@arbitrum/nitro-contracts 1.0.0-beta.1

package/src/bridge/IOutbox.sol

@@ -0,0 +1,52 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.4;
+
+import {AlreadyInit, NotRollup} from "../libraries/Error.sol";
+
+/// @dev The provided proof was too long
+/// @param proofLength The length of the too-long proof
+error ProofTooLong(uint256 proofLength);
+
+/// @dev The output index was greater than the maximum
+/// @param index The output index
+/// @param maxIndex The max the index could be
+error PathNotMinimal(uint256 index, uint256 maxIndex);
+
+/// @dev The calculated root does not exist
+/// @param root The calculated root
+error UnknownRoot(bytes32 root);
+
+/// @dev The record has already been spent
+/// @param index The index of the spent record
+error AlreadySpent(uint256 index);
+
+/// @dev A call to the bridge failed with no return data
+error BridgeCallFailed();
+
+interface IOutbox {
+    event SendRootUpdated(bytes32 indexed blockHash, bytes32 indexed outputRoot);
+    event OutBoxTransactionExecuted(
+        address indexed to,
+        address indexed l2Sender,
+        uint256 indexed zero,
+        uint256 transactionIndex
+    );
+
+    function l2ToL1Sender() external view returns (address);
+
+    function l2ToL1Block() external view returns (uint256);
+
+    function l2ToL1EthBlock() external view returns (uint256);
+
+    function l2ToL1Timestamp() external view returns (uint256);
+
+    // @deprecated batch number is now always 0
+    function l2ToL1BatchNum() external view returns (uint256);
+
+    function l2ToL1OutputId() external view returns (bytes32);
+
+    function updateSendRoot(bytes32 sendRoot, bytes32 l2BlockHash) external;
+}

package/src/bridge/ISequencerInbox.sol

@@ -0,0 +1,85 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+import "../libraries/IGasRefunder.sol";
+import {AlreadyInit, HadZeroInit, NotOrigin, DataTooLarge, NotRollup} from "../libraries/Error.sol";
+
+interface ISequencerInbox {
+    struct MaxTimeVariation {
+        uint256 delayBlocks;
+        uint256 futureBlocks;
+        uint256 delaySeconds;
+        uint256 futureSeconds;
+    }
+
+    struct TimeBounds {
+        uint64 minTimestamp;
+        uint64 maxTimestamp;
+        uint64 minBlockNumber;
+        uint64 maxBlockNumber;
+    }
+
+    enum BatchDataLocation {
+        TxInput,
+        SeparateBatchEvent,
+        NoData
+    }
+
+    event SequencerBatchDelivered(
+        uint256 indexed batchSequenceNumber,
+        bytes32 indexed beforeAcc,
+        bytes32 indexed afterAcc,
+        bytes32 delayedAcc,
+        uint256 afterDelayedMessagesRead,
+        TimeBounds timeBounds,
+        BatchDataLocation dataLocation
+    );
+
+    /// @dev a separate event that emits batch data when this isn't easily accessible in the tx.input
+    event SequencerBatchData(uint256 indexed batchSequenceNumber, bytes data);
+
+    /// @dev Thrown when someone attempts to read fewer messages than have already been read
+    error DelayedBackwards();
+
+    /// @dev Thrown when someone attempts to read more messages than exist
+    error DelayedTooFar();
+
+    /// @dev Thrown if the length of the header plus the length of the batch overflows
+    error DataLengthOverflow();
+
+    /// @dev Force include can only read messages more blocks old than the delay period
+    error ForceIncludeBlockTooSoon();
+
+    /// @dev Force include can only read messages more seconds old than the delay period
+    error ForceIncludeTimeTooSoon();
+
+    /// @dev The message provided did not match the hash in the delayed inbox
+    error IncorrectMessagePreimage();
+
+    /// @dev This can only be called by the batch poster
+    error NotBatchPoster();
+
+    /// @dev The sequence number provided to this message was inconsistent with the number of batches already included
+    error BadSequencerNumber();
+
+    /// @dev The batch data has the inbox authenticated bit set, but the batch data was not authenticated by the inbox
+    error DataNotAuthenticated();
+
+    function inboxAccs(uint256 index) external view returns (bytes32);
+
+    function batchCount() external view returns (uint256);
+
+    function setMaxTimeVariation(MaxTimeVariation memory timeVariation) external;
+
+    function setIsBatchPoster(address addr, bool isBatchPoster_) external;
+
+    function addSequencerL2Batch(
+        uint256 sequenceNumber,
+        bytes calldata data,
+        uint256 afterDelayedMessagesRead,
+        IGasRefunder gasRefunder
+    ) external;
+}

package/src/bridge/Inbox.sol

@@ -0,0 +1,414 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.4;
+
+import "./IInbox.sol";
+import "./IBridge.sol";
+
+import "./Messages.sol";
+import "../libraries/AddressAliasHelper.sol";
+import "../libraries/DelegateCallAware.sol";
+import {
+    L2_MSG,
+    L1MessageType_L2FundedByL1,
+    L1MessageType_submitRetryableTx,
+    L2MessageType_unsignedEOATx,
+    L2MessageType_unsignedContractTx
+} from "../libraries/MessageTypes.sol";
+import {MAX_DATA_SIZE} from "../libraries/Constants.sol";
+
+import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
+import "./Bridge.sol";
+
+/**
+ * @title Inbox for user and contract originated messages
+ * @notice Messages created via this inbox are enqueued in the delayed accumulator
+ * to await inclusion in the SequencerInbox
+ */
+contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
+    IBridge public override bridge;
+
+    modifier onlyOwner() {
+        // whoevever owns the Bridge, also owns the Inbox. this is usually the rollup contract
+        address bridgeOwner = Bridge(address(bridge)).owner();
+        if (msg.sender != bridgeOwner) revert NotOwner(msg.sender, bridgeOwner);
+        _;
+    }
+
+    /// @notice pauses all inbox functionality
+    function pause() external onlyOwner {
+        _pause();
+    }
+
+    /// @notice unpauses all inbox functionality
+    function unpause() external onlyOwner {
+        _unpause();
+    }
+
+    function initialize(IBridge _bridge) external initializer onlyDelegated {
+        if (address(bridge) != address(0)) revert AlreadyInit();
+        bridge = _bridge;
+        __Pausable_init();
+    }
+
+    /// @dev function to be called one time during the inbox upgrade process
+    /// this is used to fix the storage slots
+    function postUpgradeInit(IBridge _bridge) external onlyDelegated onlyProxyOwner {
+        uint8 slotsToWipe = 3;
+        for (uint8 i = 0; i < slotsToWipe; i++) {
+            assembly {
+                sstore(i, 0)
+            }
+        }
+        bridge = _bridge;
+    }
+
+    /**
+     * @notice Send a generic L2 message to the chain
+     * @dev This method is an optimization to avoid having to emit the entirety of the messageData in a log. Instead validators are expected to be able to parse the data from the transaction's input
+     * @param messageData Data of the message being sent
+     */
+    function sendL2MessageFromOrigin(bytes calldata messageData)
+        external
+        whenNotPaused
+        returns (uint256)
+    {
+        // solhint-disable-next-line avoid-tx-origin
+        if (msg.sender != tx.origin) revert NotOrigin();
+        if (messageData.length > MAX_DATA_SIZE)
+            revert DataTooLarge(messageData.length, MAX_DATA_SIZE);
+        uint256 msgNum = deliverToBridge(L2_MSG, msg.sender, keccak256(messageData));
+        emit InboxMessageDeliveredFromOrigin(msgNum);
+        return msgNum;
+    }
+
+    /**
+     * @notice Send a generic L2 message to the chain
+     * @dev This method can be used to send any type of message that doesn't require L1 validation
+     * @param messageData Data of the message being sent
+     */
+    function sendL2Message(bytes calldata messageData)
+        external
+        override
+        whenNotPaused
+        returns (uint256)
+    {
+        if (messageData.length > MAX_DATA_SIZE)
+            revert DataTooLarge(messageData.length, MAX_DATA_SIZE);
+        uint256 msgNum = deliverToBridge(L2_MSG, msg.sender, keccak256(messageData));
+        emit InboxMessageDelivered(msgNum, messageData);
+        return msgNum;
+    }
+
+    function sendL1FundedUnsignedTransaction(
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        uint256 nonce,
+        address to,
+        bytes calldata data
+    ) external payable virtual override whenNotPaused returns (uint256) {
+        return
+            _deliverMessage(
+                L1MessageType_L2FundedByL1,
+                msg.sender,
+                abi.encodePacked(
+                    L2MessageType_unsignedEOATx,
+                    gasLimit,
+                    maxFeePerGas,
+                    nonce,
+                    uint256(uint160(to)),
+                    msg.value,
+                    data
+                )
+            );
+    }
+
+    function sendL1FundedContractTransaction(
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        address to,
+        bytes calldata data
+    ) external payable virtual override whenNotPaused returns (uint256) {
+        return
+            _deliverMessage(
+                L1MessageType_L2FundedByL1,
+                msg.sender,
+                abi.encodePacked(
+                    L2MessageType_unsignedContractTx,
+                    gasLimit,
+                    maxFeePerGas,
+                    uint256(uint160(to)),
+                    msg.value,
+                    data
+                )
+            );
+    }
+
+    function sendUnsignedTransaction(
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        uint256 nonce,
+        address to,
+        uint256 value,
+        bytes calldata data
+    ) external virtual override whenNotPaused returns (uint256) {
+        return
+            _deliverMessage(
+                L2_MSG,
+                msg.sender,
+                abi.encodePacked(
+                    L2MessageType_unsignedEOATx,
+                    gasLimit,
+                    maxFeePerGas,
+                    nonce,
+                    uint256(uint160(to)),
+                    value,
+                    data
+                )
+            );
+    }
+
+    function sendContractTransaction(
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        address to,
+        uint256 value,
+        bytes calldata data
+    ) external virtual override whenNotPaused returns (uint256) {
+        return
+            _deliverMessage(
+                L2_MSG,
+                msg.sender,
+                abi.encodePacked(
+                    L2MessageType_unsignedContractTx,
+                    gasLimit,
+                    maxFeePerGas,
+                    uint256(uint160(to)),
+                    value,
+                    data
+                )
+            );
+    }
+
+    /**
+     * @notice Get the L1 fee for submitting a retryable
+     * @dev This fee can be paid by funds already in the L2 aliased address or by the current message value
+     * @dev This formula may change in the future, to future proof your code query this method instead of inlining!!
+     * @param dataLength The length of the retryable's calldata, in bytes
+     * @param baseFee The block basefee when the retryable is included in the chain
+     */
+    function calculateRetryableSubmissionFee(uint256 dataLength, uint256 baseFee)
+        public
+        pure
+        returns (uint256)
+    {
+        return (1400 + 6 * dataLength) * baseFee;
+    }
+
+    /// @notice deposit eth from L1 to L2
+    /// @dev this function should not be called inside contract constructors
+    function depositEth(uint256 maxSubmissionCost)
+        external
+        payable
+        virtual
+        override
+        whenNotPaused
+        returns (uint256)
+    {
+        address sender = msg.sender;
+        address destinationAddress = msg.sender;
+
+        uint256 submissionFee = calculateRetryableSubmissionFee(0, block.basefee);
+        require(maxSubmissionCost >= submissionFee, "insufficient submission fee");
+
+        // solhint-disable-next-line avoid-tx-origin
+        if (!AddressUpgradeable.isContract(sender) && tx.origin == msg.sender) {
+            // isContract check fails if this function is called during a contract's constructor.
+            // We don't adjust the address for calls coming from L1 contracts since their addresses get remapped
+            // If the caller is an EOA, we adjust the address.
+            // This is needed because unsigned messages to the L2 (such as retryables)
+            // have the L1 sender address mapped.
+            // Here we preemptively reverse the mapping for EOAs so deposits work as expected
+            sender = AddressAliasHelper.undoL1ToL2Alias(sender);
+        } else {
+            destinationAddress = AddressAliasHelper.applyL1ToL2Alias(destinationAddress);
+        }
+
+        return
+            _deliverMessage(
+                L1MessageType_submitRetryableTx,
+                sender,
+                abi.encodePacked(
+                    // the beneficiary and other refund addresses don't get rewritten by arb-os
+                    // so we use the original msg.sender value
+                    uint256(uint160(bytes20(destinationAddress))),
+                    uint256(0),
+                    msg.value,
+                    maxSubmissionCost,
+                    uint256(uint160(bytes20(destinationAddress))),
+                    uint256(uint160(bytes20(destinationAddress))),
+                    uint256(0),
+                    uint256(0),
+                    uint256(0),
+                    ""
+                )
+            );
+    }
+
+    /**
+     * @notice deprecated in favour of unsafeCreateRetryableTicket
+     * @dev deprecated in favour of unsafeCreateRetryableTicket
+     * @param to destination L2 contract address
+     * @param l2CallValue call value for retryable L2 message
+     * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee
+     * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance
+     * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled
+     * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution
+     * @param maxFeePerGas price bid for L2 execution
+     * @param data ABI encoded data of L2 message
+     * @return unique id for retryable transaction (keccak256(requestID, uint(0) )
+     */
+    function createRetryableTicketNoRefundAliasRewrite(
+        address to,
+        uint256 l2CallValue,
+        uint256 maxSubmissionCost,
+        address excessFeeRefundAddress,
+        address callValueRefundAddress,
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        bytes calldata data
+    ) external payable virtual whenNotPaused returns (uint256) {
+        return
+            unsafeCreateRetryableTicket(
+                to,
+                l2CallValue,
+                maxSubmissionCost,
+                excessFeeRefundAddress,
+                callValueRefundAddress,
+                gasLimit,
+                maxFeePerGas,
+                data
+            );
+    }
+
+    /**
+     * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts
+     * @dev all msg.value will deposited to callValueRefundAddress on L2
+     * @param to destination L2 contract address
+     * @param l2CallValue call value for retryable L2 message
+     * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee
+     * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance
+     * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled
+     * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution
+     * @param maxFeePerGas price bid for L2 execution
+     * @param data ABI encoded data of L2 message
+     * @return unique id for retryable transaction (keccak256(requestID, uint(0) )
+     */
+    function createRetryableTicket(
+        address to,
+        uint256 l2CallValue,
+        uint256 maxSubmissionCost,
+        address excessFeeRefundAddress,
+        address callValueRefundAddress,
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        bytes calldata data
+    ) external payable virtual override whenNotPaused returns (uint256) {
+        // ensure the user's deposit alone will make submission succeed
+        require(msg.value >= maxSubmissionCost + l2CallValue, "insufficient value");
+
+        // if a refund address is a contract, we apply the alias to it
+        // so that it can access its funds on the L2
+        // since the beneficiary and other refund addresses don't get rewritten by arb-os
+        if (AddressUpgradeable.isContract(excessFeeRefundAddress)) {
+            excessFeeRefundAddress = AddressAliasHelper.applyL1ToL2Alias(excessFeeRefundAddress);
+        }
+        if (AddressUpgradeable.isContract(callValueRefundAddress)) {
+            // this is the beneficiary. be careful since this is the address that can cancel the retryable in the L2
+            callValueRefundAddress = AddressAliasHelper.applyL1ToL2Alias(callValueRefundAddress);
+        }
+
+        return
+            unsafeCreateRetryableTicket(
+                to,
+                l2CallValue,
+                maxSubmissionCost,
+                excessFeeRefundAddress,
+                callValueRefundAddress,
+                gasLimit,
+                maxFeePerGas,
+                data
+            );
+    }
+
+    /**
+     * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts
+     * @dev Same as createRetryableTicket, but does not guarantee that submission will succeed by requiring the needed funds
+     * come from the deposit alone, rather than falling back on the user's L2 balance
+     * @dev Advanced usage only (does not rewrite aliases for excessFeeRefundAddress and callValueRefundAddress).
+     * createRetryableTicket method is the recommended standard.
+     * @param to destination L2 contract address
+     * @param l2CallValue call value for retryable L2 message
+     * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee
+     * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance
+     * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled
+     * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution
+     * @param maxFeePerGas price bid for L2 execution
+     * @param data ABI encoded data of L2 message
+     * @return unique id for retryable transaction (keccak256(requestID, uint(0) )
+     */
+    function unsafeCreateRetryableTicket(
+        address to,
+        uint256 l2CallValue,
+        uint256 maxSubmissionCost,
+        address excessFeeRefundAddress,
+        address callValueRefundAddress,
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        bytes calldata data
+    ) public payable virtual override whenNotPaused returns (uint256) {
+        uint256 submissionFee = calculateRetryableSubmissionFee(data.length, block.basefee);
+        require(maxSubmissionCost >= submissionFee, "insufficient submission fee");
+
+        return
+            _deliverMessage(
+                L1MessageType_submitRetryableTx,
+                msg.sender,
+                abi.encodePacked(
+                    uint256(uint160(to)),
+                    l2CallValue,
+                    msg.value,
+                    maxSubmissionCost,
+                    uint256(uint160(excessFeeRefundAddress)),
+                    uint256(uint160(callValueRefundAddress)),
+                    gasLimit,
+                    maxFeePerGas,
+                    data.length,
+                    data
+                )
+            );
+    }
+
+    function _deliverMessage(
+        uint8 _kind,
+        address _sender,
+        bytes memory _messageData
+    ) internal returns (uint256) {
+        if (_messageData.length > MAX_DATA_SIZE)
+            revert DataTooLarge(_messageData.length, MAX_DATA_SIZE);
+        uint256 msgNum = deliverToBridge(_kind, _sender, keccak256(_messageData));
+        emit InboxMessageDelivered(msgNum, _messageData);
+        return msgNum;
+    }
+
+    function deliverToBridge(
+        uint8 kind,
+        address sender,
+        bytes32 messageDataHash
+    ) internal returns (uint256) {
+        return bridge.enqueueDelayedMessage{value: msg.value}(kind, sender, messageDataHash);
+    }
+}

package/src/bridge/Messages.sol

@@ -0,0 +1,38 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+library Messages {
+    function messageHash(
+        uint8 kind,
+        address sender,
+        uint64 blockNumber,
+        uint64 timestamp,
+        uint256 inboxSeqNum,
+        uint256 baseFeeL1,
+        bytes32 messageDataHash
+    ) internal pure returns (bytes32) {
+        return
+            keccak256(
+                abi.encodePacked(
+                    kind,
+                    sender,
+                    blockNumber,
+                    timestamp,
+                    inboxSeqNum,
+                    baseFeeL1,
+                    messageDataHash
+                )
+            );
+    }
+
+    function accumulateInboxMessage(bytes32 prevAcc, bytes32 message)
+        internal
+        pure
+        returns (bytes32)
+    {
+        return keccak256(abi.encodePacked(prevAcc, message));
+    }
+}