@arbitrum/nitro-contracts 1.0.0-beta.1

package/src/bridge/Outbox.sol

@@ -0,0 +1,188 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.4;
+
+import "./IBridge.sol";
+import "./IOutbox.sol";
+import "../libraries/MerkleLib.sol";
+import "../libraries/DelegateCallAware.sol";
+
+contract Outbox is DelegateCallAware, IOutbox {
+    address public rollup; // the rollup contract
+    IBridge public bridge; // the bridge contract
+
+    mapping(uint256 => bool) public spent; // maps leaf number => if spent
+    mapping(bytes32 => bytes32) public roots; // maps root hashes => L2 block hash
+
+    struct L2ToL1Context {
+        uint128 l2Block;
+        uint128 l1Block;
+        uint128 timestamp;
+        bytes32 outputId;
+        address sender;
+    }
+    // Note, these variables are set and then wiped during a single transaction.
+    // Therefore their values don't need to be maintained, and their slots will
+    // be empty outside of transactions
+    L2ToL1Context internal context;
+    uint128 public constant OUTBOX_VERSION = 2;
+
+    function initialize(address _rollup, IBridge _bridge) external onlyDelegated {
+        if (rollup != address(0)) revert AlreadyInit();
+        rollup = _rollup;
+        bridge = _bridge;
+    }
+
+    function updateSendRoot(bytes32 root, bytes32 l2BlockHash) external override {
+        if (msg.sender != rollup) revert NotRollup(msg.sender, rollup);
+        roots[root] = l2BlockHash;
+        emit SendRootUpdated(root, l2BlockHash);
+    }
+
+    /// @notice When l2ToL1Sender returns a nonzero address, the message was originated by an L2 account
+    /// When the return value is zero, that means this is a system message
+    /// @dev the l2ToL1Sender behaves as the tx.origin, the msg.sender should be validated to protect against reentrancies
+    function l2ToL1Sender() external view override returns (address) {
+        return context.sender;
+    }
+
+    function l2ToL1Block() external view override returns (uint256) {
+        return uint256(context.l2Block);
+    }
+
+    function l2ToL1EthBlock() external view override returns (uint256) {
+        return uint256(context.l1Block);
+    }
+
+    function l2ToL1Timestamp() external view override returns (uint256) {
+        return uint256(context.timestamp);
+    }
+
+    // @deprecated batch number is now always 0
+    function l2ToL1BatchNum() external pure override returns (uint256) {
+        return 0;
+    }
+
+    function l2ToL1OutputId() external view override returns (bytes32) {
+        return context.outputId;
+    }
+
+    /**
+     * @notice Executes a messages in an Outbox entry.
+     * @dev Reverts if dispute period hasn't expired, since the outbox entry
+     * is only created once the rollup confirms the respective assertion.
+     * @param proof Merkle proof of message inclusion in send root
+     * @param index Merkle path to message
+     * @param l2Sender sender if original message (i.e., caller of ArbSys.sendTxToL1)
+     * @param to destination address for L1 contract call
+     * @param l2Block l2 block number at which sendTxToL1 call was made
+     * @param l1Block l1 block number at which sendTxToL1 call was made
+     * @param l2Timestamp l2 Timestamp at which sendTxToL1 call was made
+     * @param value wei in L1 message
+     * @param data abi-encoded L1 message data
+     */
+    function executeTransaction(
+        bytes32[] calldata proof,
+        uint256 index,
+        address l2Sender,
+        address to,
+        uint256 l2Block,
+        uint256 l1Block,
+        uint256 l2Timestamp,
+        uint256 value,
+        bytes calldata data
+    ) external virtual {
+        bytes32 outputId;
+        {
+            bytes32 userTx = calculateItemHash(
+                l2Sender,
+                to,
+                l2Block,
+                l1Block,
+                l2Timestamp,
+                value,
+                data
+            );
+
+            outputId = recordOutputAsSpent(proof, index, userTx);
+            emit OutBoxTransactionExecuted(to, l2Sender, 0, index);
+        }
+
+        // we temporarily store the previous values so the outbox can naturally
+        // unwind itself when there are nested calls to `executeTransaction`
+        L2ToL1Context memory prevContext = context;
+
+        context = L2ToL1Context({
+            sender: l2Sender,
+            l2Block: uint128(l2Block),
+            l1Block: uint128(l1Block),
+            timestamp: uint128(l2Timestamp),
+            outputId: outputId
+        });
+
+        // set and reset vars around execution so they remain valid during call
+        executeBridgeCall(to, value, data);
+
+        context = prevContext;
+    }
+
+    function recordOutputAsSpent(
+        bytes32[] memory proof,
+        uint256 index,
+        bytes32 item
+    ) internal returns (bytes32) {
+        if (proof.length >= 256) revert ProofTooLong(proof.length);
+        if (index >= 2**proof.length) revert PathNotMinimal(index, 2**proof.length);
+
+        // Hash the leaf an extra time to prove it's a leaf
+        bytes32 calcRoot = calculateMerkleRoot(proof, index, item);
+        if (roots[calcRoot] == bytes32(0)) revert UnknownRoot(calcRoot);
+
+        if (spent[index]) revert AlreadySpent(index);
+        spent[index] = true;
+
+        return bytes32(index);
+    }
+
+    function executeBridgeCall(
+        address to,
+        uint256 value,
+        bytes memory data
+    ) internal {
+        (bool success, bytes memory returndata) = bridge.executeCall(to, value, data);
+        if (!success) {
+            if (returndata.length > 0) {
+                // solhint-disable-next-line no-inline-assembly
+                assembly {
+                    let returndata_size := mload(returndata)
+                    revert(add(32, returndata), returndata_size)
+                }
+            } else {
+                revert BridgeCallFailed();
+            }
+        }
+    }
+
+    function calculateItemHash(
+        address l2Sender,
+        address to,
+        uint256 l2Block,
+        uint256 l1Block,
+        uint256 l2Timestamp,
+        uint256 value,
+        bytes calldata data
+    ) public pure returns (bytes32) {
+        return
+            keccak256(abi.encodePacked(l2Sender, to, l2Block, l1Block, l2Timestamp, value, data));
+    }
+
+    function calculateMerkleRoot(
+        bytes32[] memory proof,
+        uint256 path,
+        bytes32 item
+    ) public pure returns (bytes32) {
+        return MerkleLib.calculateRoot(proof, path, keccak256(abi.encodePacked(item)));
+    }
+}

package/src/bridge/SequencerInbox.sol

@@ -0,0 +1,274 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+import "./IBridge.sol";
+import "./ISequencerInbox.sol";
+import "./Messages.sol";
+
+import {GasRefundEnabled, IGasRefunder} from "../libraries/IGasRefunder.sol";
+import "../libraries/DelegateCallAware.sol";
+import {MAX_DATA_SIZE} from "../libraries/Constants.sol";
+
+/**
+ * @title Accepts batches from the sequencer and adds them to the rollup inbox.
+ * @notice Contains the inbox accumulator which is the ordering of all data and transactions to be processed by the rollup.
+ * As part of submitting a batch the sequencer is also expected to include items enqueued
+ * in the delayed inbox (Bridge.sol). If items in the delayed inbox are not included by a
+ * sequencer within a time limit they can be force included into the rollup inbox by anyone.
+ */
+contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox {
+    bytes32[] public override inboxAccs;
+    uint256 public totalDelayedMessagesRead;
+
+    IBridge public delayedBridge;
+
+    /// @dev The size of the batch header
+    uint256 public constant HEADER_LENGTH = 40;
+    /// @dev If the first batch data byte after the header has this bit set,
+    /// the sequencer inbox has authenticated the data. Currently not used.
+    bytes1 public constant DATA_AUTHENTICATED_FLAG = 0x40;
+
+    address public rollup;
+    mapping(address => bool) public isBatchPoster;
+    ISequencerInbox.MaxTimeVariation public maxTimeVariation;
+
+    function initialize(
+        IBridge delayedBridge_,
+        address rollup_,
+        ISequencerInbox.MaxTimeVariation calldata maxTimeVariation_
+    ) external onlyDelegated {
+        if (delayedBridge != IBridge(address(0))) revert AlreadyInit();
+        if (delayedBridge_ == IBridge(address(0))) revert HadZeroInit();
+        delayedBridge = delayedBridge_;
+        rollup = rollup_;
+        maxTimeVariation = maxTimeVariation_;
+    }
+
+    function getTimeBounds() internal view virtual returns (TimeBounds memory) {
+        TimeBounds memory bounds;
+        if (block.timestamp > maxTimeVariation.delaySeconds) {
+            bounds.minTimestamp = uint64(block.timestamp - maxTimeVariation.delaySeconds);
+        }
+        bounds.maxTimestamp = uint64(block.timestamp + maxTimeVariation.futureSeconds);
+        if (block.number > maxTimeVariation.delayBlocks) {
+            bounds.minBlockNumber = uint64(block.number - maxTimeVariation.delayBlocks);
+        }
+        bounds.maxBlockNumber = uint64(block.number + maxTimeVariation.futureBlocks);
+        return bounds;
+    }
+
+    /// @notice Force messages from the delayed inbox to be included in the chain
+    /// Callable by any address, but message can only be force-included after maxTimeVariation.delayBlocks and maxTimeVariation.delaySeconds
+    /// has elapsed. As part of normal behaviour the sequencer will include these messages
+    /// so it's only necessary to call this if the sequencer is down, or not including
+    /// any delayed messages.
+    /// @param _totalDelayedMessagesRead The total number of messages to read up to
+    /// @param kind The kind of the last message to be included
+    /// @param l1BlockAndTime The l1 block and the l1 timestamp of the last message to be included
+    /// @param baseFeeL1 The l1 gas price of the last message to be included
+    /// @param sender The sender of the last message to be included
+    /// @param messageDataHash The messageDataHash of the last message to be included
+    function forceInclusion(
+        uint256 _totalDelayedMessagesRead,
+        uint8 kind,
+        uint64[2] calldata l1BlockAndTime,
+        uint256 baseFeeL1,
+        address sender,
+        bytes32 messageDataHash
+    ) external {
+        if (_totalDelayedMessagesRead <= totalDelayedMessagesRead) revert DelayedBackwards();
+        bytes32 messageHash = Messages.messageHash(
+            kind,
+            sender,
+            l1BlockAndTime[0],
+            l1BlockAndTime[1],
+            _totalDelayedMessagesRead - 1,
+            baseFeeL1,
+            messageDataHash
+        );
+        // Can only force-include after the Sequencer-only window has expired.
+        if (l1BlockAndTime[0] + maxTimeVariation.delayBlocks >= block.number)
+            revert ForceIncludeBlockTooSoon();
+        if (l1BlockAndTime[1] + maxTimeVariation.delaySeconds >= block.timestamp)
+            revert ForceIncludeTimeTooSoon();
+
+        // Verify that message hash represents the last message sequence of delayed message to be included
+        bytes32 prevDelayedAcc = 0;
+        if (_totalDelayedMessagesRead > 1) {
+            prevDelayedAcc = delayedBridge.inboxAccs(_totalDelayedMessagesRead - 2);
+        }
+        if (
+            delayedBridge.inboxAccs(_totalDelayedMessagesRead - 1) !=
+            Messages.accumulateInboxMessage(prevDelayedAcc, messageHash)
+        ) revert IncorrectMessagePreimage();
+
+        (bytes32 dataHash, TimeBounds memory timeBounds) = formEmptyDataHash(
+            _totalDelayedMessagesRead
+        );
+        (bytes32 beforeAcc, bytes32 delayedAcc, bytes32 afterAcc) = addSequencerL2BatchImpl(
+            dataHash,
+            _totalDelayedMessagesRead
+        );
+        emit SequencerBatchDelivered(
+            inboxAccs.length - 1,
+            beforeAcc,
+            afterAcc,
+            delayedAcc,
+            totalDelayedMessagesRead,
+            timeBounds,
+            BatchDataLocation.NoData
+        );
+    }
+
+    function addSequencerL2BatchFromOrigin(
+        uint256 sequenceNumber,
+        bytes calldata data,
+        uint256 afterDelayedMessagesRead,
+        IGasRefunder gasRefunder
+    ) external refundsGasWithCalldata(gasRefunder, payable(msg.sender)) {
+        // solhint-disable-next-line avoid-tx-origin
+        if (msg.sender != tx.origin) revert NotOrigin();
+        if (!isBatchPoster[msg.sender]) revert NotBatchPoster();
+        if (inboxAccs.length != sequenceNumber) revert BadSequencerNumber();
+        (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
+            data,
+            afterDelayedMessagesRead
+        );
+        (bytes32 beforeAcc, bytes32 delayedAcc, bytes32 afterAcc) = addSequencerL2BatchImpl(
+            dataHash,
+            afterDelayedMessagesRead
+        );
+        emit SequencerBatchDelivered(
+            inboxAccs.length - 1,
+            beforeAcc,
+            afterAcc,
+            delayedAcc,
+            totalDelayedMessagesRead,
+            timeBounds,
+            BatchDataLocation.TxInput
+        );
+    }
+
+    function addSequencerL2Batch(
+        uint256 sequenceNumber,
+        bytes calldata data,
+        uint256 afterDelayedMessagesRead,
+        IGasRefunder gasRefunder
+    ) external override refundsGasNoCalldata(gasRefunder, payable(msg.sender)) {
+        if (!isBatchPoster[msg.sender] && msg.sender != rollup) revert NotBatchPoster();
+        if (inboxAccs.length != sequenceNumber) revert BadSequencerNumber();
+
+        (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
+            data,
+            afterDelayedMessagesRead
+        );
+        (bytes32 beforeAcc, bytes32 delayedAcc, bytes32 afterAcc) = addSequencerL2BatchImpl(
+            dataHash,
+            afterDelayedMessagesRead
+        );
+        emit SequencerBatchDelivered(
+            sequenceNumber,
+            beforeAcc,
+            afterAcc,
+            delayedAcc,
+            afterDelayedMessagesRead,
+            timeBounds,
+            BatchDataLocation.SeparateBatchEvent
+        );
+        emit SequencerBatchData(sequenceNumber, data);
+    }
+
+    function packHeader(uint256 afterDelayedMessagesRead)
+        internal
+        view
+        returns (bytes memory, TimeBounds memory)
+    {
+        TimeBounds memory timeBounds = getTimeBounds();
+        bytes memory header = abi.encodePacked(
+            timeBounds.minTimestamp,
+            timeBounds.maxTimestamp,
+            timeBounds.minBlockNumber,
+            timeBounds.maxBlockNumber,
+            uint64(afterDelayedMessagesRead)
+        );
+        // This must always be true from the packed encoding
+        assert(header.length == HEADER_LENGTH);
+        return (header, timeBounds);
+    }
+
+    function formDataHash(bytes calldata data, uint256 afterDelayedMessagesRead)
+        internal
+        view
+        returns (bytes32, TimeBounds memory)
+    {
+        uint256 fullDataLen = HEADER_LENGTH + data.length;
+        if (fullDataLen < HEADER_LENGTH) revert DataLengthOverflow();
+        if (fullDataLen > MAX_DATA_SIZE) revert DataTooLarge(fullDataLen, MAX_DATA_SIZE);
+        bytes memory fullData = new bytes(fullDataLen);
+        (bytes memory header, TimeBounds memory timeBounds) = packHeader(afterDelayedMessagesRead);
+
+        for (uint256 i = 0; i < HEADER_LENGTH; i++) {
+            fullData[i] = header[i];
+        }
+        if (data.length > 0 && (data[0] & DATA_AUTHENTICATED_FLAG) == DATA_AUTHENTICATED_FLAG) {
+            revert DataNotAuthenticated();
+        }
+        // copy data into fullData at offset of HEADER_LENGTH (the extra 32 offset is because solidity puts the array len first)
+        assembly {
+            calldatacopy(add(fullData, add(HEADER_LENGTH, 32)), data.offset, data.length)
+        }
+        return (keccak256(fullData), timeBounds);
+    }
+
+    function formEmptyDataHash(uint256 afterDelayedMessagesRead)
+        internal
+        view
+        returns (bytes32, TimeBounds memory)
+    {
+        (bytes memory header, TimeBounds memory timeBounds) = packHeader(afterDelayedMessagesRead);
+        return (keccak256(header), timeBounds);
+    }
+
+    function addSequencerL2BatchImpl(bytes32 dataHash, uint256 afterDelayedMessagesRead)
+        internal
+        returns (
+            bytes32 beforeAcc,
+            bytes32 delayedAcc,
+            bytes32 acc
+        )
+    {
+        if (afterDelayedMessagesRead < totalDelayedMessagesRead) revert DelayedBackwards();
+        if (afterDelayedMessagesRead > delayedBridge.messageCount()) revert DelayedTooFar();
+
+        if (inboxAccs.length > 0) {
+            beforeAcc = inboxAccs[inboxAccs.length - 1];
+        }
+        if (afterDelayedMessagesRead > 0) {
+            delayedAcc = delayedBridge.inboxAccs(afterDelayedMessagesRead - 1);
+        }
+
+        acc = keccak256(abi.encodePacked(beforeAcc, dataHash, delayedAcc));
+        inboxAccs.push(acc);
+        totalDelayedMessagesRead = afterDelayedMessagesRead;
+    }
+
+    function batchCount() external view override returns (uint256) {
+        return inboxAccs.length;
+    }
+
+    function setMaxTimeVariation(ISequencerInbox.MaxTimeVariation memory maxTimeVariation_)
+        external
+        override
+    {
+        if (msg.sender != rollup) revert NotRollup(msg.sender, rollup);
+        maxTimeVariation = maxTimeVariation_;
+    }
+
+    function setIsBatchPoster(address addr, bool isBatchPoster_) external override {
+        if (msg.sender != rollup) revert NotRollup(msg.sender, rollup);
+        isBatchPoster[addr] = isBatchPoster_;
+    }
+}

package/src/challenge/ChallengeLib.sol

@@ -0,0 +1,135 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+import "../state/Machine.sol";
+import "../state/GlobalState.sol";
+
+library ChallengeLib {
+    using MachineLib for Machine;
+    using ChallengeLib for Challenge;
+
+    /// @dev It's assumed that that uninitialzed challenges have mode NONE
+    enum ChallengeMode {
+        NONE,
+        BLOCK,
+        EXECUTION
+    }
+
+    struct Participant {
+        address addr;
+        uint256 timeLeft;
+    }
+
+    struct Challenge {
+        Participant current;
+        Participant next;
+        uint256 lastMoveTimestamp;
+        bytes32 wasmModuleRoot;
+        bytes32 challengeStateHash;
+        uint64 maxInboxMessages;
+        ChallengeMode mode;
+    }
+
+    struct SegmentSelection {
+        uint256 oldSegmentsStart;
+        uint256 oldSegmentsLength;
+        bytes32[] oldSegments;
+        uint256 challengePosition;
+    }
+
+    function timeUsedSinceLastMove(Challenge storage challenge) internal view returns (uint256) {
+        return block.timestamp - challenge.lastMoveTimestamp;
+    }
+
+    function isTimedOut(Challenge storage challenge) internal view returns (bool) {
+        return challenge.timeUsedSinceLastMove() > challenge.current.timeLeft;
+    }
+
+    function getStartMachineHash(bytes32 globalStateHash, bytes32 wasmModuleRoot)
+        internal
+        pure
+        returns (bytes32)
+    {
+        // Start the value stack with the function call ABI for the entrypoint
+        Value[] memory startingValues = new Value[](3);
+        startingValues[0] = ValueLib.newRefNull();
+        startingValues[1] = ValueLib.newI32(0);
+        startingValues[2] = ValueLib.newI32(0);
+        ValueArray memory valuesArray = ValueArray({inner: startingValues});
+        ValueStack memory values = ValueStack({proved: valuesArray, remainingHash: 0});
+        ValueStack memory internalStack;
+        PcStack memory blocks;
+        StackFrameWindow memory frameStack;
+
+        Machine memory mach = Machine({
+            status: MachineStatus.RUNNING,
+            valueStack: values,
+            internalStack: internalStack,
+            blockStack: blocks,
+            frameStack: frameStack,
+            globalStateHash: globalStateHash,
+            moduleIdx: 0,
+            functionIdx: 0,
+            functionPc: 0,
+            modulesRoot: wasmModuleRoot
+        });
+        return mach.hash();
+    }
+
+    function getEndMachineHash(MachineStatus status, bytes32 globalStateHash)
+        internal
+        pure
+        returns (bytes32)
+    {
+        if (status == MachineStatus.FINISHED) {
+            return keccak256(abi.encodePacked("Machine finished:", globalStateHash));
+        } else if (status == MachineStatus.ERRORED) {
+            return keccak256(abi.encodePacked("Machine errored:"));
+        } else if (status == MachineStatus.TOO_FAR) {
+            return keccak256(abi.encodePacked("Machine too far:"));
+        } else {
+            revert("BAD_BLOCK_STATUS");
+        }
+    }
+
+    function extractChallengeSegment(SegmentSelection calldata selection)
+        internal
+        pure
+        returns (uint256 segmentStart, uint256 segmentLength)
+    {
+        uint256 oldChallengeDegree = selection.oldSegments.length - 1;
+        segmentLength = selection.oldSegmentsLength / oldChallengeDegree;
+        // Intentionally done before challengeLength is potentially added to for the final segment
+        segmentStart = selection.oldSegmentsStart + segmentLength * selection.challengePosition;
+        if (selection.challengePosition == selection.oldSegments.length - 2) {
+            segmentLength += selection.oldSegmentsLength % oldChallengeDegree;
+        }
+    }
+
+    function hashChallengeState(
+        uint256 segmentsStart,
+        uint256 segmentsLength,
+        bytes32[] memory segments
+    ) internal pure returns (bytes32) {
+        return keccak256(abi.encodePacked(segmentsStart, segmentsLength, segments));
+    }
+
+    function blockStateHash(MachineStatus status, bytes32 globalStateHash)
+        internal
+        pure
+        returns (bytes32)
+    {
+        if (status == MachineStatus.FINISHED) {
+            return keccak256(abi.encodePacked("Block state:", globalStateHash));
+        } else if (status == MachineStatus.ERRORED) {
+            return keccak256(abi.encodePacked("Block state, errored:", globalStateHash));
+        } else if (status == MachineStatus.TOO_FAR) {
+            return keccak256(abi.encodePacked("Block state, too far:"));
+        } else {
+            revert("BAD_BLOCK_STATUS");
+        }
+    }
+}