
// https://eips.ethereum.org/EIPS/eip-2200)
_status = _NOT_ENTERED;
}
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/nitro/blob/master/LICENSE
// SPDX-License-Identifier: BUSL-1.1
// solhint-disable-next-line compiler-version
pragma solidity >=0.6.9 <0.9.0;
import "./IBridge.sol";
import "./IInboxBase.sol";
interface IInbox is IInboxBase {
function sendL1FundedUnsignedTransaction(
uint256 gasLimit,
uint256 maxFeePerGas,
uint256 nonce,
address to,
bytes calldata data
) external payable returns (uint256);
function sendL1FundedContractTransaction(
uint256 gasLimit,
uint256 maxFeePerGas,
address to,
bytes calldata data
) external payable returns (uint256);
/**
* @dev This method can only be called upon L1 fork and will not alias the caller
* This method will revert if not called from origin
*/
function sendL1FundedUnsignedTransactionToFork(
uint256 gasLimit,
uint256 maxFeePerGas,
uint256 nonce,
address to,
bytes calldata data
) external payable returns (uint256);
/**
* @dev This method can only be called upon L1 fork and will not alias the caller
* This method will revert if not called from origin
*/
function sendUnsignedTransactionToFork(
uint256 gasLimit,
uint256 maxFeePerGas,
uint256 nonce,
address to,
uint256 value,
bytes calldata data
) external returns (uint256);
/**
* @notice Send a message to initiate L2 withdrawal
* @dev This method can only be called upon L1 fork and will not alias the caller
* This method will revert if not called from origin
*/
function sendWithdrawEthToFork(
uint256 gasLimit,
uint256 maxFeePerGas,
uint256 nonce,
uint256 value,
address withdrawTo
) external returns (uint256);
/**
* @notice Deposit eth from L1 to L2 to address of the sender if sender is an EOA, and to its aliased address if the sender is a contract
* @dev This does not trigger the fallback function when receiving in the L2 side.
* Look into retryable tickets if you are interested in this functionality.
* @dev This function should not be called inside contract constructors
*/
function depositEth() external payable returns (uint256);
/**
* @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts
* @dev all msg.value will deposited to callValueRefundAddress on L2
* @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error
* @param to destination L2 contract address
* @param l2CallValue call value for retryable L2 message
* @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee
* @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance
* @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled
* @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
* @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
* @param data ABI encoded data of L2 message
* @return unique message number of the retryable transaction
*/
function createRetryableTicket(
address to,
uint256 l2CallValue,
uint256 maxSubmissionCost,
address excessFeeRefundAddress,
address callValueRefundAddress,
uint256 gasLimit,
uint256 maxFeePerGas,
bytes calldata data
) external payable returns (uint256);
/**
* @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts
* @dev Same as createRetryableTicket, but does not guarantee that submission will succeed by requiring the needed funds
* come from the deposit alone, rather than falling back on the user's L2 balance
* @dev Advanced usage only (does not rewrite aliases for excessFeeRefundAddress and callValueRefundAddress).
* createRetryableTicket method is the recommended standard.
* @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error
* @param to destination L2 contract address
* @param l2CallValue call value for retryable L2 message
* @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee
* @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance
* @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled
* @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
* @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
* @param data ABI encoded data of L2 message
* @return unique message number of the retryable transaction
*/
function unsafeCreateRetryableTicket(
address to,
uint256 l2CallValue,
uint256 maxSubmissionCost,
address excessFeeRefundAddress,
address callValueRefundAddress,
uint256 gasLimit,
uint256 maxFeePerGas,
bytes calldata data
) external payable returns (uint256);
// ---------- initializer ----------
/**
* @dev function to be called one time during the inbox upgrade process
* this is used to fix the storage slots
*/
function postUpgradeInit(IBridge _bridge) external;
}// SPDX-License-Identifier: Apache-2.0
/*
* Copyright 2020, Offchain Labs, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
pragma solidity ^0.8.16;
import "@arbitrum/nitro-contracts/src/bridge/IInbox.sol";
import "@arbitrum/nitro-contracts/src/bridge/IOutbox.sol";
// Direct copy of https://github.com/OffchainLabs/token-bridge-contracts/blob/7f5800351175008ba676ae6ee166a6069f659c20/contracts/tokenbridge/ethereum/L1ArbitrumMessenger.sol
// Copied rather than imported because of clashing solidity versions
/// @notice L1 utility contract to assist with L1 <=> L2 interactions
/// @dev this is an abstract contract instead of library so the functions can be easily overriden when testing
abstract contract L1ArbitrumMessenger {
event TxToL2(address indexed _from, address indexed _to, uint256 indexed _seqNum, bytes _data);
struct L2GasParams {
uint256 _maxSubmissionCost;
uint256 _maxGas;
uint256 _gasPriceBid;
}
function sendTxToL2CustomRefund(
address _inbox,
address _to,
address _refundTo,
address _user,
uint256 _l1CallValue,
uint256 _l2CallValue,
L2GasParams memory _l2GasParams,
bytes memory _data
) internal returns (uint256) {
// alternative function entry point when struggling with the stack size
return sendTxToL2CustomRefund(
_inbox,
_to,
_refundTo,
_user,
_l1CallValue,
_l2CallValue,
_l2GasParams._maxSubmissionCost,
_l2GasParams._maxGas,
_l2GasParams._gasPriceBid,
_data
);
}
function sendTxToL2(
address _inbox,
address _to,
address _user,
uint256 _l1CallValue,
uint256 _l2CallValue,
L2GasParams memory _l2GasParams,
bytes memory _data
) internal returns (uint256) {
// alternative function entry point when struggling with the stack size
return sendTxToL2(
_inbox,
_to,
_user,
_l1CallValue,
_l2CallValue,
_l2GasParams._maxSubmissionCost,
_l2GasParams._maxGas,
_l2GasParams._gasPriceBid,
_data
);
}
function sendTxToL2CustomRefund(
address _inbox,
address _to,
address _refundTo,
address _user,
uint256 _l1CallValue,
uint256 _l2CallValue,
uint256 _maxSubmissionCost,
uint256 _maxGas,
uint256 _gasPriceBid,
bytes memory _data
) internal returns (uint256) {
uint256 seqNum = IInbox(_inbox).createRetryableTicket{value: _l1CallValue}(
_to,
_l2CallValue,
_maxSubmissionCost,
_refundTo, // only refund excess fee to the custom address
_user, // user can cancel the retryable and receive call value refund
_maxGas,
_gasPriceBid,
_data
);
emit TxToL2(_user, _to, seqNum, _data);
return seqNum;
}
function sendTxToL2(
address _inbox,
address _to,
address _user,
uint256 _l1CallValue,
uint256 _l2CallValue,
uint256 _maxSubmissionCost,
uint256 _maxGas,
uint256 _gasPriceBid,
bytes memory _data
) internal returns (uint256) {
return sendTxToL2CustomRefund(
_inbox,
_to,
_user,
_user,
_l1CallValue,
_l2CallValue,
_maxSubmissionCost,
_maxGas,
_gasPriceBid,
_data
);
}
function getBridge(address _inbox) internal view returns (IBridge) {
return IInbox(_inbox).bridge();
}
/// @dev the l2ToL1Sender behaves as the tx.origin, the msg.sender should be validated to protect against reentrancies
function getL2ToL1Sender(address _inbox) internal view returns (address) {
IOutbox outbox = IOutbox(getBridge(_inbox).activeOutbox());
address l2ToL1Sender = outbox.l2ToL1Sender();
require(l2ToL1Sender != address(0), "NO_SENDER");
return l2ToL1Sender;
}
}// SPDX-License-Identifier: Apache-2.0
pragma solidity 0.8.16;
import "@openzeppelin/contracts-upgradeable/governance/TimelockControllerUpgradeable.sol";
/// @title Timelock to be used in Arbitrum governance
/// @notice Take care when using the predecessor field when scheduling. Since proposals
/// can make cross chain calls and those calls are async, it is not guaranteed that they will
// be executed cross chain in the same order that they are executed in this timelock. Do not use
/// the predecessor field to preserve ordering in these situations.
/// @dev This contract adds the ability to initialize TimelockControllerUpgradeable, and also has custom
/// logic for setting the min delay.
contract ArbitrumTimelock is TimelockControllerUpgradeable {
constructor() {
_disableInitializers();
}
// named differently to the private _minDelay on the base to avoid confusion
uint256 private _arbMinDelay;
/// @dev This empty reserved space is put in place to allow future versions to add new
/// variables without shifting down storage in the inheritance chain.
/// See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
uint256[49] private __gap;
/// @notice Initialise the timelock
/// @param minDelay The minimum amount of delay enforced by this timelock
/// @param proposers The accounts allowed to propose actions
/// @param executors The accounts allowed to execute action
function initialize(uint256 minDelay, address[] memory proposers, address[] memory executors)
external
initializer
{
__ArbitrumTimelock_init(minDelay, proposers, executors);
}
function __ArbitrumTimelock_init(
uint256 minDelay,
address[] memory proposers,
address[] memory executors
) internal onlyInitializing {
// although we're passing minDelay into the TimelockController_init the state variable that it
// sets will not be used since we override getMinDelay below. Given that we could pass in a 0
// here to be clear that this param isn't used, however __TimelockController_init also emits the
// MinDelayChange event so it's useful to keep the same value there as we are setting here
__TimelockController_init(minDelay, proposers, executors);
_arbMinDelay = minDelay;
}
/**
* @dev Changes the minimum timelock duration for future operations.
*
* Emits a {MinDelayChange} event.
*
* Requirements:
*
* - the caller must have the TIMELOCK_ADMIN_ROLE role.
*
* This function is override to preserve the invariants that all changes to the system
* must do a round trip, and must be executed from an UpgradeExecutor. The overriden function
* only allows delay to be set by address(this). This is done by creating a proposal that has
* address(this) as its target, and call updateDelay upon execution. This would mean that a
* proposal could set the delay directly on the timelock, without originating from an UpgradeExecutor.
* Here we override the the function and only allow it to be set by the timelock admin
* which is expected to be the UpgradeExecutor to avoid the above scenario.
*
* It should be noted that although the avoided scenario does break the invariants we wish to
* maintain, it doesn't pose a security risk as the proposal would still have to go through one timelock to change
* the delay, and then future proposals would still need to go through the other timelocks.
* So upon seeing the proposal to change the timelock users would still need to intiate their exits
* before the timelock duration has passed, which is the same requirement we have for proposals
* that properly do round trips.
*/
function updateDelay(uint256 newDelay)
external
virtual
override
onlyRole(TIMELOCK_ADMIN_ROLE)
{
emit MinDelayChange(_arbMinDelay, newDelay);
_arbMinDelay = newDelay;
}
/// @inheritdoc TimelockControllerUpgradeable
function getMinDelay() public view virtual override returns (uint256 duration) {
return _arbMinDelay;
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/IAccessControl.sol)
pragma solidity ^0.8.0;
/**
* @dev External interface of AccessControl declared to support ERC165 detection.
*/
interface IAccessControlUpgradeable {
/**
* @dev Emitted when `newAdminRole` is set as ``role``'s admin role, replacing `previousAdminRole`
*
* `DEFAULT_ADMIN_ROLE` is the starting admin for all roles, despite
* {RoleAdminChanged} not being emitted signaling this.
*
* _Available since v3.1._
*/
event RoleAdminChanged(bytes32 indexed role, bytes32 indexed previousAdminRole, bytes32 indexed newAdminRole);
/**
* @dev Emitted when `account` is granted `role`.
*
* `sender` is the account that originated the contract call, an admin role
* bearer except when using {AccessControl-_setupRole}.
*/
event RoleGranted(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Emitted when `account` is revoked `role`.
*
* `sender` is the account that originated the contract call:
* - if using `revokeRole`, it is the admin role bearer
* - if using `renounceRole`, it is the role bearer (i.e. `account`)
*/
event RoleRevoked(bytes32 indexed role, address indexed account, address indexed sender);
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) external view returns (bool);
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {AccessControl-_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) external view returns (bytes32);
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function grantRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*/
function revokeRole(bytes32 role, address account) external;
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been granted `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `account`.
*/
function renounceRole(bytes32 role, address account) external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
import "../proxy/utils/Initializable.sol";
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract ContextUpgradeable is Initializable {
function __Context_init() internal onlyInitializing {
}
function __Context_init_unchained() internal onlyInitializing {
}
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/Strings.sol)
pragma solidity ^0.8.0;
/**
* @dev String operations.
*/
library StringsUpgradeable {
bytes16 private constant _HEX_SYMBOLS = "0123456789abcdef";
uint8 private constant _ADDRESS_LENGTH = 20;
/**
* @dev Converts a `uint256` to its ASCII `string` decimal representation.
*/
function toString(uint256 value) internal pure returns (string memory) {
// Inspired by OraclizeAPI's implementation - MIT licence
// https://github.com/oraclize/ethereum-api/blob/b42146b063c7d6ee1358846c198246239e9360e8/oraclizeAPI_0.4.25.sol
if (value == 0) {
return "0";
}
uint256 temp = value;
uint256 digits;
while (temp != 0) {
digits++;
temp /= 10;
}
bytes memory buffer = new bytes(digits);
while (value != 0) {
digits -= 1;
buffer[digits] = bytes1(uint8(48 + uint256(value % 10)));
value /= 10;
}
return string(buffer);
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation.
*/
function toHexString(uint256 value) internal pure returns (string memory) {
if (value == 0) {
return "0x00";
}
uint256 temp = value;
uint256 length = 0;
while (temp != 0) {
length++;
temp >>= 8;
}
return toHexString(value, length);
}
/**
* @dev Converts a `uint256` to its ASCII `string` hexadecimal representation with fixed length.
*/
function toHexString(uint256 value, uint256 length) internal pure returns (string memory) {
bytes memory buffer = new bytes(2 * length + 2);
buffer[0] = "0";
buffer[1] = "x";
for (uint256 i = 2 * length + 1; i > 1; --i) {
buffer[i] = _HEX_SYMBOLS[value & 0xf];
value >>= 4;
}
require(value == 0, "Strings: hex length insufficient");
return string(buffer);
}
/**
* @dev Converts an `address` with fixed length of 20 bytes to its not checksummed ASCII `string` hexadecimal representation.
*/
function toHexString(address addr) internal pure returns (string memory) {
return toHexString(uint256(uint160(addr)), _ADDRESS_LENGTH);
}
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/ERC165.sol)
pragma solidity ^0.8.0;
import "./IERC165Upgradeable.sol";
import "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC165} interface.
*
* Contracts that want to implement ERC165 should inherit from this contract and override {supportsInterface} to check
* for the additional interface id that will be supported. For example:
*
* ```solidity
* function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
* return interfaceId == type(MyInterface).interfaceId || super.supportsInterface(interfaceId);
* }
* ```
*
* Alternatively, {ERC165Storage} provides an easier to use but more expensive implementation.
*/
abstract contract ERC165Upgradeable is Initializable, IERC165Upgradeable {
function __ERC165_init() internal onlyInitializing {
}
function __ERC165_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IERC165Upgradeable).interfaceId;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[50] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.2;
import "../../utils/AddressUpgradeable.sol";
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Indicates that the contract has been initialized.
* @custom:oz-retyped-from bool
*/
uint8 private _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool private _initializing;
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint8 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts. Equivalent to `reinitializer(1)`.
*/
modifier initializer() {
bool isTopLevelCall = !_initializing;
require(
(isTopLevelCall && _initialized < 1) || (!AddressUpgradeable.isContract(address(this)) && _initialized == 1),
"Initializable: contract is already initialized"
);
_initialized = 1;
if (isTopLevelCall) {
_initializing = true;
}
_;
if (isTopLevelCall) {
_initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* `initializer` is equivalent to `reinitializer(1)`, so a reinitializer may be used after the original
* initialization step. This is essential to configure modules that are added through upgrades and that require
* initialization.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*/
modifier reinitializer(uint8 version) {
require(!_initializing && _initialized < version, "Initializable: contract is already initialized");
_initialized = version;
_initializing = true;
_;
_initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
require(_initializing, "Initializable: contract is not initializing");
_;
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*/
function _disableInitializers() internal virtual {
require(!_initializing, "Initializable: contract is initializing");
if (_initialized < type(uint8).max) {
_initialized = type(uint8).max;
emit Initialized(type(uint8).max);
}
}
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
// SPDX-License-Identifier: BUSL-1.1
// solhint-disable-next-line compiler-version
pragma solidity >=0.6.9 <0.9.0;
import "./IOwnable.sol";
interface IBridge {
event MessageDelivered(
uint256 indexed messageIndex,
bytes32 indexed beforeInboxAcc,
address inbox,
uint8 kind,
address sender,
bytes32 messageDataHash,
uint256 baseFeeL1,
uint64 timestamp
);
event BridgeCallTriggered(
address indexed outbox,
address indexed to,
uint256 value,
bytes data
);
event InboxToggle(address indexed inbox, bool enabled);
event OutboxToggle(address indexed outbox, bool enabled);
event SequencerInboxUpdated(address newSequencerInbox);
event RollupUpdated(address rollup);
function allowedDelayedInboxList(uint256) external returns (address);
function allowedOutboxList(uint256) external returns (address);
/// @dev Accumulator for delayed inbox messages; tail represents hash of the current state; each element represents the inclusion of a new message.
function delayedInboxAccs(uint256) external view returns (bytes32);
/// @dev Accumulator for sequencer inbox messages; tail represents hash of the current state; each element represents the inclusion of a new message.
function sequencerInboxAccs(uint256) external view returns (bytes32);
function rollup() external view returns (IOwnable);
function sequencerInbox() external view returns (address);
function activeOutbox() external view returns (address);
function allowedDelayedInboxes(address inbox) external view returns (bool);
function allowedOutboxes(address outbox) external view returns (bool);
function sequencerReportedSubMessageCount() external view returns (uint256);
function executeCall(
address to,
uint256 value,
bytes calldata data
) external returns (bool success, bytes memory returnData);
function delayedMessageCount() external view returns (uint256);
function sequencerMessageCount() external view returns (uint256);
// ---------- onlySequencerInbox functions ----------
function enqueueSequencerMessage(
bytes32 dataHash,
uint256 afterDelayedMessagesRead,
uint256 prevMessageCount,
uint256 newMessageCount
)
external
returns (
uint256 seqMessageIndex,
bytes32 beforeAcc,
bytes32 delayedAcc,
bytes32 acc
);
/**
* @dev Allows the sequencer inbox to submit a delayed message of the batchPostingReport type
* This is done through a separate function entrypoint instead of allowing the sequencer inbox
* to call `enqueueDelayedMessage` to avoid the gas overhead of an extra SLOAD in either
* every delayed inbox or every sequencer inbox call.
*/
function submitBatchSpendingReport(address batchPoster, bytes32 dataHash)
external
returns (uint256 msgNum);
// ---------- onlyRollupOrOwner functions ----------
function setSequencerInbox(address _sequencerInbox) external;
function setDelayedInbox(address inbox, bool enabled) external;
function setOutbox(address inbox, bool enabled) external;
function updateRollupAddress(IOwnable _rollup) external;
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
// SPDX-License-Identifier: BUSL-1.1
// solhint-disable-next-line compiler-version
pragma solidity >=0.6.9 <0.9.0;
import "./IBridge.sol";
import "./IDelayedMessageProvider.sol";
import "./ISequencerInbox.sol";
interface IInboxBase is IDelayedMessageProvider {
function bridge() external view returns (IBridge);
function sequencerInbox() external view returns (ISequencerInbox);
function maxDataSize() external view returns (uint256);
/**
* @notice Send a generic L2 message to the chain
* @dev This method is an optimization to avoid having to emit the entirety of the messageData in a log. Instead validators are expected to be able to parse the data from the transaction's input
* @param messageData Data of the message being sent
*/
function sendL2MessageFromOrigin(bytes calldata messageData) external returns (uint256);
/**
* @notice Send a generic L2 message to the chain
* @dev This method can be used to send any type of message that doesn't require L1 validation
* @param messageData Data of the message being sent
*/
function sendL2Message(bytes calldata messageData) external returns (uint256);
function sendUnsignedTransaction(
uint256 gasLimit,
uint256 maxFeePerGas,
uint256 nonce,
address to,
uint256 value,
bytes calldata data
) external returns (uint256);
function sendContractTransaction(
uint256 gasLimit,
uint256 maxFeePerGas,
address to,
uint256 value,
bytes calldata data
) external returns (uint256);
/**
* @notice Get the L1 fee for submitting a retryable
* @dev This fee can be paid by funds already in the L2 aliased address or by the current message value
* @dev This formula may change in the future, to future proof your code query this method instead of inlining!!
* @param dataLength The length of the retryable's calldata, in bytes
* @param baseFee The block basefee when the retryable is included in the chain, if 0 current block.basefee will be used
*/
function calculateRetryableSubmissionFee(uint256 dataLength, uint256 baseFee)
external
view
returns (uint256);
// ---------- onlyRollupOrOwner functions ----------
/// @notice pauses all inbox functionality
function pause() external;
/// @notice unpauses all inbox functionality
function unpause() external;
/// @notice add or remove users from allowList
function setAllowList(address[] memory user, bool[] memory val) external;
/// @notice enable or disable allowList
function setAllowListEnabled(bool _allowListEnabled) external;
/// @notice check if user is in allowList
function isAllowed(address user) external view returns (bool);
/// @notice check if allowList is enabled
function allowListEnabled() external view returns (bool);
function initialize(IBridge _bridge, ISequencerInbox _sequencerInbox) external;
/// @notice returns the current admin
function getProxyAdmin() external view returns (address);
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
// SPDX-License-Identifier: BUSL-1.1
// solhint-disable-next-line compiler-version
pragma solidity >=0.6.9 <0.9.0;
import "./IBridge.sol";
interface IOutbox {
event SendRootUpdated(bytes32 indexed outputRoot, bytes32 indexed l2BlockHash);
event OutBoxTransactionExecuted(
address indexed to,
address indexed l2Sender,
uint256 indexed zero,
uint256 transactionIndex
);
function initialize(IBridge _bridge) external;
function rollup() external view returns (address); // the rollup contract
function bridge() external view returns (IBridge); // the bridge contract
function spent(uint256) external view returns (bytes32); // packed spent bitmap
function roots(bytes32) external view returns (bytes32); // maps root hashes => L2 block hash
// solhint-disable-next-line func-name-mixedcase
function OUTBOX_VERSION() external view returns (uint128); // the outbox version
function updateSendRoot(bytes32 sendRoot, bytes32 l2BlockHash) external;
function updateRollupAddress() external;
/// @notice When l2ToL1Sender returns a nonzero address, the message was originated by an L2 account
/// When the return value is zero, that means this is a system message
/// @dev the l2ToL1Sender behaves as the tx.origin, the msg.sender should be validated to protect against reentrancies
function l2ToL1Sender() external view returns (address);
/// @return l2Block return L2 block when the L2 tx was initiated or 0 if no L2 to L1 transaction is active
function l2ToL1Block() external view returns (uint256);
/// @return l1Block return L1 block when the L2 tx was initiated or 0 if no L2 to L1 transaction is active
function l2ToL1EthBlock() external view returns (uint256);
/// @return timestamp return L2 timestamp when the L2 tx was initiated or 0 if no L2 to L1 transaction is active
function l2ToL1Timestamp() external view returns (uint256);
/// @return outputId returns the unique output identifier of the L2 to L1 tx or 0 if no L2 to L1 transaction is active
function l2ToL1OutputId() external view returns (bytes32);
/**
* @notice Executes a messages in an Outbox entry.
* @dev Reverts if dispute period hasn't expired, since the outbox entry
* is only created once the rollup confirms the respective assertion.
* @dev it is not possible to execute any L2-to-L1 transaction which contains data
* to a contract address without any code (as enforced by the Bridge contract).
* @param proof Merkle proof of message inclusion in send root
* @param index Merkle path to message
* @param l2Sender sender if original message (i.e., caller of ArbSys.sendTxToL1)
* @param to destination address for L1 contract call
* @param l2Block l2 block number at which sendTxToL1 call was made
* @param l1Block l1 block number at which sendTxToL1 call was made
* @param l2Timestamp l2 Timestamp at which sendTxToL1 call was made
* @param value wei in L1 message
* @param data abi-encoded L1 message data
*/
function executeTransaction(
bytes32[] calldata proof,
uint256 index,
address l2Sender,
address to,
uint256 l2Block,
uint256 l1Block,
uint256 l2Timestamp,
uint256 value,
bytes calldata data
) external;
/**
* @dev function used to simulate the result of a particular function call from the outbox
* it is useful for things such as gas estimates. This function includes all costs except for
* proof validation (which can be considered offchain as a somewhat of a fixed cost - it's
* not really a fixed cost, but can be treated as so with a fixed overhead for gas estimation).
* We can't include the cost of proof validation since this is intended to be used to simulate txs
* that are included in yet-to-be confirmed merkle roots. The simulation entrypoint could instead pretend
* to confirm a pending merkle root, but that would be less practical for integrating with tooling.
* It is only possible to trigger it when the msg sender is address zero, which should be impossible
* unless under simulation in an eth_call or eth_estimateGas
*/
function executeTransactionSimulation(
uint256 index,
address l2Sender,
address to,
uint256 l2Block,
uint256 l1Block,
uint256 l2Timestamp,
uint256 value,
bytes calldata data
) external;
/**
* @param index Merkle path to message
* @return true if the message has been spent
*/
function isSpent(uint256 index) external view returns (bool);
function calculateItemHash(
address l2Sender,
address to,
uint256 l2Block,
uint256 l1Block,
uint256 l2Timestamp,
uint256 value,
bytes calldata data
) external pure returns (bytes32);
function calculateMerkleRoot(
bytes32[] memory proof,
uint256 path,
bytes32 item
) external pure returns (bytes32);
/**
* @dev function to be called one time during the outbox upgrade process
* this is used to fix the storage slots
*/
function postUpgradeInit() external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (governance/TimelockController.sol)
pragma solidity ^0.8.0;
import "../access/AccessControlUpgradeable.sol";
import "../token/ERC721/IERC721ReceiverUpgradeable.sol";
import "../token/ERC1155/IERC1155ReceiverUpgradeable.sol";
import "../utils/AddressUpgradeable.sol";
import "../proxy/utils/Initializable.sol";
/**
* @dev Contract module which acts as a timelocked controller. When set as the
* owner of an `Ownable` smart contract, it enforces a timelock on all
* `onlyOwner` maintenance operations. This gives time for users of the
* controlled contract to exit before a potentially dangerous maintenance
* operation is applied.
*
* By default, this contract is self administered, meaning administration tasks
* have to go through the timelock process. The proposer (resp executor) role
* is in charge of proposing (resp executing) operations. A common use case is
* to position this {TimelockController} as the owner of a smart contract, with
* a multisig or a DAO as the sole proposer.
*
* _Available since v3.3._
*/
contract TimelockControllerUpgradeable is Initializable, AccessControlUpgradeable, IERC721ReceiverUpgradeable, IERC1155ReceiverUpgradeable {
bytes32 public constant TIMELOCK_ADMIN_ROLE = keccak256("TIMELOCK_ADMIN_ROLE");
bytes32 public constant PROPOSER_ROLE = keccak256("PROPOSER_ROLE");
bytes32 public constant EXECUTOR_ROLE = keccak256("EXECUTOR_ROLE");
bytes32 public constant CANCELLER_ROLE = keccak256("CANCELLER_ROLE");
uint256 internal constant _DONE_TIMESTAMP = uint256(1);
mapping(bytes32 => uint256) private _timestamps;
uint256 private _minDelay;
/**
* @dev Emitted when a call is scheduled as part of operation `id`.
*/
event CallScheduled(
bytes32 indexed id,
uint256 indexed index,
address target,
uint256 value,
bytes data,
bytes32 predecessor,
uint256 delay
);
/**
* @dev Emitted when a call is performed as part of operation `id`.
*/
event CallExecuted(bytes32 indexed id, uint256 indexed index, address target, uint256 value, bytes data);
/**
* @dev Emitted when operation `id` is cancelled.
*/
event Cancelled(bytes32 indexed id);
/**
* @dev Emitted when the minimum delay for future operations is modified.
*/
event MinDelayChange(uint256 oldDuration, uint256 newDuration);
/**
* @dev Initializes the contract with a given `minDelay`, and a list of
* initial proposers and executors. The proposers receive both the
* proposer and the canceller role (for backward compatibility). The
* executors receive the executor role.
*
* NOTE: At construction, both the deployer and the timelock itself are
* administrators. This helps further configuration of the timelock by the
* deployer. After configuration is done, it is recommended that the
* deployer renounces its admin position and relies on timelocked
* operations to perform future maintenance.
*/
function __TimelockController_init(
uint256 minDelay,
address[] memory proposers,
address[] memory executors
) internal onlyInitializing {
__TimelockController_init_unchained(minDelay, proposers, executors);
}
function __TimelockController_init_unchained(
uint256 minDelay,
address[] memory proposers,
address[] memory executors
) internal onlyInitializing {
_setRoleAdmin(TIMELOCK_ADMIN_ROLE, TIMELOCK_ADMIN_ROLE);
_setRoleAdmin(PROPOSER_ROLE, TIMELOCK_ADMIN_ROLE);
_setRoleAdmin(EXECUTOR_ROLE, TIMELOCK_ADMIN_ROLE);
_setRoleAdmin(CANCELLER_ROLE, TIMELOCK_ADMIN_ROLE);
// deployer + self administration
_setupRole(TIMELOCK_ADMIN_ROLE, _msgSender());
_setupRole(TIMELOCK_ADMIN_ROLE, address(this));
// register proposers and cancellers
for (uint256 i = 0; i < proposers.length; ++i) {
_setupRole(PROPOSER_ROLE, proposers[i]);
_setupRole(CANCELLER_ROLE, proposers[i]);
}
// register executors
for (uint256 i = 0; i < executors.length; ++i) {
_setupRole(EXECUTOR_ROLE, executors[i]);
}
_minDelay = minDelay;
emit MinDelayChange(0, minDelay);
}
/**
* @dev Modifier to make a function callable only by a certain role. In
* addition to checking the sender's role, `address(0)` 's role is also
* considered. Granting a role to `address(0)` is equivalent to enabling
* this role for everyone.
*/
modifier onlyRoleOrOpenRole(bytes32 role) {
if (!hasRole(role, address(0))) {
_checkRole(role, _msgSender());
}
_;
}
/**
* @dev Contract might receive/hold ETH as part of the maintenance process.
*/
receive() external payable {}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override(IERC165Upgradeable, AccessControlUpgradeable) returns (bool) {
return interfaceId == type(IERC1155ReceiverUpgradeable).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns whether an id correspond to a registered operation. This
* includes both Pending, Ready and Done operations.
*/
function isOperation(bytes32 id) public view virtual returns (bool registered) {
return getTimestamp(id) > 0;
}
/**
* @dev Returns whether an operation is pending or not.
*/
function isOperationPending(bytes32 id) public view virtual returns (bool pending) {
return getTimestamp(id) > _DONE_TIMESTAMP;
}
/**
* @dev Returns whether an operation is ready or not.
*/
function isOperationReady(bytes32 id) public view virtual returns (bool ready) {
uint256 timestamp = getTimestamp(id);
return timestamp > _DONE_TIMESTAMP && timestamp <= block.timestamp;
}
/**
* @dev Returns whether an operation is done or not.
*/
function isOperationDone(bytes32 id) public view virtual returns (bool done) {
return getTimestamp(id) == _DONE_TIMESTAMP;
}
/**
* @dev Returns the timestamp at with an operation becomes ready (0 for
* unset operations, 1 for done operations).
*/
function getTimestamp(bytes32 id) public view virtual returns (uint256 timestamp) {
return _timestamps[id];
}
/**
* @dev Returns the minimum delay for an operation to become valid.
*
* This value can be changed by executing an operation that calls `updateDelay`.
*/
function getMinDelay() public view virtual returns (uint256 duration) {
return _minDelay;
}
/**
* @dev Returns the identifier of an operation containing a single
* transaction.
*/
function hashOperation(
address target,
uint256 value,
bytes calldata data,
bytes32 predecessor,
bytes32 salt
) public pure virtual returns (bytes32 hash) {
return keccak256(abi.encode(target, value, data, predecessor, salt));
}
/**
* @dev Returns the identifier of an operation containing a batch of
* transactions.
*/
function hashOperationBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt
) public pure virtual returns (bytes32 hash) {
return keccak256(abi.encode(targets, values, payloads, predecessor, salt));
}
/**
* @dev Schedule an operation containing a single transaction.
*
* Emits a {CallScheduled} event.
*
* Requirements:
*
* - the caller must have the 'proposer' role.
*/
function schedule(
address target,
uint256 value,
bytes calldata data,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) public virtual onlyRole(PROPOSER_ROLE) {
bytes32 id = hashOperation(target, value, data, predecessor, salt);
_schedule(id, delay);
emit CallScheduled(id, 0, target, value, data, predecessor, delay);
}
/**
* @dev Schedule an operation containing a batch of transactions.
*
* Emits one {CallScheduled} event per transaction in the batch.
*
* Requirements:
*
* - the caller must have the 'proposer' role.
*/
function scheduleBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt,
uint256 delay
) public virtual onlyRole(PROPOSER_ROLE) {
require(targets.length == values.length, "TimelockController: length mismatch");
require(targets.length == payloads.length, "TimelockController: length mismatch");
bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt);
_schedule(id, delay);
for (uint256 i = 0; i < targets.length; ++i) {
emit CallScheduled(id, i, targets[i], values[i], payloads[i], predecessor, delay);
}
}
/**
* @dev Schedule an operation that is to becomes valid after a given delay.
*/
function _schedule(bytes32 id, uint256 delay) private {
require(!isOperation(id), "TimelockController: operation already scheduled");
require(delay >= getMinDelay(), "TimelockController: insufficient delay");
_timestamps[id] = block.timestamp + delay;
}
/**
* @dev Cancel an operation.
*
* Requirements:
*
* - the caller must have the 'canceller' role.
*/
function cancel(bytes32 id) public virtual onlyRole(CANCELLER_ROLE) {
require(isOperationPending(id), "TimelockController: operation cannot be cancelled");
delete _timestamps[id];
emit Cancelled(id);
}
/**
* @dev Execute an (ready) operation containing a single transaction.
*
* Emits a {CallExecuted} event.
*
* Requirements:
*
* - the caller must have the 'executor' role.
*/
// This function can reenter, but it doesn't pose a risk because _afterCall checks that the proposal is pending,
// thus any modifications to the operation during reentrancy should be caught.
// slither-disable-next-line reentrancy-eth
function execute(
address target,
uint256 value,
bytes calldata payload,
bytes32 predecessor,
bytes32 salt
) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) {
bytes32 id = hashOperation(target, value, payload, predecessor, salt);
_beforeCall(id, predecessor);
_execute(target, value, payload);
emit CallExecuted(id, 0, target, value, payload);
_afterCall(id);
}
/**
* @dev Execute an (ready) operation containing a batch of transactions.
*
* Emits one {CallExecuted} event per transaction in the batch.
*
* Requirements:
*
* - the caller must have the 'executor' role.
*/
function executeBatch(
address[] calldata targets,
uint256[] calldata values,
bytes[] calldata payloads,
bytes32 predecessor,
bytes32 salt
) public payable virtual onlyRoleOrOpenRole(EXECUTOR_ROLE) {
require(targets.length == values.length, "TimelockController: length mismatch");
require(targets.length == payloads.length, "TimelockController: length mismatch");
bytes32 id = hashOperationBatch(targets, values, payloads, predecessor, salt);
_beforeCall(id, predecessor);
for (uint256 i = 0; i < targets.length; ++i) {
address target = targets[i];
uint256 value = values[i];
bytes calldata payload = payloads[i];
_execute(target, value, payload);
emit CallExecuted(id, i, target, value, payload);
}
_afterCall(id);
}
/**
* @dev Execute an operation's call.
*/
function _execute(
address target,
uint256 value,
bytes calldata data
) internal virtual {
(bool success, ) = target.call{value: value}(data);
require(success, "TimelockController: underlying transaction reverted");
}
/**
* @dev Checks before execution of an operation's calls.
*/
function _beforeCall(bytes32 id, bytes32 predecessor) private view {
require(isOperationReady(id), "TimelockController: operation is not ready");
require(predecessor == bytes32(0) || isOperationDone(predecessor), "TimelockController: missing dependency");
}
/**
* @dev Checks after execution of an operation's calls.
*/
function _afterCall(bytes32 id) private {
require(isOperationReady(id), "TimelockController: operation is not ready");
_timestamps[id] = _DONE_TIMESTAMP;
}
/**
* @dev Changes the minimum timelock duration for future operations.
*
* Emits a {MinDelayChange} event.
*
* Requirements:
*
* - the caller must be the timelock itself. This can only be achieved by scheduling and later executing
* an operation where the timelock is the target and the data is the ABI-encoded call to this function.
*/
function updateDelay(uint256 newDelay) external virtual {
require(msg.sender == address(this), "TimelockController: caller must be timelock");
emit MinDelayChange(_minDelay, newDelay);
_minDelay = newDelay;
}
/**
* @dev See {IERC721Receiver-onERC721Received}.
*/
function onERC721Received(
address,
address,
uint256,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC721Received.selector;
}
/**
* @dev See {IERC1155Receiver-onERC1155Received}.
*/
function onERC1155Received(
address,
address,
uint256,
uint256,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC1155Received.selector;
}
/**
* @dev See {IERC1155Receiver-onERC1155BatchReceived}.
*/
function onERC1155BatchReceived(
address,
address,
uint256[] memory,
uint256[] memory,
bytes memory
) public virtual override returns (bytes4) {
return this.onERC1155BatchReceived.selector;
}
/**
* @dev This empty reserved space is put in place to allow future versions to add new
* variables without shifting down storage in the inheritance chain.
* See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
*/
uint256[48] private __gap;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/introspection/IERC165.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC165 standard, as defined in the
* https://eips.ethereum.org/EIPS/eip-165[EIP].
*
* Implementers can declare support of contract interfaces, which can then be
* queried by others ({ERC165Checker}).
*
* For an implementation, see {ERC165}.
*/
interface IERC165Upgradeable {
/**
* @dev Returns true if this contract implements the interface defined by
* `interfaceId`. See the corresponding
* https://eips.ethereum.org/EIPS/eip-165#how-interfaces-are-identified[EIP section]
* to learn more about how these ids are created.
*
* This function call must use less than 30 000 gas.
*/
function supportsInterface(bytes4 interfaceId) external view returns (bool);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.7.0) (utils/Address.sol)
pragma solidity ^0.8.1;
/**
* @dev Collection of functions related to the address type
*/
library AddressUpgradeable {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*
* [IMPORTANT]
* ====
* You shouldn't rely on `isContract` to protect against flash loan attacks!
*
* Preventing calls from contracts is highly discouraged. It breaks composability, breaks support for smart wallets
* like Gnosis Safe, and does not provide security since it can be circumvented by calling from a contract
* constructor.
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize/address.code.length, which returns 0
// for contracts in construction, since the code is only stored at the end
// of the constructor execution.
return account.code.length > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
/// @solidity memory-safe-assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
// SPDX-License-Identifier: BUSL-1.1
// solhint-disable-next-line compiler-version
pragma solidity >=0.4.21 <0.9.0;
interface IOwnable {
function owner() external view returns (address);
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
// SPDX-License-Identifier: BUSL-1.1
// solhint-disable-next-line compiler-version
pragma solidity >=0.6.9 <0.9.0;
interface IDelayedMessageProvider {
/// @dev event emitted when a inbox message is added to the Bridge's delayed accumulator
event InboxMessageDelivered(uint256 indexed messageNum, bytes data);
/// @dev event emitted when a inbox message is added to the Bridge's delayed accumulator
/// same as InboxMessageDelivered but the batch data is available in tx.input
event InboxMessageDeliveredFromOrigin(uint256 indexed messageNum);
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
// SPDX-License-Identifier: BUSL-1.1
// solhint-disable-next-line compiler-version
pragma solidity >=0.6.9 <0.9.0;
pragma experimental ABIEncoderV2;
import "../libraries/IGasRefunder.sol";
import "./IDelayedMessageProvider.sol";
import "./IBridge.sol";
interface ISequencerInbox is IDelayedMessageProvider {
struct MaxTimeVariation {
uint256 delayBlocks;
uint256 futureBlocks;
uint256 delaySeconds;
uint256 futureSeconds;
}
struct TimeBounds {
uint64 minTimestamp;
uint64 maxTimestamp;
uint64 minBlockNumber;
uint64 maxBlockNumber;
}
enum BatchDataLocation {
TxInput,
SeparateBatchEvent,
NoData
}
event SequencerBatchDelivered(
uint256 indexed batchSequenceNumber,
bytes32 indexed beforeAcc,
bytes32 indexed afterAcc,
bytes32 delayedAcc,
uint256 afterDelayedMessagesRead,
TimeBounds timeBounds,
BatchDataLocation dataLocation
);
event OwnerFunctionCalled(uint256 indexed id);
/// @dev a separate event that emits batch data when this isn't easily accessible in the tx.input
event SequencerBatchData(uint256 indexed batchSequenceNumber, bytes data);
/// @dev a valid keyset was added
event SetValidKeyset(bytes32 indexed keysetHash, bytes keysetBytes);
/// @dev a keyset was invalidated
event InvalidateKeyset(bytes32 indexed keysetHash);
function totalDelayedMessagesRead() external view returns (uint256);
function bridge() external view returns (IBridge);
/// @dev The size of the batch header
// solhint-disable-next-line func-name-mixedcase
function HEADER_LENGTH() external view returns (uint256);
/// @dev If the first batch data byte after the header has this bit set,
/// the sequencer inbox has authenticated the data. Currently not used.
// solhint-disable-next-line func-name-mixedcase
function DATA_AUTHENTICATED_FLAG() external view returns (bytes1);
function rollup() external view returns (IOwnable);
function isBatchPoster(address) external view returns (bool);
function isSequencer(address) external view returns (bool);
function maxDataSize() external view returns (uint256);
struct DasKeySetInfo {
bool isValidKeyset;
uint64 creationBlock;
}
function maxTimeVariation()
external
view
returns (
uint256,
uint256,
uint256,
uint256
);
function dasKeySetInfo(bytes32) external view returns (bool, uint64);
/// @notice Remove force inclusion delay after a L1 chainId fork
function removeDelayAfterFork() external;
/// @notice Force messages from the delayed inbox to be included in the chain
/// Callable by any address, but message can only be force-included after maxTimeVariation.delayBlocks and
/// maxTimeVariation.delaySeconds has elapsed. As part of normal behaviour the sequencer will include these
/// messages so it's only necessary to call this if the sequencer is down, or not including any delayed messages.
/// @param _totalDelayedMessagesRead The total number of messages to read up to
/// @param kind The kind of the last message to be included
/// @param l1BlockAndTime The l1 block and the l1 timestamp of the last message to be included
/// @param baseFeeL1 The l1 gas price of the last message to be included
/// @param sender The sender of the last message to be included
/// @param messageDataHash The messageDataHash of the last message to be included
function forceInclusion(
uint256 _totalDelayedMessagesRead,
uint8 kind,
uint64[2] calldata l1BlockAndTime,
uint256 baseFeeL1,
address sender,
bytes32 messageDataHash
) external;
function inboxAccs(uint256 index) external view returns (bytes32);
function batchCount() external view returns (uint256);
function isValidKeysetHash(bytes32 ksHash) external view returns (bool);
/// @notice the creation block is intended to still be available after a keyset is deleted
function getKeysetCreationBlock(bytes32 ksHash) external view returns (uint256);
// ---------- BatchPoster functions ----------
function addSequencerL2BatchFromOrigin(
uint256 sequenceNumber,
bytes calldata data,
uint256 afterDelayedMessagesRead,
IGasRefunder gasRefunder
) external;
function addSequencerL2Batch(
uint256 sequenceNumber,
bytes calldata data,
uint256 afterDelayedMessagesRead,
IGasRefunder gasRefunder,
uint256 prevMessageCount,
uint256 newMessageCount
) external;
// ---------- onlyRollupOrOwner functions ----------
/**
* @notice Set max delay for sequencer inbox
* @param maxTimeVariation_ the maximum time variation parameters
*/
function setMaxTimeVariation(MaxTimeVariation memory maxTimeVariation_) external;
/**
* @notice Updates whether an address is authorized to be a batch poster at the sequencer inbox
* @param addr the address
* @param isBatchPoster_ if the specified address should be authorized as a batch poster
*/
function setIsBatchPoster(address addr, bool isBatchPoster_) external;
/**
* @notice Makes Data Availability Service keyset valid
* @param keysetBytes bytes of the serialized keyset
*/
function setValidKeyset(bytes calldata keysetBytes) external;
/**
* @notice Invalidates a Data Availability Service keyset
* @param ksHash hash of the keyset
*/
function invalidateKeysetHash(bytes32 ksHash) external;
/**
* @notice Updates whether an address is authorized to be a sequencer.
* @dev The IsSequencer information is used only off-chain by the nitro node to validate sequencer feed signer.
* @param addr the address
* @param isSequencer_ if the specified address should be authorized as a sequencer
*/
function setIsSequencer(address addr, bool isSequencer_) external;
// ---------- initializer ----------
function initialize(IBridge bridge_, MaxTimeVariation calldata maxTimeVariation_) external;
function updateRollupAddress() external;
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.6.0) (token/ERC721/IERC721Receiver.sol)
pragma solidity ^0.8.0;
/**
* @title ERC721 token receiver interface
* @dev Interface for any contract that wants to support safeTransfers
* from ERC721 asset contracts.
*/
interface IERC721ReceiverUpgradeable {
/**
* @dev Whenever an {IERC721} `tokenId` token is transferred to this contract via {IERC721-safeTransferFrom}
* by `operator` from `from`, this function is called.
*
* It must return its Solidity selector to confirm the token transfer.
* If any other value is returned or the interface is not implemented by the recipient, the transfer will be reverted.
*
* The selector can be obtained in Solidity with `IERC721Receiver.onERC721Received.selector`.
*/
function onERC721Received(
address operator,
address from,
uint256 tokenId,
bytes calldata data
) external returns (bytes4);
}// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v4.5.0) (token/ERC1155/IERC1155Receiver.sol)
pragma solidity ^0.8.0;
import "../../utils/introspection/IERC165Upgradeable.sol";
/**
* @dev _Available since v3.1._
*/
interface IERC1155ReceiverUpgradeable is IERC165Upgradeable {
/**
* @dev Handles the receipt of a single ERC1155 token type. This function is
* called at the end of a `safeTransferFrom` after the balance has been updated.
*
* NOTE: To accept the transfer, this must return
* `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))`
* (i.e. 0xf23a6e61, or its own function selector).
*
* @param operator The address which initiated the transfer (i.e. msg.sender)
* @param from The address which previously owned the token
* @param id The ID of the token being transferred
* @param value The amount of tokens being transferred
* @param data Additional data with no specified format
* @return `bytes4(keccak256("onERC1155Received(address,address,uint256,uint256,bytes)"))` if transfer is allowed
*/
function onERC1155Received(
address operator,
address from,
uint256 id,
uint256 value,
bytes calldata data
) external returns (bytes4);
/**
* @dev Handles the receipt of a multiple ERC1155 token types. This function
* is called at the end of a `safeBatchTransferFrom` after the balances have
* been updated.
*
* NOTE: To accept the transfer(s), this must return
* `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))`
* (i.e. 0xbc197c81, or its own function selector).
*
* @param operator The address which initiated the batch transfer (i.e. msg.sender)
* @param from The address which previously owned the token
* @param ids An array containing ids of each token being transferred (order and length must match values array)
* @param values An array containing amounts of each token being transferred (order and length must match ids array)
* @param data Additional data with no specified format
* @return `bytes4(keccak256("onERC1155BatchReceived(address,address,uint256[],uint256[],bytes)"))` if transfer is allowed
*/
function onERC1155BatchReceived(
address operator,
address from,
uint256[] calldata ids,
uint256[] calldata values,
bytes calldata data
) external returns (bytes4);
}// Copyright 2021-2022, Offchain Labs, Inc.
// For license information, see https://github.com/OffchainLabs/nitro-contracts/blob/main/LICENSE
// SPDX-License-Identifier: BUSL-1.1
// solhint-disable-next-line compiler-version
pragma solidity >=0.6.9 <0.9.0;
interface IGasRefunder {
function onGasSpent(
address payable spender,
uint256 gasUsed,
uint256 calldataSize
) external returns (bool success);
}
abstract contract GasRefundEnabled {
/// @dev this refunds the sender for execution costs of the tx
/// calldata costs are only refunded if `msg.sender == tx.origin` to guarantee the value refunded relates to charging
/// for the `tx.input`. this avoids a possible attack where you generate large calldata from a contract and get over-refunded
modifier refundsGas(IGasRefunder gasRefunder) {
uint256 startGasLeft = gasleft();
_;
if (address(gasRefunder) != address(0)) {
uint256 calldataSize = msg.data.length;
uint256 calldataWords = (calldataSize + 31) / 32;
// account for the CALLDATACOPY cost of the proxy contract, including the memory expansion cost
startGasLeft += calldataWords * 6 + (calldataWords**2) / 512;
// if triggered in a contract call, the spender may be overrefunded by appending dummy data to the call
// so we check if it is a top level call, which would mean the sender paid calldata as part of tx.input
// solhint-disable-next-line avoid-tx-origin
if (msg.sender != tx.origin) {
// We can't be sure if this calldata came from the top level tx,
// so to be safe we tell the gas refunder there was no calldata.
calldataSize = 0;
}
gasRefunder.onGasSpent(payable(msg.sender), startGasLeft - gasleft(), calldataSize);
}
}
}{
"remappings": [
"forge-std/=lib/forge-std/src/",
"solady/=lib/solady/src/",
"@arbitrum/token-bridge-contracts/=node_modules/@arbitrum/token-bridge-contracts/",
"@arbitrum/nitro-contracts/=node_modules/@arbitrum/nitro-contracts/",
"@openzeppelin/contracts-upgradeable/=node_modules/@openzeppelin/contracts-upgradeable/",
"@openzeppelin/contracts/=node_modules/@openzeppelin/contracts/",
"@gnosis.pm/safe-contracts/=node_modules/@gnosis.pm/safe-contracts/",
"ds-test/=lib/forge-std/lib/ds-test/src/"
],
"optimizer": {
"enabled": true,
"runs": 20000
},
"metadata": {
"useLiteralContent": false,
"bytecodeHash": "ipfs"
},
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"evmVersion": "london",
"viaIR": false,
"libraries": {}
}Contract Security Audit
- No Contract Security Audit Submitted- Submit Audit Here
Contract ABI
API[{"inputs":[{"internalType":"contract IL2ArbitrumGoverner","name":"_coreGov","type":"address"},{"internalType":"contract IL2ArbitrumGoverner","name":"_treasuryGov","type":"address"},{"internalType":"contract IFixedDelegateErc20Wallet","name":"_treasuryWallet","type":"address"},{"internalType":"contract IArbitrumDAOConstitution","name":"_arbitrumDAOConstitution","type":"address"},{"internalType":"contract ProxyAdmin","name":"_govProxyAdmin","type":"address"},{"internalType":"contract ISecurityCouncilNomineeElectionGovernor","name":"_scNomineeElectionGovernor","type":"address"}],"stateMutability":"nonpayable","type":"constructor"},{"inputs":[],"name":"arbitrumDAOConstitution","outputs":[{"internalType":"contract IArbitrumDAOConstitution","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"coreGov","outputs":[{"internalType":"contract IL2ArbitrumGoverner","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"coreGovTimelock","outputs":[{"internalType":"contract IArbitrumTimelock","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"govProxyAdmin","outputs":[{"internalType":"contract ProxyAdmin","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"l2ArbitrumToken","outputs":[{"internalType":"contract IL2ArbitrumToken","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"scMemberElectionGovernor","outputs":[{"internalType":"contract ISecurityCouncilMemberElectionGovernor","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"scNomineeElectionGovernor","outputs":[{"internalType":"contract ISecurityCouncilNomineeElectionGovernor","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"securityCouncilManager","outputs":[{"internalType":"contract ISecurityCouncilManager","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"treasuryGov","outputs":[{"internalType":"contract IL2ArbitrumGoverner","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"treasuryGovTimelock","outputs":[{"internalType":"contract IArbitrumTimelock","name":"","type":"address"}],"stateMutability":"view","type":"function"},{"inputs":[],"name":"treasuryWallet","outputs":[{"internalType":"contract IFixedDelegateErc20Wallet","name":"","type":"address"}],"stateMutability":"view","type":"function"}]Contract Creation Code
61014060405234801561001157600080fd5b506040516109f03803806109f083398101604081905261003091610402565b846001600160a01b031663d33219b46040518163ffffffff1660e01b8152600401602060405180830381865afa15801561006e573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906100929190610489565b6001600160a01b0316846001600160a01b0316638da5cb5b6040518163ffffffff1660e01b8152600401602060405180830381865afa1580156100d9573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906100fd9190610489565b6001600160a01b031614610180576040805162461bcd60e51b81526020600482015260248101919091527f4c324164647265737352656769737472793a20747265617375727920676f762060448201527f74696d656c6f636b206d757374206f776e20747265617375727957616c6c657460648201526084015b60405180910390fd5b856001600160a01b0316638da5cb5b6040518163ffffffff1660e01b8152600401602060405180830381865afa1580156101be573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906101e29190610489565b6001600160a01b0316836001600160a01b0316638da5cb5b6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610229573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061024d9190610489565b6001600160a01b0316146102c95760405162461bcd60e51b815260206004820152603660248201527f4c324164647265737352656769737472792044414f206d757374206f776e204160448201527f7262697472756d44414f436f6e737469747574696f6e000000000000000000006064820152608401610177565b6001600160a01b03868116608081905286821660a05285821660c05284821660e05260405163f3b7dead60e01b8152600481019190915290831690819063f3b7dead90602401602060405180830381865afa15801561032c573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906103509190610489565b6001600160a01b0316146103cc5760405162461bcd60e51b815260206004820152603660248201527f476f7650726f787941646d696e206d7573742062652070726f78792061646d6960448201527f6e206f662074686520636f726520676f7665726e6f72000000000000000000006064820152608401610177565b6001600160a01b03918216610100521661012052506104ad92505050565b6001600160a01b03811681146103ff57600080fd5b50565b60008060008060008060c0878903121561041b57600080fd5b8651610426816103ea565b6020880151909650610437816103ea565b6040880151909550610448816103ea565b6060880151909450610459816103ea565b608088015190935061046a816103ea565b60a088015190925061047b816103ea565b809150509295509295509295565b60006020828403121561049b57600080fd5b81516104a6816103ea565b9392505050565b60805160a05160c05160e05161010051610120516104d261051e6000396000818160d30152818161020d015261037d015260006101b0015260006101330152600061018101526000818161015a01526102a30152600081816101df0152818161031001526103ea01526104d26000f3fe608060405234801561001057600080fd5b50600436106100c95760003560e01c80634626402b11610081578063b249944f1161005b578063b249944f146101d2578063c53d7d5c146101da578063dbbcb30b1461020157600080fd5b80634626402b1461017c578063662e4b50146101a35780638086e788146101ab57600080fd5b806317eb758e116100b257806317eb758e1461012657806325efa8441461012e5780632d475c9a1461015557600080fd5b8063033084c9146100ce57806303d1ce8a1461011e575b600080fd5b6100f57f000000000000000000000000000000000000000000000000000000000000000081565b60405173ffffffffffffffffffffffffffffffffffffffff909116815260200160405180910390f35b6100f5610209565b6100f561029f565b6100f57f000000000000000000000000000000000000000000000000000000000000000081565b6100f57f000000000000000000000000000000000000000000000000000000000000000081565b6100f57f000000000000000000000000000000000000000000000000000000000000000081565b6100f561030c565b6100f57f000000000000000000000000000000000000000000000000000000000000000081565b6100f5610379565b6100f57f000000000000000000000000000000000000000000000000000000000000000081565b6100f56103e6565b60007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff166303d1ce8a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061029a9190610478565b905090565b60007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663d33219b46040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b60007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663d33219b46040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b60007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff16631b6a76736040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b60007f000000000000000000000000000000000000000000000000000000000000000073ffffffffffffffffffffffffffffffffffffffff1663fc0c546a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b73ffffffffffffffffffffffffffffffffffffffff8116811461047557600080fd5b50565b60006020828403121561048a57600080fd5b815161049581610453565b939250505056fea2646970667358221220f384819e0ce2eec1e1deca6ed109046fa666e0bd2c865681393025cbe62f93bd64736f6c63430008100033000000000000000000000000f07ded9dc292157749b6fd268e37df6ea38395b9000000000000000000000000789fc99093b09ad01c34dc7251d0c89ce743e5a4000000000000000000000000f3fc178157fb3c87548baa86f9d24ba38e649b580000000000000000000000001d62ffeb72e4c360ccbbacf7c965153b00260417000000000000000000000000db216562328215e010f819b5abe947bad4ca961e0000000000000000000000008a1cda8dee421cd06023470608605934c16a05a0
Deployed Bytecode
0x608060405234801561001057600080fd5b50600436106100c95760003560e01c80634626402b11610081578063b249944f1161005b578063b249944f146101d2578063c53d7d5c146101da578063dbbcb30b1461020157600080fd5b80634626402b1461017c578063662e4b50146101a35780638086e788146101ab57600080fd5b806317eb758e116100b257806317eb758e1461012657806325efa8441461012e5780632d475c9a1461015557600080fd5b8063033084c9146100ce57806303d1ce8a1461011e575b600080fd5b6100f57f0000000000000000000000008a1cda8dee421cd06023470608605934c16a05a081565b60405173ffffffffffffffffffffffffffffffffffffffff909116815260200160405180910390f35b6100f5610209565b6100f561029f565b6100f57f0000000000000000000000001d62ffeb72e4c360ccbbacf7c965153b0026041781565b6100f57f000000000000000000000000789fc99093b09ad01c34dc7251d0c89ce743e5a481565b6100f57f000000000000000000000000f3fc178157fb3c87548baa86f9d24ba38e649b5881565b6100f561030c565b6100f57f000000000000000000000000db216562328215e010f819b5abe947bad4ca961e81565b6100f5610379565b6100f57f000000000000000000000000f07ded9dc292157749b6fd268e37df6ea38395b981565b6100f56103e6565b60007f0000000000000000000000008a1cda8dee421cd06023470608605934c16a05a073ffffffffffffffffffffffffffffffffffffffff166303d1ce8a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b505050506040513d601f19601f8201168201806040525081019061029a9190610478565b905090565b60007f000000000000000000000000789fc99093b09ad01c34dc7251d0c89ce743e5a473ffffffffffffffffffffffffffffffffffffffff1663d33219b46040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b60007f000000000000000000000000f07ded9dc292157749b6fd268e37df6ea38395b973ffffffffffffffffffffffffffffffffffffffff1663d33219b46040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b60007f0000000000000000000000008a1cda8dee421cd06023470608605934c16a05a073ffffffffffffffffffffffffffffffffffffffff16631b6a76736040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b60007f000000000000000000000000f07ded9dc292157749b6fd268e37df6ea38395b973ffffffffffffffffffffffffffffffffffffffff1663fc0c546a6040518163ffffffff1660e01b8152600401602060405180830381865afa158015610276573d6000803e3d6000fd5b73ffffffffffffffffffffffffffffffffffffffff8116811461047557600080fd5b50565b60006020828403121561048a57600080fd5b815161049581610453565b939250505056fea2646970667358221220f384819e0ce2eec1e1deca6ed109046fa666e0bd2c865681393025cbe62f93bd64736f6c63430008100033
Constructor Arguments (ABI-Encoded and is the last bytes of the Contract Creation Code above)
000000000000000000000000f07ded9dc292157749b6fd268e37df6ea38395b9000000000000000000000000789fc99093b09ad01c34dc7251d0c89ce743e5a4000000000000000000000000f3fc178157fb3c87548baa86f9d24ba38e649b580000000000000000000000001d62ffeb72e4c360ccbbacf7c965153b00260417000000000000000000000000db216562328215e010f819b5abe947bad4ca961e0000000000000000000000008a1cda8dee421cd06023470608605934c16a05a0
-----Decoded View---------------
Arg [0] : _coreGov (address): 0xf07DeD9dC292157749B6Fd268E37DF6EA38395B9
Arg [1] : _treasuryGov (address): 0x789fC99093B09aD01C34DC7251D0C89ce743e5a4
Arg [2] : _treasuryWallet (address): 0xF3FC178157fb3c87548bAA86F9d24BA38E649B58
Arg [3] : _arbitrumDAOConstitution (address): 0x1D62fFeB72e4c360CcBbacf7c965153b00260417
Arg [4] : _govProxyAdmin (address): 0xdb216562328215E010F819B5aBe947bad4ca961e
Arg [5] : _scNomineeElectionGovernor (address): 0x8a1cDA8dee421cD06023470608605934c16A05a0
-----Encoded View---------------
6 Constructor Arguments found :
Arg [0] : 000000000000000000000000f07ded9dc292157749b6fd268e37df6ea38395b9
Arg [1] : 000000000000000000000000789fc99093b09ad01c34dc7251d0c89ce743e5a4
Arg [2] : 000000000000000000000000f3fc178157fb3c87548baa86f9d24ba38e649b58
Arg [3] : 0000000000000000000000001d62ffeb72e4c360ccbbacf7c965153b00260417
Arg [4] : 000000000000000000000000db216562328215e010f819b5abe947bad4ca961e
Arg [5] : 0000000000000000000000008a1cda8dee421cd06023470608605934c16a05a0
Loading...
Loading
Loading...
Loading
Loading...
Loading
0x1dFA102bc097446bb2B836082367991dE24A1c64
Net Worth in USD
$0.00
Net Worth in ETH
0
Multichain Portfolio | 35 Chains
| Chain | Token | Portfolio % | Price | Amount | Value |
|---|
Loading...
Loading
Loading...
Loading
Loading...
Loading
A contract address hosts a smart contract, which is a set of code stored on the blockchain that runs when predetermined conditions are met. Learn more about addresses in our Knowledge Base.