@arbitrum/nitro-contracts 1.0.0-beta.5 → 1.0.0-beta.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@arbitrum/nitro-contracts",
-  "version": "1.0.0-beta.5",
+  "version": "1.0.0-beta.6",
   "description": "Layer 2 precompiles and rollup for Arbitrum Nitro",
   "author": "Offchain Labs, Inc.",
   "license": "BUSL-1.1",
@@ -41,6 +41,7 @@
     "ethereum-waffle": "^3.4.0",
     "ethers": "^5.5.2",
     "hardhat-deploy": "^0.11.4",
+    "hardhat-gas-reporter": "^1.0.8",
     "prettier": "^2.5.1",
     "prettier-plugin-solidity": "^1.0.0-beta.19",
     "solhint": "^3.3.7",

package/src/bridge/Bridge.sol

@@ -4,21 +4,23 @@
 
 pragma solidity ^0.8.4;
 
-import "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
+import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
 import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
 
 import "./IBridge.sol";
 import "./Messages.sol";
 import "../libraries/DelegateCallAware.sol";
 
+import {L1MessageType_batchPostingReport} from "../libraries/MessageTypes.sol";
+
 /**
  * @title Staging ground for incoming and outgoing messages
- * @notice Holds the inbox accumulator for delayed messages, and is the ETH escrow
- * for value sent with these messages.
+ * @notice Holds the inbox accumulator for sequenced and delayed messages.
+ * It is also the ETH escrow for value sent with these messages.
  * Since the escrow is held here, this contract also contains a list of allowed
  * outboxes that can make calls from here and withdraw this escrow.
  */
-contract Bridge is OwnableUpgradeable, DelegateCallAware, IBridge {
+contract Bridge is Initializable, DelegateCallAware, IBridge {
     using AddressUpgradeable for address;
 
     struct InOutInfo {
@@ -26,29 +28,109 @@ contract Bridge is OwnableUpgradeable, DelegateCallAware, IBridge {
         bool allowed;
     }
 
-    mapping(address => InOutInfo) private allowedInboxesMap;
+    mapping(address => InOutInfo) private allowedDelayedInboxesMap;
     mapping(address => InOutInfo) private allowedOutboxesMap;
 
-    address[] public allowedInboxList;
+    address[] public allowedDelayedInboxList;
     address[] public allowedOutboxList;
 
-    address public override activeOutbox;
+    address private _activeOutbox;
 
     /// @dev Accumulator for delayed inbox messages; tail represents hash of the current state; each element represents the inclusion of a new message.
-    bytes32[] public override inboxAccs;
+    bytes32[] public override delayedInboxAccs;
+
+    /// @dev Accumulator for sequencer inbox messages; tail represents hash of the current state; each element represents the inclusion of a new message.
+    bytes32[] public override sequencerInboxAccs;
+
+    IOwnable public override rollup;
+    address public sequencerInbox;
+
+    address private constant EMPTY_ACTIVEOUTBOX = address(type(uint160).max);
 
-    function initialize() external initializer onlyDelegated {
-        __Ownable_init();
+    function initialize(IOwnable rollup_) external initializer onlyDelegated {
+        _activeOutbox = EMPTY_ACTIVEOUTBOX;
+        rollup = rollup_;
     }
 
-    function allowedInboxes(address inbox) external view override returns (bool) {
-        return allowedInboxesMap[inbox].allowed;
+    modifier onlyRollupOrOwner() {
+        if (msg.sender != address(rollup)) {
+            address rollupOwner = rollup.owner();
+            if (msg.sender != rollupOwner) {
+                revert NotRollupOrOwner(msg.sender, address(rollup), rollupOwner);
+            }
+        }
+        _;
+    }
+
+    /// @dev returns the address of current active Outbox, or zero if no outbox is active
+    function activeOutbox() public view returns (address) {
+        address outbox = _activeOutbox;
+        // address zero is returned if no outbox is set, but the value used in storage
+        // is non-zero to save users some gas (as storage refunds are usually maxed out)
+        // EIP-1153 would help here.
+        // we don't return `EMPTY_ACTIVEOUTBOX` to avoid a breaking change on the current api
+        if (outbox == EMPTY_ACTIVEOUTBOX) return address(0);
+        return outbox;
+    }
+
+    function allowedDelayedInboxes(address inbox) external view override returns (bool) {
+        return allowedDelayedInboxesMap[inbox].allowed;
     }
 
     function allowedOutboxes(address outbox) external view override returns (bool) {
         return allowedOutboxesMap[outbox].allowed;
     }
 
+    modifier onlySequencerInbox() {
+        if (msg.sender != sequencerInbox) revert NotSequencerInbox(msg.sender);
+        _;
+    }
+
+    function enqueueSequencerMessage(bytes32 dataHash, uint256 afterDelayedMessagesRead)
+        external
+        override
+        onlySequencerInbox
+        returns (
+            uint256 seqMessageIndex,
+            bytes32 beforeAcc,
+            bytes32 delayedAcc,
+            bytes32 acc
+        )
+    {
+        seqMessageIndex = sequencerInboxAccs.length;
+        if (sequencerInboxAccs.length > 0) {
+            beforeAcc = sequencerInboxAccs[sequencerInboxAccs.length - 1];
+        }
+        if (afterDelayedMessagesRead > 0) {
+            delayedAcc = delayedInboxAccs[afterDelayedMessagesRead - 1];
+        }
+        acc = keccak256(abi.encodePacked(beforeAcc, dataHash, delayedAcc));
+        sequencerInboxAccs.push(acc);
+    }
+
+    /**
+     * @dev allows the sequencer inbox to submit a delayed message of the batchPostingReport type
+     * This is done through a separate function entrypoint instead of allowing the sequencer inbox
+     * to call `enqueueDelayedMessage` to avoid the gas overhead of an extra SLOAD in either
+     * every delayed inbox or every sequencer inbox call.
+     */
+    function submitBatchSpendingReport(address sender, bytes32 messageDataHash)
+        external
+        override
+        onlySequencerInbox
+        returns (uint256)
+    {
+        return
+            addMessageToDelayedAccumulator(
+                L1MessageType_batchPostingReport,
+                sender,
+                uint64(block.number),
+                uint64(block.timestamp), // solhint-disable-line not-rely-on-time,
+                block.basefee,
+                messageDataHash
+            );
+    }
+
     /**
      * @dev Enqueue a message in the delayed inbox accumulator.
      * These messages are later sequenced in the SequencerInbox, either by the sequencer as
@@ -59,9 +141,9 @@ contract Bridge is OwnableUpgradeable, DelegateCallAware, IBridge {
         address sender,
         bytes32 messageDataHash
     ) external payable override returns (uint256) {
-        if (!allowedInboxesMap[msg.sender].allowed) revert NotInbox(msg.sender);
+        if (!allowedDelayedInboxesMap[msg.sender].allowed) revert NotDelayedInbox(msg.sender);
         return
-            addMessageToAccumulator(
+            addMessageToDelayedAccumulator(
                 kind,
                 sender,
                 uint64(block.number),
@@ -71,7 +153,7 @@ contract Bridge is OwnableUpgradeable, DelegateCallAware, IBridge {
             );
     }
 
-    function addMessageToAccumulator(
+    function addMessageToDelayedAccumulator(
         uint8 kind,
         address sender,
         uint64 blockNumber,
@@ -79,7 +161,7 @@ contract Bridge is OwnableUpgradeable, DelegateCallAware, IBridge {
         uint256 baseFeeL1,
         bytes32 messageDataHash
     ) internal returns (uint256) {
-        uint256 count = inboxAccs.length;
+        uint256 count = delayedInboxAccs.length;
         bytes32 messageHash = Messages.messageHash(
             kind,
             sender,
@@ -91,9 +173,9 @@ contract Bridge is OwnableUpgradeable, DelegateCallAware, IBridge {
         );
         bytes32 prevAcc = 0;
         if (count > 0) {
-            prevAcc = inboxAccs[count - 1];
+            prevAcc = delayedInboxAccs[count - 1];
         }
-        inboxAccs.push(Messages.accumulateInboxMessage(prevAcc, messageHash));
+        delayedInboxAccs.push(Messages.accumulateInboxMessage(prevAcc, messageHash));
         emit MessageDelivered(
             count,
             prevAcc,
@@ -114,37 +196,46 @@ contract Bridge is OwnableUpgradeable, DelegateCallAware, IBridge {
     ) external override returns (bool success, bytes memory returnData) {
         if (!allowedOutboxesMap[msg.sender].allowed) revert NotOutbox(msg.sender);
         if (data.length > 0 && !to.isContract()) revert NotContract(to);
-        address prevOutbox = activeOutbox;
-        activeOutbox = msg.sender;
+        address prevOutbox = _activeOutbox;
+        _activeOutbox = msg.sender;
         // We set and reset active outbox around external call so activeOutbox remains valid during call
 
         // We use a low level call here since we want to bubble up whether it succeeded or failed to the caller
         // rather than reverting on failure as well as allow contract and non-contract calls
         // solhint-disable-next-line avoid-low-level-calls
         (success, returnData) = to.call{value: value}(data);
-        activeOutbox = prevOutbox;
+        _activeOutbox = prevOutbox;
         emit BridgeCallTriggered(msg.sender, to, value, data);
     }
 
-    function setInbox(address inbox, bool enabled) external override onlyOwner {
-        InOutInfo storage info = allowedInboxesMap[inbox];
+    function setSequencerInbox(address _sequencerInbox) external override onlyRollupOrOwner {
+        sequencerInbox = _sequencerInbox;
+        emit SequencerInboxUpdated(_sequencerInbox);
+    }
+
+    function setDelayedInbox(address inbox, bool enabled) external override onlyRollupOrOwner {
+        InOutInfo storage info = allowedDelayedInboxesMap[inbox];
         bool alreadyEnabled = info.allowed;
         emit InboxToggle(inbox, enabled);
         if ((alreadyEnabled && enabled) || (!alreadyEnabled && !enabled)) {
             return;
         }
         if (enabled) {
-            allowedInboxesMap[inbox] = InOutInfo(allowedInboxList.length, true);
-            allowedInboxList.push(inbox);
+            allowedDelayedInboxesMap[inbox] = InOutInfo(allowedDelayedInboxList.length, true);
+            allowedDelayedInboxList.push(inbox);
         } else {
-            allowedInboxList[info.index] = allowedInboxList[allowedInboxList.length - 1];
-            allowedInboxesMap[allowedInboxList[info.index]].index = info.index;
-            allowedInboxList.pop();
-            delete allowedInboxesMap[inbox];
+            allowedDelayedInboxList[info.index] = allowedDelayedInboxList[
+                allowedDelayedInboxList.length - 1
+            ];
+            allowedDelayedInboxesMap[allowedDelayedInboxList[info.index]].index = info.index;
+            allowedDelayedInboxList.pop();
+            delete allowedDelayedInboxesMap[inbox];
         }
     }
 
-    function setOutbox(address outbox, bool enabled) external override onlyOwner {
+    function setOutbox(address outbox, bool enabled) external override onlyRollupOrOwner {
+        if (outbox == EMPTY_ACTIVEOUTBOX) revert InvalidOutboxSet(outbox);
+
         InOutInfo storage info = allowedOutboxesMap[outbox];
         bool alreadyEnabled = info.allowed;
         emit OutboxToggle(outbox, enabled);
@@ -162,7 +253,11 @@ contract Bridge is OwnableUpgradeable, DelegateCallAware, IBridge {
         }
     }
 
-    function messageCount() external view override returns (uint256) {
-        return inboxAccs.length;
+    function delayedMessageCount() external view override returns (uint256) {
+        return delayedInboxAccs.length;
+    }
+
+    function sequencerMessageCount() external view override returns (uint256) {
+        return sequencerInboxAccs.length;
     }
 }

package/src/bridge/IBridge.sol

@@ -4,16 +4,25 @@
 
 pragma solidity ^0.8.4;
 
-import {NotContract} from "../libraries/Error.sol";
+import {NotContract, NotRollupOrOwner} from "../libraries/Error.sol";
+import "./IOwnable.sol";
 
 /// @dev Thrown when an un-authorized address tries to access an only-inbox function
 /// @param sender The un-authorized sender
-error NotInbox(address sender);
+error NotDelayedInbox(address sender);
+
+/// @dev Thrown when an un-authorized address tries to access an only-sequencer-inbox function
+/// @param sender The un-authorized sender
+error NotSequencerInbox(address sender);
 
 /// @dev Thrown when an un-authorized address tries to access an only-outbox function
 /// @param sender The un-authorized sender
 error NotOutbox(address sender);
 
+/// @dev the provided outbox address isn't valid
+/// @param outbox address of outbox being set
+error InvalidOutboxSet(address outbox);
+
 interface IBridge {
     event MessageDelivered(
         uint256 indexed messageIndex,
@@ -37,12 +46,27 @@ interface IBridge {
 
     event OutboxToggle(address indexed outbox, bool enabled);
 
+    event SequencerInboxUpdated(address newSequencerInbox);
+
     function enqueueDelayedMessage(
         uint8 kind,
         address sender,
         bytes32 messageDataHash
     ) external payable returns (uint256);
 
+    function enqueueSequencerMessage(bytes32 dataHash, uint256 afterDelayedMessagesRead)
+        external
+        returns (
+            uint256 seqMessageIndex,
+            bytes32 beforeAcc,
+            bytes32 delayedAcc,
+            bytes32 acc
+        );
+
+    function submitBatchSpendingReport(address batchPoster, bytes32 dataHash)
+        external
+        returns (uint256 msgNum);
+
     function executeCall(
         address to,
         uint256 value,
@@ -50,19 +74,29 @@ interface IBridge {
     ) external returns (bool success, bytes memory returnData);
 
     // These are only callable by the admin
-    function setInbox(address inbox, bool enabled) external;
+    function setDelayedInbox(address inbox, bool enabled) external;
 
     function setOutbox(address inbox, bool enabled) external;
 
+    function setSequencerInbox(address _sequencerInbox) external;
+
     // View functions
 
+    function sequencerInbox() external view returns (address);
+
     function activeOutbox() external view returns (address);
 
-    function allowedInboxes(address inbox) external view returns (bool);
+    function allowedDelayedInboxes(address inbox) external view returns (bool);
 
     function allowedOutboxes(address outbox) external view returns (bool);
 
-    function inboxAccs(uint256 index) external view returns (bytes32);
+    function delayedInboxAccs(uint256 index) external view returns (bytes32);
+
+    function sequencerInboxAccs(uint256 index) external view returns (bytes32);
+
+    function delayedMessageCount() external view returns (uint256);
+
+    function sequencerMessageCount() external view returns (uint256);
 
-    function messageCount() external view returns (uint256);
+    function rollup() external view returns (IOwnable);
 }

package/src/bridge/{IMessageProvider.sol → IDelayedMessageProvider.sol}

@@ -4,8 +4,7 @@
 
 pragma solidity ^0.8.0;
 
-interface IMessageProvider {
+interface IDelayedMessageProvider {
+    /// @dev event emitted when a inbox message is added to the Bridge's delayed accumulator
     event InboxMessageDelivered(uint256 indexed messageNum, bytes data);
-
-    event InboxMessageDeliveredFromOrigin(uint256 indexed messageNum);
 }

package/src/bridge/IInbox.sol

@@ -5,7 +5,7 @@
 pragma solidity ^0.8.4;
 
 import "./IBridge.sol";
-import "./IMessageProvider.sol";
+import "./IDelayedMessageProvider.sol";
 import {AlreadyInit, NotOrigin, DataTooLarge} from "../libraries/Error.sol";
 
 /// @dev The contract is paused, so cannot be paused
@@ -23,7 +23,25 @@ error InsufficientValue(uint256 expected, uint256 actual);
 /// @dev submission cost provided isn't enough to create retryable ticket
 error InsufficientSubmissionCost(uint256 expected, uint256 actual);
 
-interface IInbox is IMessageProvider {
+/// @dev address not allowed to interact with the given contract
+error NotAllowedOrigin(address origin);
+
+/// @dev used to convey retryable tx data in eth calls without requiring a tx trace
+/// this follows a pattern similar to EIP-3668 where reverts surface call information
+error RetryableData(
+    address from,
+    address to,
+    uint256 l2CallValue,
+    uint256 deposit,
+    uint256 maxSubmissionCost,
+    address excessFeeRefundAddress,
+    address callValueRefundAddress,
+    uint256 gasLimit,
+    uint256 maxFeePerGas,
+    bytes data
+);
+
+interface IInbox is IDelayedMessageProvider {
     function sendL2Message(bytes calldata messageData) external returns (uint256);
 
     function sendUnsignedTransaction(
@@ -58,6 +76,7 @@ interface IInbox is IMessageProvider {
         bytes calldata data
     ) external payable returns (uint256);
 
+    /// @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error
     function createRetryableTicket(
         address to,
         uint256 arbTxCallValue,
@@ -69,6 +88,8 @@ interface IInbox is IMessageProvider {
         bytes calldata data
     ) external payable returns (uint256);
 
+    /// @notice TEMPORARILY DISABLED as exact mechanics are being worked out
+    /// @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error
     function unsafeCreateRetryableTicket(
         address to,
         uint256 arbTxCallValue,

package/src/bridge/IOwnable.sol

@@ -0,0 +1,9 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.4;
+
+interface IOwnable {
+    function owner() external view returns (address);
+}

package/src/bridge/ISequencerInbox.sol

@@ -6,8 +6,9 @@ pragma solidity ^0.8.0;
 
 import "../libraries/IGasRefunder.sol";
 import {AlreadyInit, HadZeroInit, NotOrigin, DataTooLarge, NotRollup} from "../libraries/Error.sol";
+import "./IDelayedMessageProvider.sol";
 
-interface ISequencerInbox {
+interface ISequencerInbox is IDelayedMessageProvider {
     struct MaxTimeVariation {
         uint256 delayBlocks;
         uint256 futureBlocks;
@@ -38,18 +39,23 @@ interface ISequencerInbox {
         BatchDataLocation dataLocation
     );
 
+    event OwnerFunctionCalled(uint256 indexed id);
+
     /// @dev a separate event that emits batch data when this isn't easily accessible in the tx.input
     event SequencerBatchData(uint256 indexed batchSequenceNumber, bytes data);
 
+    /// @dev a valid keyset was added
+    event SetValidKeyset(bytes32 indexed keysetHash, bytes keysetBytes);
+
+    /// @dev a keyset was invalidated
+    event InvalidateKeyset(bytes32 indexed keysetHash);
+
     /// @dev Thrown when someone attempts to read fewer messages than have already been read
     error DelayedBackwards();
 
     /// @dev Thrown when someone attempts to read more messages than exist
     error DelayedTooFar();
 
-    /// @dev Thrown if the length of the header plus the length of the batch overflows
-    error DataLengthOverflow();
-
     /// @dev Force include can only read messages more blocks old than the delay period
     error ForceIncludeBlockTooSoon();
 
@@ -63,18 +69,20 @@ interface ISequencerInbox {
     error NotBatchPoster();
 
     /// @dev The sequence number provided to this message was inconsistent with the number of batches already included
-    error BadSequencerNumber();
+    error BadSequencerNumber(uint256 stored, uint256 received);
 
     /// @dev The batch data has the inbox authenticated bit set, but the batch data was not authenticated by the inbox
     error DataNotAuthenticated();
 
-    function inboxAccs(uint256 index) external view returns (bytes32);
+    /// @dev Tried to create an already valid Data Availability Service keyset
+    error AlreadyValidDASKeyset(bytes32);
 
-    function batchCount() external view returns (uint256);
+    /// @dev Tried to use or invalidate an already invalid Data Availability Service keyset
+    error NoSuchKeyset(bytes32);
 
-    function setMaxTimeVariation(MaxTimeVariation memory timeVariation) external;
+    function inboxAccs(uint256 index) external view returns (bytes32);
 
-    function setIsBatchPoster(address addr, bool isBatchPoster_) external;
+    function batchCount() external view returns (uint256);
 
     function addSequencerL2Batch(
         uint256 sequenceNumber,
@@ -82,4 +90,23 @@ interface ISequencerInbox {
         uint256 afterDelayedMessagesRead,
         IGasRefunder gasRefunder
     ) external;
+
+    // Methods only callable by rollup owner
+
+    /**
+     * @notice Set max time variation from actual time for sequencer inbox
+     * @param timeVariation the maximum time variation parameters
+     */
+    function setMaxTimeVariation(MaxTimeVariation memory timeVariation) external;
+
+    /**
+     * @notice Updates whether an address is authorized to be a batch poster at the sequencer inbox
+     * @param addr the address
+     * @param isBatchPoster if the specified address should be authorized as a batch poster
+     */
+    function setIsBatchPoster(address addr, bool isBatchPoster) external;
+
+    function setValidKeyset(bytes calldata keysetBytes) external;
+
+    function invalidateKeysetHash(bytes32 ksHash) external;
 }