Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(protocol): update DeployOnL1 script based on Ownable2StepUpgradeable changes #16062

Closed
22 changes: 22 additions & 0 deletions packages/protocol/contracts/libs/LibDeploy.sol
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ pragma solidity 0.8.24;

import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
import "@openzeppelin/contracts-upgradeable/access/Ownable2StepUpgradeable.sol";
import "../L1/gov/TaikoTimelockController.sol";

/// @title LibDeploy
/// @dev Provides utilities for deploying contracts
Expand All @@ -37,4 +39,24 @@ library LibDeploy {
OwnableUpgradeable(proxy).transferOwnership(owner);
}
}

function deployERC1967Proxy(
address impl,
TimelockControllerUpgradeable timelock,
bytes memory data
)
internal
returns (address proxy)
{
proxy = deployERC1967Proxy(impl, address(timelock), data);
acceptOwnership(proxy, timelock);
}

function acceptOwnership(address proxy, TimelockControllerUpgradeable timelock) internal {
bytes32 salt = bytes32(block.timestamp);
bytes memory payload = abi.encodeCall(Ownable2StepUpgradeable(proxy).acceptOwnership, ());

timelock.schedule(proxy, 0, payload, bytes32(0), salt, 0);
timelock.execute(proxy, 0, payload, bytes32(0), salt);
}
}
42 changes: 30 additions & 12 deletions packages/protocol/script/DeployOnL1.s.sol
Original file line number Diff line number Diff line change
Expand Up @@ -200,21 +200,22 @@ contract DeployOnL1 is DeployCapability {
// Setup time lock roles
TaikoTimelockController _timelock = TaikoTimelockController(payable(timelock));
// Only the governer can make proposals after holders voting.
_timelock.grantRole(_timelock.PROPOSER_ROLE(), msg.sender);
_timelock.grantRole(_timelock.PROPOSER_ROLE(), governor);
_timelock.grantRole(_timelock.PROPOSER_ROLE(), securityCouncil);

// Granting address(0) the executor role to allow open executation.
_timelock.grantRole(_timelock.EXECUTOR_ROLE(), msg.sender);
_timelock.grantRole(_timelock.EXECUTOR_ROLE(), address(0));

// Cancelling is not supported by the implementation by default, therefore, no need to set
// up this role.
// _timelock.grantRole(_timelock.CANCELLER_ROLE(), securityCouncil);

_timelock.grantRole(_timelock.TIMELOCK_ADMIN_ROLE(), securityCouncil);
_timelock.grantRole(_timelock.TIMELOCK_ADMIN_ROLE(), msg.sender);
_timelock.revokeRole(_timelock.TIMELOCK_ADMIN_ROLE(), address(this));
_timelock.revokeRole(_timelock.TIMELOCK_ADMIN_ROLE(), msg.sender);

_timelock.transferOwnership(securityCouncil);
LibDeploy.acceptOwnership(taikoToken, _timelock);

// Deploy Bridging contracts
deployProxy({
Expand All @@ -230,7 +231,8 @@ contract DeployOnL1 is DeployCapability {
impl: address(new Bridge()),
data: abi.encodeCall(Bridge.init, (sharedAddressManager)),
registerTo: sharedAddressManager,
owner: timelock
owner: timelock,
timelock: _timelock
});

console2.log("------------------------------------------");
Expand All @@ -248,23 +250,26 @@ contract DeployOnL1 is DeployCapability {
impl: address(new ERC20Vault()),
data: abi.encodeCall(BaseVault.init, (sharedAddressManager)),
registerTo: sharedAddressManager,
owner: timelock
owner: timelock,
timelock: _timelock
});

deployProxy({
name: "erc721_vault",
impl: address(new ERC721Vault()),
data: abi.encodeCall(BaseVault.init, (sharedAddressManager)),
registerTo: sharedAddressManager,
owner: timelock
owner: timelock,
timelock: _timelock
});

deployProxy({
name: "erc1155_vault",
impl: address(new ERC1155Vault()),
data: abi.encodeCall(BaseVault.init, (sharedAddressManager)),
registerTo: sharedAddressManager,
owner: timelock
owner: timelock,
timelock: _timelock
});

console2.log("------------------------------------------");
Expand Down Expand Up @@ -297,6 +302,7 @@ contract DeployOnL1 is DeployCapability {
{
addressNotNull(_sharedAddressManager, "sharedAddressManager");
addressNotNull(timelock, "timelock");
TaikoTimelockController _timelock = TaikoTimelockController(payable(timelock));

rollupAddressManager = deployProxy({
name: "rollup_address_manager",
Expand All @@ -309,15 +315,17 @@ contract DeployOnL1 is DeployCapability {
impl: address(new TaikoL1()),
data: abi.encodeCall(TaikoL1.init, (rollupAddressManager, vm.envBytes32("L2_GENESIS_HASH"))),
registerTo: rollupAddressManager,
owner: timelock
owner: timelock,
timelock: _timelock
});

deployProxy({
name: "assignment_hook",
impl: address(new AssignmentHook()),
data: abi.encodeCall(AssignmentHook.init, (rollupAddressManager)),
registerTo: address(0),
owner: timelock
owner: timelock,
timelock: _timelock
});

address tierProvider;
Expand All @@ -332,23 +340,26 @@ contract DeployOnL1 is DeployCapability {
impl: tierProvider,
data: abi.encodeCall(TestnetTierProvider.init, ()),
registerTo: rollupAddressManager,
owner: timelock
owner: timelock,
timelock: _timelock
});

deployProxy({
name: "tier_guardian",
impl: address(new GuardianVerifier()),
data: abi.encodeCall(GuardianVerifier.init, (rollupAddressManager)),
registerTo: rollupAddressManager,
owner: timelock
owner: timelock,
timelock: _timelock
});

deployProxy({
name: "tier_sgx",
impl: address(new SgxVerifier()),
data: abi.encodeCall(SgxVerifier.init, (rollupAddressManager)),
registerTo: rollupAddressManager,
owner: timelock
owner: timelock,
timelock: _timelock
});

address guardianProver = deployProxy({
Expand All @@ -363,6 +374,7 @@ contract DeployOnL1 is DeployCapability {
uint8 minGuardians = uint8(vm.envUint("MIN_GUARDIANS"));
GuardianProver(guardianProver).setGuardians(guardians, minGuardians);
GuardianProver(guardianProver).transferOwnership(timelock);
LibDeploy.acceptOwnership(guardianProver, _timelock);

// No need to proxy these, because they are 3rd party. If we want to modify, we simply
// change the registerAddress("automata_dcap_attestation", address(attestation));
Expand All @@ -378,6 +390,12 @@ contract DeployOnL1 is DeployCapability {
register(
rollupAddressManager, "automata_dcap_attestation", address(automateDcapV3Attestation)
);

// Revoke granted roles from the deployer
_timelock.transferOwnership(securityCouncil);
_timelock.revokeRole(_timelock.PROPOSER_ROLE(), msg.sender);
_timelock.revokeRole(_timelock.EXECUTOR_ROLE(), msg.sender);
_timelock.revokeRole(_timelock.TIMELOCK_ADMIN_ROLE(), msg.sender);
}

function deployAuxContracts() private {
Expand Down
24 changes: 22 additions & 2 deletions packages/protocol/test/DeployCapability.sol
Original file line number Diff line number Diff line change
Expand Up @@ -20,12 +20,17 @@ abstract contract DeployCapability is Script {
address impl,
bytes memory data,
address registerTo,
address owner
address owner,
TimelockControllerUpgradeable timelock
)
internal
returns (address proxy)
{
proxy = LibDeploy.deployERC1967Proxy(impl, owner, data);
if (address(timelock) == address(0)) {
proxy = LibDeploy.deployERC1967Proxy(impl, owner, data);
} else {
proxy = LibDeploy.deployERC1967Proxy(impl, timelock, data);
}

if (registerTo != address(0)) {
AddressManager(registerTo).setAddress(
Expand All @@ -46,6 +51,21 @@ abstract contract DeployCapability is Script {
);
}

function deployProxy(
string memory name,
address impl,
bytes memory data,
address registerTo,
address owner
)
internal
returns (address proxy)
{
return deployProxy(
name, impl, data, registerTo, owner, TimelockControllerUpgradeable(payable(address(0)))
);
}

function deployProxy(
string memory name,
address impl,
Expand Down
Loading