@arbitrum/nitro-contracts 1.0.0-beta.1

package/src/challenge/ChallengeManager.sol

@@ -0,0 +1,367 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+import "../libraries/DelegateCallAware.sol";
+import "../osp/IOneStepProofEntry.sol";
+import "../state/GlobalState.sol";
+import "./IChallengeResultReceiver.sol";
+import "./ChallengeLib.sol";
+import "./IChallengeManager.sol";
+
+import {NO_CHAL_INDEX} from "../libraries/Constants.sol";
+
+contract ChallengeManager is DelegateCallAware, IChallengeManager {
+    using GlobalStateLib for GlobalState;
+    using MachineLib for Machine;
+    using ChallengeLib for ChallengeLib.Challenge;
+
+    enum ChallengeModeRequirement {
+        ANY,
+        BLOCK,
+        EXECUTION
+    }
+
+    string private constant NO_CHAL = "NO_CHAL";
+    uint256 private constant MAX_CHALLENGE_DEGREE = 40;
+
+    uint64 public totalChallengesCreated;
+    mapping(uint256 => ChallengeLib.Challenge) public challenges;
+
+    IChallengeResultReceiver public resultReceiver;
+
+    ISequencerInbox public sequencerInbox;
+    IBridge public delayedBridge;
+    IOneStepProofEntry public osp;
+
+    function challengeInfo(uint64 challengeIndex)
+        external
+        view
+        override
+        returns (ChallengeLib.Challenge memory)
+    {
+        return challenges[challengeIndex];
+    }
+
+    modifier takeTurn(
+        uint64 challengeIndex,
+        ChallengeLib.SegmentSelection calldata selection,
+        ChallengeModeRequirement expectedMode
+    ) {
+        ChallengeLib.Challenge storage challenge = challenges[challengeIndex];
+        require(msg.sender == currentResponder(challengeIndex), "CHAL_SENDER");
+        require(!isTimedOut(challengeIndex), "CHAL_DEADLINE");
+
+        if (expectedMode == ChallengeModeRequirement.ANY) {
+            require(challenge.mode != ChallengeLib.ChallengeMode.NONE, NO_CHAL);
+        } else if (expectedMode == ChallengeModeRequirement.BLOCK) {
+            require(challenge.mode == ChallengeLib.ChallengeMode.BLOCK, "CHAL_NOT_BLOCK");
+        } else if (expectedMode == ChallengeModeRequirement.EXECUTION) {
+            require(challenge.mode == ChallengeLib.ChallengeMode.EXECUTION, "CHAL_NOT_EXECUTION");
+        } else {
+            assert(false);
+        }
+
+        require(
+            challenge.challengeStateHash ==
+                ChallengeLib.hashChallengeState(
+                    selection.oldSegmentsStart,
+                    selection.oldSegmentsLength,
+                    selection.oldSegments
+                ),
+            "BIS_STATE"
+        );
+        if (
+            selection.oldSegments.length < 2 ||
+            selection.challengePosition >= selection.oldSegments.length - 1
+        ) {
+            revert("BAD_CHALLENGE_POS");
+        }
+
+        _;
+
+        if (challenge.mode == ChallengeLib.ChallengeMode.NONE) {
+            // Early return since challenge must have terminated
+            return;
+        }
+
+        ChallengeLib.Participant memory current = challenge.current;
+        current.timeLeft -= block.timestamp - challenge.lastMoveTimestamp;
+
+        challenge.current = challenge.next;
+        challenge.next = current;
+
+        challenge.lastMoveTimestamp = block.timestamp;
+    }
+
+    function initialize(
+        IChallengeResultReceiver resultReceiver_,
+        ISequencerInbox sequencerInbox_,
+        IBridge delayedBridge_,
+        IOneStepProofEntry osp_
+    ) external override onlyDelegated {
+        require(address(resultReceiver) == address(0), "ALREADY_INIT");
+        require(address(resultReceiver_) != address(0), "NO_RESULT_RECEIVER");
+        resultReceiver = resultReceiver_;
+        sequencerInbox = sequencerInbox_;
+        delayedBridge = delayedBridge_;
+        osp = osp_;
+    }
+
+    function createChallenge(
+        bytes32 wasmModuleRoot_,
+        MachineStatus[2] calldata startAndEndMachineStatuses_,
+        GlobalState[2] calldata startAndEndGlobalStates_,
+        uint64 numBlocks,
+        address asserter_,
+        address challenger_,
+        uint256 asserterTimeLeft_,
+        uint256 challengerTimeLeft_
+    ) external override returns (uint64) {
+        require(msg.sender == address(resultReceiver), "ONLY_ROLLUP_CHAL");
+        bytes32[] memory segments = new bytes32[](2);
+        segments[0] = ChallengeLib.blockStateHash(
+            startAndEndMachineStatuses_[0],
+            startAndEndGlobalStates_[0].hash()
+        );
+        segments[1] = ChallengeLib.blockStateHash(
+            startAndEndMachineStatuses_[1],
+            startAndEndGlobalStates_[1].hash()
+        );
+
+        uint64 challengeIndex = ++totalChallengesCreated;
+        // The following is an assertion since it should never be possible, but it's an important invariant
+        assert(challengeIndex != NO_CHAL_INDEX);
+        ChallengeLib.Challenge storage challenge = challenges[challengeIndex];
+        challenge.wasmModuleRoot = wasmModuleRoot_;
+
+        // See validator/assertion.go ExecutionState RequiredBatches() for reasoning
+        uint64 maxInboxMessagesRead = startAndEndGlobalStates_[1].getInboxPosition();
+        if (
+            startAndEndMachineStatuses_[1] == MachineStatus.ERRORED ||
+            startAndEndGlobalStates_[1].getPositionInMessage() > 0
+        ) {
+            maxInboxMessagesRead++;
+        }
+        challenge.maxInboxMessages = maxInboxMessagesRead;
+        challenge.next = ChallengeLib.Participant({addr: asserter_, timeLeft: asserterTimeLeft_});
+        challenge.current = ChallengeLib.Participant({
+            addr: challenger_,
+            timeLeft: challengerTimeLeft_
+        });
+        challenge.lastMoveTimestamp = block.timestamp;
+        challenge.mode = ChallengeLib.ChallengeMode.BLOCK;
+
+        emit InitiatedChallenge(
+            challengeIndex,
+            startAndEndGlobalStates_[0],
+            startAndEndGlobalStates_[1]
+        );
+        completeBisection(challengeIndex, 0, numBlocks, segments);
+        return challengeIndex;
+    }
+
+    /**
+     * @notice Initiate the next round in the bisection by objecting to execution correctness with a bisection
+     * of an execution segment with the same length but a different endpoint. This is either the initial move
+     * or follows another execution objection
+     */
+    function bisectExecution(
+        uint64 challengeIndex,
+        ChallengeLib.SegmentSelection calldata selection,
+        bytes32[] calldata newSegments
+    ) external takeTurn(challengeIndex, selection, ChallengeModeRequirement.ANY) {
+        (uint256 challengeStart, uint256 challengeLength) = ChallengeLib.extractChallengeSegment(
+            selection
+        );
+        require(challengeLength > 1, "TOO_SHORT");
+        {
+            uint256 expectedDegree = challengeLength;
+            if (expectedDegree > MAX_CHALLENGE_DEGREE) {
+                expectedDegree = MAX_CHALLENGE_DEGREE;
+            }
+            require(newSegments.length == expectedDegree + 1, "WRONG_DEGREE");
+        }
+
+        requireValidBisection(selection, newSegments[0], newSegments[newSegments.length - 1]);
+
+        completeBisection(challengeIndex, challengeStart, challengeLength, newSegments);
+    }
+
+    function challengeExecution(
+        uint64 challengeIndex,
+        ChallengeLib.SegmentSelection calldata selection,
+        MachineStatus[2] calldata machineStatuses,
+        bytes32[2] calldata globalStateHashes,
+        uint256 numSteps
+    ) external takeTurn(challengeIndex, selection, ChallengeModeRequirement.BLOCK) {
+        require(numSteps >= 1, "CHALLENGE_TOO_SHORT");
+        require(numSteps <= OneStepProofEntryLib.MAX_STEPS, "CHALLENGE_TOO_LONG");
+        requireValidBisection(
+            selection,
+            ChallengeLib.blockStateHash(machineStatuses[0], globalStateHashes[0]),
+            ChallengeLib.blockStateHash(machineStatuses[1], globalStateHashes[1])
+        );
+
+        ChallengeLib.Challenge storage challenge = challenges[challengeIndex];
+        (uint256 executionChallengeAtSteps, uint256 challengeLength) = ChallengeLib
+            .extractChallengeSegment(selection);
+        require(challengeLength == 1, "TOO_LONG");
+
+        if (machineStatuses[0] != MachineStatus.FINISHED) {
+            // If the machine is in a halted state, it can't change
+            require(
+                machineStatuses[0] == machineStatuses[1] &&
+                    globalStateHashes[0] == globalStateHashes[1],
+                "HALTED_CHANGE"
+            );
+            _currentWin(challengeIndex, ChallengeTerminationType.BLOCK_PROOF);
+            return;
+        }
+
+        if (machineStatuses[1] == MachineStatus.ERRORED) {
+            // If the machine errors, it must return to the previous global state
+            require(globalStateHashes[0] == globalStateHashes[1], "ERROR_CHANGE");
+        }
+
+        bytes32[] memory segments = new bytes32[](2);
+        segments[0] = ChallengeLib.getStartMachineHash(
+            globalStateHashes[0],
+            challenge.wasmModuleRoot
+        );
+        segments[1] = ChallengeLib.getEndMachineHash(machineStatuses[1], globalStateHashes[1]);
+
+        challenge.mode = ChallengeLib.ChallengeMode.EXECUTION;
+
+        completeBisection(challengeIndex, 0, numSteps, segments);
+
+        emit ExecutionChallengeBegun(challengeIndex, executionChallengeAtSteps);
+    }
+
+    function oneStepProveExecution(
+        uint64 challengeIndex,
+        ChallengeLib.SegmentSelection calldata selection,
+        bytes calldata proof
+    ) external takeTurn(challengeIndex, selection, ChallengeModeRequirement.EXECUTION) {
+        ChallengeLib.Challenge storage challenge = challenges[challengeIndex];
+        uint256 challengeStart;
+        {
+            uint256 challengeLength;
+            (challengeStart, challengeLength) = ChallengeLib.extractChallengeSegment(selection);
+            require(challengeLength == 1, "TOO_LONG");
+        }
+
+        bytes32 afterHash = osp.proveOneStep(
+            ExecutionContext({
+                maxInboxMessagesRead: challenge.maxInboxMessages,
+                sequencerInbox: sequencerInbox,
+                delayedBridge: delayedBridge
+            }),
+            challengeStart,
+            selection.oldSegments[selection.challengePosition],
+            proof
+        );
+        require(
+            afterHash != selection.oldSegments[selection.challengePosition + 1],
+            "SAME_OSP_END"
+        );
+
+        emit OneStepProofCompleted(challengeIndex);
+        _currentWin(challengeIndex, ChallengeTerminationType.EXECUTION_PROOF);
+    }
+
+    function timeout(uint64 challengeIndex) external override {
+        require(challenges[challengeIndex].mode != ChallengeLib.ChallengeMode.NONE, NO_CHAL);
+        require(isTimedOut(challengeIndex), "TIMEOUT_DEADLINE");
+        _nextWin(challengeIndex, ChallengeTerminationType.TIMEOUT);
+    }
+
+    function clearChallenge(uint64 challengeIndex) external override {
+        require(msg.sender == address(resultReceiver), "NOT_RES_RECEIVER");
+        require(challenges[challengeIndex].mode != ChallengeLib.ChallengeMode.NONE, NO_CHAL);
+        delete challenges[challengeIndex];
+        emit ChallengeEnded(challengeIndex, ChallengeTerminationType.CLEARED);
+    }
+
+    function currentResponder(uint64 challengeIndex) public view override returns (address) {
+        return challenges[challengeIndex].current.addr;
+    }
+
+    function currentResponderTimeLeft(uint64 challengeIndex)
+        public
+        view
+        override
+        returns (uint256)
+    {
+        return challenges[challengeIndex].current.timeLeft;
+    }
+
+    function isTimedOut(uint64 challengeIndex) public view override returns (bool) {
+        return challenges[challengeIndex].isTimedOut();
+    }
+
+    function requireValidBisection(
+        ChallengeLib.SegmentSelection calldata selection,
+        bytes32 startHash,
+        bytes32 endHash
+    ) private pure {
+        require(selection.oldSegments[selection.challengePosition] == startHash, "WRONG_START");
+        require(selection.oldSegments[selection.challengePosition + 1] != endHash, "SAME_END");
+    }
+
+    function completeBisection(
+        uint64 challengeIndex,
+        uint256 challengeStart,
+        uint256 challengeLength,
+        bytes32[] memory newSegments
+    ) private {
+        assert(challengeLength >= 1);
+        assert(newSegments.length >= 2);
+
+        bytes32 challengeStateHash = ChallengeLib.hashChallengeState(
+            challengeStart,
+            challengeLength,
+            newSegments
+        );
+        challenges[challengeIndex].challengeStateHash = challengeStateHash;
+
+        emit Bisected(
+            challengeIndex,
+            challengeStateHash,
+            challengeStart,
+            challengeLength,
+            newSegments
+        );
+    }
+
+    /// @dev This function causes the mode of the challenge to be set to NONE by deleting the challenge
+    function _nextWin(uint64 challengeIndex, ChallengeTerminationType reason) private {
+        ChallengeLib.Challenge storage challenge = challenges[challengeIndex];
+        address next = challenge.next.addr;
+        address current = challenge.current.addr;
+        delete challenges[challengeIndex];
+        resultReceiver.completeChallenge(challengeIndex, next, current);
+        emit ChallengeEnded(challengeIndex, reason);
+    }
+
+    /**
+     * @dev this currently sets a challenge hash of 0 - no move is possible for the next participant to progress the
+     * state. It is assumed that wherever this function is consumed, the turn is then adjusted for the opposite party
+     * to timeout. This is done as a safety measure so challenges can only be resolved by timeouts during mainnet beta.
+     */
+    function _currentWin(
+        uint64 challengeIndex,
+        ChallengeTerminationType /* reason */
+    ) private {
+        ChallengeLib.Challenge storage challenge = challenges[challengeIndex];
+        challenge.challengeStateHash = bytes32(0);
+
+        //        address next = challenge.next.addr;
+        //        address current = challenge.current.addr;
+        //        delete challenges[challengeIndex];
+        //        resultReceiver.completeChallenge(challengeIndex, current, next);
+        //        emit ChallengeEnded(challengeIndex, reason);
+    }
+}

package/src/challenge/IChallengeManager.sol

@@ -0,0 +1,75 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+import "../state/Machine.sol";
+import "../bridge/IBridge.sol";
+import "../bridge/ISequencerInbox.sol";
+import "../osp/IOneStepProofEntry.sol";
+
+import "./IChallengeResultReceiver.sol";
+
+import "./ChallengeLib.sol";
+
+interface IChallengeManager {
+    enum ChallengeTerminationType {
+        TIMEOUT,
+        BLOCK_PROOF,
+        EXECUTION_PROOF,
+        CLEARED
+    }
+
+    event InitiatedChallenge(
+        uint64 indexed challengeIndex,
+        GlobalState startState,
+        GlobalState endState
+    );
+
+    event Bisected(
+        uint64 indexed challengeIndex,
+        bytes32 indexed challengeRoot,
+        uint256 challengedSegmentStart,
+        uint256 challengedSegmentLength,
+        bytes32[] chainHashes
+    );
+
+    event ExecutionChallengeBegun(uint64 indexed challengeIndex, uint256 blockSteps);
+    event OneStepProofCompleted(uint64 indexed challengeIndex);
+
+    event ChallengeEnded(uint64 indexed challengeIndex, ChallengeTerminationType kind);
+
+    function initialize(
+        IChallengeResultReceiver resultReceiver_,
+        ISequencerInbox sequencerInbox_,
+        IBridge delayedBridge_,
+        IOneStepProofEntry osp_
+    ) external;
+
+    function createChallenge(
+        bytes32 wasmModuleRoot_,
+        MachineStatus[2] calldata startAndEndMachineStatuses_,
+        GlobalState[2] calldata startAndEndGlobalStates_,
+        uint64 numBlocks,
+        address asserter_,
+        address challenger_,
+        uint256 asserterTimeLeft_,
+        uint256 challengerTimeLeft_
+    ) external returns (uint64);
+
+    function challengeInfo(uint64 challengeIndex_)
+        external
+        view
+        returns (ChallengeLib.Challenge memory);
+
+    function currentResponder(uint64 challengeIndex) external view returns (address);
+
+    function isTimedOut(uint64 challengeIndex) external view returns (bool);
+
+    function currentResponderTimeLeft(uint64 challengeIndex_) external view returns (uint256);
+
+    function clearChallenge(uint64 challengeIndex_) external;
+
+    function timeout(uint64 challengeIndex_) external;
+}

package/src/challenge/IChallengeResultReceiver.sol

@@ -0,0 +1,13 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+interface IChallengeResultReceiver {
+    function completeChallenge(
+        uint256 challengeIndex,
+        address winner,
+        address loser
+    ) external;
+}

package/src/libraries/AddressAliasHelper.sol

@@ -0,0 +1,29 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+library AddressAliasHelper {
+    uint160 internal constant OFFSET = uint160(0x1111000000000000000000000000000000001111);
+
+    /// @notice Utility function that converts the address in the L1 that submitted a tx to
+    /// the inbox to the msg.sender viewed in the L2
+    /// @param l1Address the address in the L1 that triggered the tx to L2
+    /// @return l2Address L2 address as viewed in msg.sender
+    function applyL1ToL2Alias(address l1Address) internal pure returns (address l2Address) {
+        unchecked {
+            l2Address = address(uint160(l1Address) + OFFSET);
+        }
+    }
+
+    /// @notice Utility function that converts the msg.sender viewed in the L2 to the
+    /// address in the L1 that submitted a tx to the inbox
+    /// @param l2Address L2 address as viewed in msg.sender
+    /// @return l1Address the address in the L1 that triggered the tx to L2
+    function undoL1ToL2Alias(address l2Address) internal pure returns (address l1Address) {
+        unchecked {
+            l1Address = address(uint160(l2Address) - OFFSET);
+        }
+    }
+}

package/src/libraries/AdminFallbackProxy.sol

@@ -0,0 +1,153 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/proxy/Proxy.sol";
+import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Upgrade.sol";
+import "@openzeppelin/contracts/utils/Address.sol";
+import "@openzeppelin/contracts/utils/StorageSlot.sol";
+
+/// @notice An extension to OZ's ERC1967Upgrade implementation to support two logic contracts
+abstract contract DoubleLogicERC1967Upgrade is ERC1967Upgrade {
+    using Address for address;
+
+    // This is the keccak-256 hash of "eip1967.proxy.implementation.secondary" subtracted by 1
+    bytes32 internal constant _IMPLEMENTATION_SECONDARY_SLOT =
+        0x2b1dbce74324248c222f0ec2d5ed7bd323cfc425b336f0253c5ccfda7265546d;
+
+    // This is the keccak-256 hash of "eip1967.proxy.rollback.secondary" subtracted by 1
+    bytes32 private constant _ROLLBACK_SECONDARY_SLOT =
+        0x49bd798cd84788856140a4cd5030756b4d08a9e4d55db725ec195f232d262a89;
+
+    /**
+     * @dev Emitted when the secondary implementation is upgraded.
+     */
+    event UpgradedSecondary(address indexed implementation);
+
+    /**
+     * @dev Returns the current secondary implementation address.
+     */
+    function _getSecondaryImplementation() internal view returns (address) {
+        return StorageSlot.getAddressSlot(_IMPLEMENTATION_SECONDARY_SLOT).value;
+    }
+
+    /**
+     * @dev Stores a new address in the EIP1967 implementation slot.
+     */
+    function _setSecondaryImplementation(address newImplementation) private {
+        require(
+            Address.isContract(newImplementation),
+            "ERC1967: new secondary implementation is not a contract"
+        );
+        StorageSlot.getAddressSlot(_IMPLEMENTATION_SECONDARY_SLOT).value = newImplementation;
+    }
+
+    /**
+     * @dev Perform secondary implementation upgrade
+     *
+     * Emits an {UpgradedSecondary} event.
+     */
+    function _upgradeSecondaryTo(address newImplementation) internal {
+        _setSecondaryImplementation(newImplementation);
+        emit UpgradedSecondary(newImplementation);
+    }
+
+    /**
+     * @dev Perform secondary implementation upgrade with additional setup call.
+     *
+     * Emits an {UpgradedSecondary} event.
+     */
+    function _upgradeSecondaryToAndCall(
+        address newImplementation,
+        bytes memory data,
+        bool forceCall
+    ) internal {
+        _upgradeSecondaryTo(newImplementation);
+        if (data.length > 0 || forceCall) {
+            Address.functionDelegateCall(newImplementation, data);
+        }
+    }
+
+    /**
+     * @dev Perform secondary implementation upgrade with security checks for UUPS proxies, and additional setup call.
+     *
+     * Emits an {UpgradedSecondary} event.
+     */
+    function _upgradeSecondaryToAndCallUUPS(
+        address newImplementation,
+        bytes memory data,
+        bool forceCall
+    ) internal {
+        // Upgrades from old implementations will perform a rollback test. This test requires the new
+        // implementation to upgrade back to the old, non-ERC1822 compliant, implementation. Removing
+        // this special case will break upgrade paths from old UUPS implementation to new ones.
+        if (StorageSlot.getBooleanSlot(_ROLLBACK_SECONDARY_SLOT).value) {
+            _setSecondaryImplementation(newImplementation);
+        } else {
+            try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
+                require(
+                    slot == _IMPLEMENTATION_SECONDARY_SLOT,
+                    "ERC1967Upgrade: unsupported proxiableUUID"
+                );
+            } catch {
+                revert("ERC1967Upgrade: new secondary implementation is not UUPS");
+            }
+            _upgradeSecondaryToAndCall(newImplementation, data, forceCall);
+        }
+    }
+}
+
+/// @notice similar to TransparentUpgradeableProxy but allows the admin to fallback to a separate logic contract using DoubleLogicERC1967Upgrade
+/// @dev this follows the UUPS pattern for upgradeability - read more at https://github.com/OpenZeppelin/openzeppelin-contracts/tree/v4.5.0/contracts/proxy#transparent-vs-uups-proxies
+contract AdminFallbackProxy is Proxy, DoubleLogicERC1967Upgrade {
+    /**
+     * @dev Initializes the upgradeable proxy with an initial implementation specified by `adminLogic` and a secondary
+     * logic implementation specified by `userLogic`
+     *
+     * Only the `adminAddr` is able to use the `adminLogic` functions
+     * All other addresses can interact with the `userLogic` functions
+     */
+    constructor(
+        address adminLogic,
+        bytes memory adminData,
+        address userLogic,
+        bytes memory userData,
+        address adminAddr
+    ) payable {
+        assert(_ADMIN_SLOT == bytes32(uint256(keccak256("eip1967.proxy.admin")) - 1));
+        assert(
+            _IMPLEMENTATION_SLOT == bytes32(uint256(keccak256("eip1967.proxy.implementation")) - 1)
+        );
+        assert(
+            _IMPLEMENTATION_SECONDARY_SLOT ==
+                bytes32(uint256(keccak256("eip1967.proxy.implementation.secondary")) - 1)
+        );
+        _changeAdmin(adminAddr);
+        _upgradeToAndCall(adminLogic, adminData, false);
+        _upgradeSecondaryToAndCall(userLogic, userData, false);
+    }
+
+    /// @inheritdoc Proxy
+    function _implementation() internal view override returns (address) {
+        require(msg.data.length >= 4, "NO_FUNC_SIG");
+        // if the sender is the proxy's admin, delegate to admin logic
+        // if the admin is disabled (set to addr zero), all calls will be forwarded to user logic
+        address target = _getAdmin() != msg.sender
+            ? DoubleLogicERC1967Upgrade._getSecondaryImplementation()
+            : ERC1967Upgrade._getImplementation();
+        // implementation setters already do an existence check
+        // require(target.isContract(), "TARGET_NOT_CONTRACT");
+        return target;
+    }
+
+    /**
+     * @dev unlike transparent upgradeable proxies, this does allow the admin to fallback to a logic contract
+     * the admin is expected to interact only with the secondary logic contract, which handles contract
+     * upgrades using the UUPS approach
+     */
+    function _beforeFallback() internal override {
+        super._beforeFallback();
+    }
+}

package/src/libraries/ArbitrumProxy.sol

@@ -0,0 +1,20 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.0;
+
+import "./AdminFallbackProxy.sol";
+import "../rollup/IRollupLogic.sol";
+
+contract ArbitrumProxy is AdminFallbackProxy {
+    constructor(Config memory config, ContractDependencies memory connectedContracts)
+        AdminFallbackProxy(
+            address(connectedContracts.rollupAdminLogic),
+            abi.encodeWithSelector(IRollupAdmin.initialize.selector, config, connectedContracts),
+            address(connectedContracts.rollupUserLogic),
+            abi.encodeWithSelector(IRollupUserAbs.initialize.selector, config.stakeToken),
+            config.owner
+        )
+    {}
+}

package/src/libraries/Constants.sol

@@ -0,0 +1,10 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.4;
+
+// 90% of Geth's 128KB tx size limit, leaving ~13KB for proving
+uint256 constant MAX_DATA_SIZE = 117964;
+
+uint64 constant NO_CHAL_INDEX = 0;