@arbitrum/nitro-contracts 1.0.0-beta.5 → 1.0.0-beta.8

package/src/bridge/SequencerInbox.sol

@@ -4,10 +4,30 @@
 
 pragma solidity ^0.8.0;
 
+import {
+    AlreadyInit,
+    HadZeroInit,
+    NotOrigin,
+    DataTooLarge,
+    NotRollup,
+    DelayedBackwards,
+    DelayedTooFar,
+    ForceIncludeBlockTooSoon,
+    ForceIncludeTimeTooSoon,
+    IncorrectMessagePreimage,
+    NotBatchPoster,
+    BadSequencerNumber,
+    DataNotAuthenticated,
+    AlreadyValidDASKeyset,
+    NoSuchKeyset
+} from "../libraries/Error.sol";
 import "./IBridge.sol";
+import "./IInbox.sol";
 import "./ISequencerInbox.sol";
+import "../rollup/IRollupLogic.sol";
 import "./Messages.sol";
 
+import {L1MessageType_batchPostingReport} from "../libraries/MessageTypes.sol";
 import {GasRefundEnabled, IGasRefunder} from "../libraries/IGasRefunder.sol";
 import "../libraries/DelegateCallAware.sol";
 import {MAX_DATA_SIZE} from "../libraries/Constants.sol";
@@ -20,10 +40,9 @@ import {MAX_DATA_SIZE} from "../libraries/Constants.sol";
  * sequencer within a time limit they can be force included into the rollup inbox by anyone.
  */
 contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox {
-    bytes32[] public override inboxAccs;
     uint256 public totalDelayedMessagesRead;
 
-    IBridge public delayedBridge;
+    IBridge public bridge;
 
     /// @dev The size of the batch header
     uint256 public constant HEADER_LENGTH = 40;
@@ -31,19 +50,29 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     /// the sequencer inbox has authenticated the data. Currently not used.
     bytes1 public constant DATA_AUTHENTICATED_FLAG = 0x40;
 
-    address public rollup;
+    IOwnable public rollup;
     mapping(address => bool) public isBatchPoster;
     ISequencerInbox.MaxTimeVariation public maxTimeVariation;
 
+    struct DasKeySetInfo {
+        bool isValidKeyset;
+        uint64 creationBlock;
+    }
+    mapping(bytes32 => DasKeySetInfo) public dasKeySetInfo;
+
+    modifier onlyRollupOwner() {
+        if (msg.sender != rollup.owner()) revert NotOwner(msg.sender, address(rollup));
+        _;
+    }
+
     function initialize(
-        IBridge delayedBridge_,
-        address rollup_,
+        IBridge bridge_,
         ISequencerInbox.MaxTimeVariation calldata maxTimeVariation_
     ) external onlyDelegated {
-        if (delayedBridge != IBridge(address(0))) revert AlreadyInit();
-        if (delayedBridge_ == IBridge(address(0))) revert HadZeroInit();
-        delayedBridge = delayedBridge_;
-        rollup = rollup_;
+        if (bridge != IBridge(address(0))) revert AlreadyInit();
+        if (bridge_ == IBridge(address(0))) revert HadZeroInit();
+        bridge = bridge_;
+        rollup = bridge_.rollup();
         maxTimeVariation = maxTimeVariation_;
     }
 
@@ -98,22 +127,24 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         // Verify that message hash represents the last message sequence of delayed message to be included
         bytes32 prevDelayedAcc = 0;
         if (_totalDelayedMessagesRead > 1) {
-            prevDelayedAcc = delayedBridge.inboxAccs(_totalDelayedMessagesRead - 2);
+            prevDelayedAcc = bridge.delayedInboxAccs(_totalDelayedMessagesRead - 2);
         }
         if (
-            delayedBridge.inboxAccs(_totalDelayedMessagesRead - 1) !=
+            bridge.delayedInboxAccs(_totalDelayedMessagesRead - 1) !=
             Messages.accumulateInboxMessage(prevDelayedAcc, messageHash)
         ) revert IncorrectMessagePreimage();
 
         (bytes32 dataHash, TimeBounds memory timeBounds) = formEmptyDataHash(
             _totalDelayedMessagesRead
         );
-        (bytes32 beforeAcc, bytes32 delayedAcc, bytes32 afterAcc) = addSequencerL2BatchImpl(
-            dataHash,
-            _totalDelayedMessagesRead
-        );
+        (
+            uint256 seqMessageIndex,
+            bytes32 beforeAcc,
+            bytes32 delayedAcc,
+            bytes32 afterAcc
+        ) = addSequencerL2BatchImpl(dataHash, _totalDelayedMessagesRead, 0);
         emit SequencerBatchDelivered(
-            inboxAccs.length - 1,
+            seqMessageIndex,
             beforeAcc,
             afterAcc,
             delayedAcc,
@@ -128,21 +159,24 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         bytes calldata data,
         uint256 afterDelayedMessagesRead,
         IGasRefunder gasRefunder
-    ) external refundsGasWithCalldata(gasRefunder, payable(msg.sender)) {
+    ) external refundsGas(gasRefunder) {
         // solhint-disable-next-line avoid-tx-origin
         if (msg.sender != tx.origin) revert NotOrigin();
         if (!isBatchPoster[msg.sender]) revert NotBatchPoster();
-        if (inboxAccs.length != sequenceNumber) revert BadSequencerNumber();
         (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
             data,
             afterDelayedMessagesRead
         );
-        (bytes32 beforeAcc, bytes32 delayedAcc, bytes32 afterAcc) = addSequencerL2BatchImpl(
-            dataHash,
-            afterDelayedMessagesRead
-        );
+        (
+            uint256 seqMessageIndex,
+            bytes32 beforeAcc,
+            bytes32 delayedAcc,
+            bytes32 afterAcc
+        ) = addSequencerL2BatchImpl(dataHash, afterDelayedMessagesRead, data.length);
+        if (seqMessageIndex != sequenceNumber)
+            revert BadSequencerNumber(seqMessageIndex, sequenceNumber);
         emit SequencerBatchDelivered(
-            inboxAccs.length - 1,
+            sequenceNumber,
             beforeAcc,
             afterAcc,
             delayedAcc,
@@ -157,18 +191,23 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         bytes calldata data,
         uint256 afterDelayedMessagesRead,
         IGasRefunder gasRefunder
-    ) external override refundsGasNoCalldata(gasRefunder, payable(msg.sender)) {
-        if (!isBatchPoster[msg.sender] && msg.sender != rollup) revert NotBatchPoster();
-        if (inboxAccs.length != sequenceNumber) revert BadSequencerNumber();
+    ) external override refundsGas(gasRefunder) {
+        if (!isBatchPoster[msg.sender] && msg.sender != address(rollup)) revert NotBatchPoster();
 
         (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
             data,
             afterDelayedMessagesRead
         );
-        (bytes32 beforeAcc, bytes32 delayedAcc, bytes32 afterAcc) = addSequencerL2BatchImpl(
-            dataHash,
-            afterDelayedMessagesRead
-        );
+        // we set the calldata length posted to 0 here since the caller isn't the origin
+        // of the tx, so they might have not paid tx input cost for the calldata
+        (
+            uint256 seqMessageIndex,
+            bytes32 beforeAcc,
+            bytes32 delayedAcc,
+            bytes32 afterAcc
+        ) = addSequencerL2BatchImpl(dataHash, afterDelayedMessagesRead, 0);
+        if (seqMessageIndex != sequenceNumber)
+            revert BadSequencerNumber(seqMessageIndex, sequenceNumber);
         emit SequencerBatchDelivered(
             sequenceNumber,
             beforeAcc,
@@ -181,6 +220,22 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         emit SequencerBatchData(sequenceNumber, data);
     }
 
+    modifier validateBatchData(bytes calldata data) {
+        uint256 fullDataLen = HEADER_LENGTH + data.length;
+        if (fullDataLen > MAX_DATA_SIZE) revert DataTooLarge(fullDataLen, MAX_DATA_SIZE);
+        if (data.length > 0 && (data[0] & DATA_AUTHENTICATED_FLAG) == DATA_AUTHENTICATED_FLAG) {
+            revert DataNotAuthenticated();
+        }
+        // the first byte is used to identify the type of batch data
+        // das batches expect to have the type byte set, followed by the keyset (so they should have at least 33 bytes)
+        if (data.length >= 33 && data[0] & 0x80 != 0) {
+            // we skip the first byte, then read the next 32 bytes for the keyset
+            bytes32 dasKeysetHash = bytes32(data[1:33]);
+            if (!dasKeySetInfo[dasKeysetHash].isValidKeyset) revert NoSuchKeyset(dasKeysetHash);
+        }
+        _;
+    }
+
     function packHeader(uint256 afterDelayedMessagesRead)
         internal
         view
@@ -202,25 +257,12 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     function formDataHash(bytes calldata data, uint256 afterDelayedMessagesRead)
         internal
         view
+        validateBatchData(data)
         returns (bytes32, TimeBounds memory)
     {
-        uint256 fullDataLen = HEADER_LENGTH + data.length;
-        if (fullDataLen < HEADER_LENGTH) revert DataLengthOverflow();
-        if (fullDataLen > MAX_DATA_SIZE) revert DataTooLarge(fullDataLen, MAX_DATA_SIZE);
-        bytes memory fullData = new bytes(fullDataLen);
         (bytes memory header, TimeBounds memory timeBounds) = packHeader(afterDelayedMessagesRead);
-
-        for (uint256 i = 0; i < HEADER_LENGTH; i++) {
-            fullData[i] = header[i];
-        }
-        if (data.length > 0 && (data[0] & DATA_AUTHENTICATED_FLAG) == DATA_AUTHENTICATED_FLAG) {
-            revert DataNotAuthenticated();
-        }
-        // copy data into fullData at offset of HEADER_LENGTH (the extra 32 offset is because solidity puts the array len first)
-        assembly {
-            calldatacopy(add(fullData, add(HEADER_LENGTH, 32)), data.offset, data.length)
-        }
-        return (keccak256(fullData), timeBounds);
+        bytes32 dataHash = keccak256(bytes.concat(header, data));
+        return (dataHash, timeBounds);
     }
 
     function formEmptyDataHash(uint256 afterDelayedMessagesRead)
@@ -232,43 +274,120 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         return (keccak256(header), timeBounds);
     }
 
-    function addSequencerL2BatchImpl(bytes32 dataHash, uint256 afterDelayedMessagesRead)
+    function addSequencerL2BatchImpl(
+        bytes32 dataHash,
+        uint256 afterDelayedMessagesRead,
+        uint256 calldataLengthPosted
+    )
         internal
         returns (
+            uint256 seqMessageIndex,
             bytes32 beforeAcc,
             bytes32 delayedAcc,
             bytes32 acc
         )
     {
         if (afterDelayedMessagesRead < totalDelayedMessagesRead) revert DelayedBackwards();
-        if (afterDelayedMessagesRead > delayedBridge.messageCount()) revert DelayedTooFar();
+        if (afterDelayedMessagesRead > bridge.delayedMessageCount()) revert DelayedTooFar();
 
-        if (inboxAccs.length > 0) {
-            beforeAcc = inboxAccs[inboxAccs.length - 1];
-        }
-        if (afterDelayedMessagesRead > 0) {
-            delayedAcc = delayedBridge.inboxAccs(afterDelayedMessagesRead - 1);
-        }
+        (seqMessageIndex, beforeAcc, delayedAcc, acc) = bridge.enqueueSequencerMessage(
+            dataHash,
+            afterDelayedMessagesRead
+        );
 
-        acc = keccak256(abi.encodePacked(beforeAcc, dataHash, delayedAcc));
-        inboxAccs.push(acc);
         totalDelayedMessagesRead = afterDelayedMessagesRead;
+
+        if (calldataLengthPosted > 0) {
+            // this msg isn't included in the current sequencer batch, but instead added to
+            // the delayed messages queue that is yet to be included
+            address batchPoster = msg.sender;
+            bytes memory spendingReportMsg = abi.encodePacked(
+                block.timestamp,
+                batchPoster,
+                dataHash,
+                seqMessageIndex,
+                block.basefee
+            );
+            uint256 msgNum = bridge.submitBatchSpendingReport(
+                batchPoster,
+                keccak256(spendingReportMsg)
+            );
+            // this is the same event used by Inbox.sol after including a message to the delayed message accumulator
+            emit InboxMessageDelivered(msgNum, spendingReportMsg);
+        }
+    }
+
+    function inboxAccs(uint256 index) external view override returns (bytes32) {
+        return bridge.sequencerInboxAccs(index);
     }
 
     function batchCount() external view override returns (uint256) {
-        return inboxAccs.length;
+        return bridge.sequencerMessageCount();
     }
 
+    /**
+     * @notice Set max delay for sequencer inbox
+     * @param maxTimeVariation_ the maximum time variation parameters
+     */
     function setMaxTimeVariation(ISequencerInbox.MaxTimeVariation memory maxTimeVariation_)
         external
         override
+        onlyRollupOwner
     {
-        if (msg.sender != rollup) revert NotRollup(msg.sender, rollup);
         maxTimeVariation = maxTimeVariation_;
+        emit OwnerFunctionCalled(0);
     }
 
-    function setIsBatchPoster(address addr, bool isBatchPoster_) external override {
-        if (msg.sender != rollup) revert NotRollup(msg.sender, rollup);
+    /**
+     * @notice Updates whether an address is authorized to be a batch poster at the sequencer inbox
+     * @param addr the address
+     * @param isBatchPoster_ if the specified address should be authorized as a batch poster
+     */
+    function setIsBatchPoster(address addr, bool isBatchPoster_) external override onlyRollupOwner {
         isBatchPoster[addr] = isBatchPoster_;
+        emit OwnerFunctionCalled(1);
+    }
+
+    /**
+     * @notice Makes Data Availability Service keyset valid
+     * @param keysetBytes bytes of the serialized keyset
+     */
+    function setValidKeyset(bytes calldata keysetBytes) external override onlyRollupOwner {
+        uint256 ksWord = uint256(keccak256(bytes.concat(hex"fe", keccak256(keysetBytes))));
+        bytes32 ksHash = bytes32(ksWord ^ (1 << 255));
+        require(keysetBytes.length < 64 * 1024, "keyset is too large");
+
+        if (dasKeySetInfo[ksHash].isValidKeyset) revert AlreadyValidDASKeyset(ksHash);
+        dasKeySetInfo[ksHash] = DasKeySetInfo({
+            isValidKeyset: true,
+            creationBlock: uint64(block.number)
+        });
+        emit SetValidKeyset(ksHash, keysetBytes);
+        emit OwnerFunctionCalled(2);
+    }
+
+    /**
+     * @notice Invalidates a Data Availability Service keyset
+     * @param ksHash hash of the keyset
+     */
+    function invalidateKeysetHash(bytes32 ksHash) external override onlyRollupOwner {
+        if (!dasKeySetInfo[ksHash].isValidKeyset) revert NoSuchKeyset(ksHash);
+        // we don't delete the block creation value since its used to fetch the SetValidKeyset
+        // event efficiently. The event provides the hash preimage of the key.
+        // this is still needed when syncing the chain after a keyset is invalidated.
+        dasKeySetInfo[ksHash].isValidKeyset = false;
+        emit InvalidateKeyset(ksHash);
+        emit OwnerFunctionCalled(3);
+    }
+
+    function isValidKeysetHash(bytes32 ksHash) external view returns (bool) {
+        return dasKeySetInfo[ksHash].isValidKeyset;
+    }
+
+    /// @notice the creation block is intended to still be available after a keyset is deleted
+    function getKeysetCreationBlock(bytes32 ksHash) external view returns (uint256) {
+        DasKeySetInfo memory ksInfo = dasKeySetInfo[ksHash];
+        if (ksInfo.creationBlock == 0) revert NoSuchKeyset(ksHash);
+        return uint256(ksInfo.creationBlock);
     }
 }

package/src/challenge/ChallengeLib.sol

@@ -61,14 +61,12 @@ library ChallengeLib {
         ValueArray memory valuesArray = ValueArray({inner: startingValues});
         ValueStack memory values = ValueStack({proved: valuesArray, remainingHash: 0});
         ValueStack memory internalStack;
-        PcStack memory blocks;
         StackFrameWindow memory frameStack;
 
         Machine memory mach = Machine({
             status: MachineStatus.RUNNING,
             valueStack: values,
             internalStack: internalStack,
-            blockStack: blocks,
             frameStack: frameStack,
             globalStateHash: globalStateHash,
             moduleIdx: 0,

package/src/challenge/ChallengeManager.sol

@@ -33,7 +33,7 @@ contract ChallengeManager is DelegateCallAware, IChallengeManager {
     IChallengeResultReceiver public resultReceiver;
 
     ISequencerInbox public sequencerInbox;
-    IBridge public delayedBridge;
+    IBridge public bridge;
     IOneStepProofEntry public osp;
 
     function challengeInfo(uint64 challengeIndex)
@@ -99,14 +99,14 @@ contract ChallengeManager is DelegateCallAware, IChallengeManager {
     function initialize(
         IChallengeResultReceiver resultReceiver_,
         ISequencerInbox sequencerInbox_,
-        IBridge delayedBridge_,
+        IBridge bridge_,
         IOneStepProofEntry osp_
     ) external override onlyDelegated {
         require(address(resultReceiver) == address(0), "ALREADY_INIT");
         require(address(resultReceiver_) != address(0), "NO_RESULT_RECEIVER");
         resultReceiver = resultReceiver_;
         sequencerInbox = sequencerInbox_;
-        delayedBridge = delayedBridge_;
+        bridge = bridge_;
         osp = osp_;
     }
 
@@ -254,11 +254,7 @@ contract ChallengeManager is DelegateCallAware, IChallengeManager {
         }
 
         bytes32 afterHash = osp.proveOneStep(
-            ExecutionContext({
-                maxInboxMessagesRead: challenge.maxInboxMessages,
-                sequencerInbox: sequencerInbox,
-                delayedBridge: delayedBridge
-            }),
+            ExecutionContext({maxInboxMessagesRead: challenge.maxInboxMessages, bridge: bridge}),
             challengeStart,
             selection.oldSegments[selection.challengePosition],
             proof

package/src/challenge/IChallengeManager.sol

@@ -43,7 +43,7 @@ interface IChallengeManager {
     function initialize(
         IChallengeResultReceiver resultReceiver_,
         ISequencerInbox sequencerInbox_,
-        IBridge delayedBridge_,
+        IBridge bridge_,
         IOneStepProofEntry osp_
     ) external;
 

package/src/libraries/Error.sol

@@ -36,3 +36,116 @@ error NotContract(address addr);
 /// @param actualLength The length of the merkle proof provided
 /// @param maxProofLength The max length a merkle proof can have
 error MerkleProofTooLong(uint256 actualLength, uint256 maxProofLength);
+
+/// @dev Thrown when an un-authorized address tries to access an admin function
+/// @param sender The un-authorized sender
+/// @param rollup The rollup, which would be authorized
+/// @param owner The rollup's owner, which would be authorized
+error NotRollupOrOwner(address sender, address rollup, address owner);
+
+// Bridge Errors
+
+/// @dev Thrown when an un-authorized address tries to access an only-inbox function
+/// @param sender The un-authorized sender
+error NotDelayedInbox(address sender);
+
+/// @dev Thrown when an un-authorized address tries to access an only-sequencer-inbox function
+/// @param sender The un-authorized sender
+error NotSequencerInbox(address sender);
+
+/// @dev Thrown when an un-authorized address tries to access an only-outbox function
+/// @param sender The un-authorized sender
+error NotOutbox(address sender);
+
+/// @dev the provided outbox address isn't valid
+/// @param outbox address of outbox being set
+error InvalidOutboxSet(address outbox);
+
+// Inbox Errors
+
+/// @dev The contract is paused, so cannot be paused
+error AlreadyPaused();
+
+/// @dev The contract is unpaused, so cannot be unpaused
+error AlreadyUnpaused();
+
+/// @dev The contract is paused
+error Paused();
+
+/// @dev msg.value sent to the inbox isn't high enough
+error InsufficientValue(uint256 expected, uint256 actual);
+
+/// @dev submission cost provided isn't enough to create retryable ticket
+error InsufficientSubmissionCost(uint256 expected, uint256 actual);
+
+/// @dev address not allowed to interact with the given contract
+error NotAllowedOrigin(address origin);
+
+/// @dev used to convey retryable tx data in eth calls without requiring a tx trace
+/// this follows a pattern similar to EIP-3668 where reverts surface call information
+error RetryableData(
+    address from,
+    address to,
+    uint256 l2CallValue,
+    uint256 deposit,
+    uint256 maxSubmissionCost,
+    address excessFeeRefundAddress,
+    address callValueRefundAddress,
+    uint256 gasLimit,
+    uint256 maxFeePerGas,
+    bytes data
+);
+
+// Outbox Errors
+
+/// @dev The provided proof was too long
+/// @param proofLength The length of the too-long proof
+error ProofTooLong(uint256 proofLength);
+
+/// @dev The output index was greater than the maximum
+/// @param index The output index
+/// @param maxIndex The max the index could be
+error PathNotMinimal(uint256 index, uint256 maxIndex);
+
+/// @dev The calculated root does not exist
+/// @param root The calculated root
+error UnknownRoot(bytes32 root);
+
+/// @dev The record has already been spent
+/// @param index The index of the spent record
+error AlreadySpent(uint256 index);
+
+/// @dev A call to the bridge failed with no return data
+error BridgeCallFailed();
+
+// Sequencer Inbox Errors
+
+/// @dev Thrown when someone attempts to read fewer messages than have already been read
+error DelayedBackwards();
+
+/// @dev Thrown when someone attempts to read more messages than exist
+error DelayedTooFar();
+
+/// @dev Force include can only read messages more blocks old than the delay period
+error ForceIncludeBlockTooSoon();
+
+/// @dev Force include can only read messages more seconds old than the delay period
+error ForceIncludeTimeTooSoon();
+
+/// @dev The message provided did not match the hash in the delayed inbox
+error IncorrectMessagePreimage();
+
+/// @dev This can only be called by the batch poster
+error NotBatchPoster();
+
+/// @dev The sequence number provided to this message was inconsistent with the number of batches already included
+error BadSequencerNumber(uint256 stored, uint256 received);
+
+/// @dev The batch data has the inbox authenticated bit set, but the batch data was not authenticated by the inbox
+error DataNotAuthenticated();
+
+/// @dev Tried to create an already valid Data Availability Service keyset
+error AlreadyValidDASKeyset(bytes32);
+
+/// @dev Tried to use or invalidate an already invalid Data Availability Service keyset
+error NoSuchKeyset(bytes32);

package/src/libraries/IGasRefunder.sol

@@ -2,7 +2,8 @@
 // For license information, see https://github.com/nitro/blob/master/LICENSE
 // SPDX-License-Identifier: BUSL-1.1
 
-pragma solidity >=0.6.11 <0.9.0;
+// solhint-disable-next-line compiler-version
+pragma solidity >=0.6.9 <0.9.0;
 
 interface IGasRefunder {
     function onGasSpent(
@@ -13,23 +14,23 @@ interface IGasRefunder {
 }
 
 abstract contract GasRefundEnabled {
-    modifier refundsGasWithCalldata(IGasRefunder gasRefunder, address payable spender) {
+    /// @dev this refunds the sender for execution costs of the tx
+    /// calldata costs are only refunded if `msg.sender == tx.origin` to guarantee the value refunded relates to charging
+    /// for the `tx.input`. this avoids a possible attack where you generate large calldata from a contract and get over-refunded
+    modifier refundsGas(IGasRefunder gasRefunder) {
         uint256 startGasLeft = gasleft();
         _;
         if (address(gasRefunder) != address(0)) {
-            uint256 calldataSize;
-            assembly {
-                calldataSize := calldatasize()
+            uint256 calldataSize = 0;
+            // if triggered in a contract call, the spender may be overrefunded by appending dummy data to the call
+            // so we check if it is a top level call, which would mean the sender paid calldata as part of tx.input
+            // solhint-disable-next-line avoid-tx-origin
+            if (msg.sender == tx.origin) {
+                assembly {
+                    calldataSize := calldatasize()
+                }
             }
-            gasRefunder.onGasSpent(spender, startGasLeft - gasleft(), calldataSize);
-        }
-    }
-
-    modifier refundsGasNoCalldata(IGasRefunder gasRefunder, address payable spender) {
-        uint256 startGasLeft = gasleft();
-        _;
-        if (address(gasRefunder) != address(0)) {
-            gasRefunder.onGasSpent(spender, startGasLeft - gasleft(), 0);
+            gasRefunder.onGasSpent(payable(msg.sender), startGasLeft - gasleft(), calldataSize);
         }
     }
 }

package/src/libraries/MerkleLib.sol

@@ -34,10 +34,19 @@ library MerkleLib {
         if (proofItems > 256) revert MerkleProofTooLong(proofItems, 256);
         bytes32 h = item;
         for (uint256 i = 0; i < proofItems; i++) {
+            bytes32 node = nodes[i];
             if (route % 2 == 0) {
-                h = keccak256(abi.encodePacked(h, nodes[i]));
+                assembly {
+                    mstore(0x00, h)
+                    mstore(0x20, node)
+                    h := keccak256(0x00, 0x40)
+                }
             } else {
-                h = keccak256(abi.encodePacked(nodes[i], h));
+                assembly {
+                    mstore(0x00, node)
+                    mstore(0x20, h)
+                    h := keccak256(0x00, 0x40)
+                }
             }
             route /= 2;
         }

package/src/libraries/MessageTypes.sol

@@ -8,6 +8,7 @@ uint8 constant L2_MSG = 3;
 uint8 constant L1MessageType_L2FundedByL1 = 7;
 uint8 constant L1MessageType_submitRetryableTx = 9;
 uint8 constant L1MessageType_ethDeposit = 12;
+uint8 constant L1MessageType_batchPostingReport = 13;
 uint8 constant L2MessageType_unsignedEOATx = 0;
 uint8 constant L2MessageType_unsignedContractTx = 1;