@arbitrum/nitro-contracts 1.0.0-beta.7 → 1.0.0

package/src/bridge/Inbox.sol

@@ -4,6 +4,22 @@
 
 pragma solidity ^0.8.4;
 
+import {
+    AlreadyInit,
+    NotOrigin,
+    DataTooLarge,
+    AlreadyPaused,
+    AlreadyUnpaused,
+    Paused,
+    InsufficientValue,
+    InsufficientSubmissionCost,
+    NotAllowedOrigin,
+    RetryableData,
+    NotRollupOrOwner,
+    L1Forked,
+    NotForked,
+    GasLimitTooLarge
+} from "../libraries/Error.sol";
 import "./IInbox.sol";
 import "./ISequencerInbox.sol";
 import "./IBridge.sol";
@@ -20,6 +36,7 @@ import {
     L2MessageType_unsignedContractTx
 } from "../libraries/MessageTypes.sol";
 import {MAX_DATA_SIZE} from "../libraries/Constants.sol";
+import "../precompiles/ArbSys.sol";
 
 import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
 import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
@@ -30,7 +47,7 @@ import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol";
  * to await inclusion in the SequencerInbox
  */
 contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
-    IBridge public override bridge;
+    IBridge public bridge;
     ISequencerInbox public sequencerInbox;
 
     /// ------------------------------------ allow list start ------------------------------------ ///
@@ -79,12 +96,18 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         _;
     }
 
-    /// @notice pauses all inbox functionality
+    uint256 internal immutable deployTimeChainId = block.chainid;
+
+    function _chainIdChanged() internal view returns (bool) {
+        return deployTimeChainId != block.chainid;
+    }
+
+    /// @inheritdoc IInbox
     function pause() external onlyRollupOrOwner {
         _pause();
     }
 
-    /// @notice unpauses all inbox functionality
+    /// @inheritdoc IInbox
     function unpause() external onlyRollupOrOwner {
         _unpause();
     }
@@ -94,37 +117,23 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         initializer
         onlyDelegated
     {
-        if (address(bridge) != address(0)) revert AlreadyInit();
         bridge = _bridge;
         sequencerInbox = _sequencerInbox;
         allowListEnabled = false;
         __Pausable_init();
     }
 
-    /// @dev function to be called one time during the inbox upgrade process
-    /// this is used to fix the storage slots
-    function postUpgradeInit(IBridge _bridge) external onlyDelegated onlyProxyOwner {
-        uint8 slotsToWipe = 3;
-        for (uint8 i = 0; i < slotsToWipe; i++) {
-            assembly {
-                sstore(i, 0)
-            }
-        }
-        allowListEnabled = false;
-        bridge = _bridge;
-    }
+    /// @inheritdoc IInbox
+    function postUpgradeInit(IBridge) external onlyDelegated onlyProxyOwner {}
 
-    /**
-     * @notice Send a generic L2 message to the chain
-     * @dev This method is an optimization to avoid having to emit the entirety of the messageData in a log. Instead validators are expected to be able to parse the data from the transaction's input
-     * @param messageData Data of the message being sent
-     */
+    /// @inheritdoc IInbox
     function sendL2MessageFromOrigin(bytes calldata messageData)
         external
         whenNotPaused
         onlyAllowed
         returns (uint256)
     {
+        if (_chainIdChanged()) revert L1Forked();
         // solhint-disable-next-line avoid-tx-origin
         if (msg.sender != tx.origin) revert NotOrigin();
         if (messageData.length > MAX_DATA_SIZE)
@@ -134,18 +143,14 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         return msgNum;
     }
 
-    /**
-     * @notice Send a generic L2 message to the chain
-     * @dev This method can be used to send any type of message that doesn't require L1 validation
-     * @param messageData Data of the message being sent
-     */
+    /// @inheritdoc IInbox
     function sendL2Message(bytes calldata messageData)
         external
-        override
         whenNotPaused
         onlyAllowed
         returns (uint256)
     {
+        if (_chainIdChanged()) revert L1Forked();
         return _deliverMessage(L2_MSG, msg.sender, messageData);
     }
 
@@ -155,7 +160,11 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         uint256 nonce,
         address to,
         bytes calldata data
-    ) external payable virtual override whenNotPaused onlyAllowed returns (uint256) {
+    ) external payable whenNotPaused onlyAllowed returns (uint256) {
+        // arbos will discard unsigned tx with gas limit too large
+        if (gasLimit > type(uint64).max) {
+            revert GasLimitTooLarge();
+        }
         return
             _deliverMessage(
                 L1MessageType_L2FundedByL1,
@@ -177,7 +186,11 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         uint256 maxFeePerGas,
         address to,
         bytes calldata data
-    ) external payable virtual override whenNotPaused onlyAllowed returns (uint256) {
+    ) external payable whenNotPaused onlyAllowed returns (uint256) {
+        // arbos will discard unsigned tx with gas limit too large
+        if (gasLimit > type(uint64).max) {
+            revert GasLimitTooLarge();
+        }
         return
             _deliverMessage(
                 L1MessageType_L2FundedByL1,
@@ -200,7 +213,11 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         address to,
         uint256 value,
         bytes calldata data
-    ) external virtual override whenNotPaused onlyAllowed returns (uint256) {
+    ) external whenNotPaused onlyAllowed returns (uint256) {
+        // arbos will discard unsigned tx with gas limit too large
+        if (gasLimit > type(uint64).max) {
+            revert GasLimitTooLarge();
+        }
         return
             _deliverMessage(
                 L2_MSG,
@@ -223,7 +240,11 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         address to,
         uint256 value,
         bytes calldata data
-    ) external virtual override whenNotPaused onlyAllowed returns (uint256) {
+    ) external whenNotPaused onlyAllowed returns (uint256) {
+        // arbos will discard unsigned tx with gas limit too large
+        if (gasLimit > type(uint64).max) {
+            revert GasLimitTooLarge();
+        }
         return
             _deliverMessage(
                 L2_MSG,
@@ -239,35 +260,120 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
             );
     }
 
-    /**
-     * @notice Get the L1 fee for submitting a retryable
-     * @dev This fee can be paid by funds already in the L2 aliased address or by the current message value
-     * @dev This formula may change in the future, to future proof your code query this method instead of inlining!!
-     * @param dataLength The length of the retryable's calldata, in bytes
-     * @param baseFee The block basefee when the retryable is included in the chain
-     */
+    /// @inheritdoc IInbox
+    function sendL1FundedUnsignedTransactionToFork(
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        uint256 nonce,
+        address to,
+        bytes calldata data
+    ) external payable whenNotPaused onlyAllowed returns (uint256) {
+        if (!_chainIdChanged()) revert NotForked();
+        // solhint-disable-next-line avoid-tx-origin
+        if (msg.sender != tx.origin) revert NotOrigin();
+        // arbos will discard unsigned tx with gas limit too large
+        if (gasLimit > type(uint64).max) {
+            revert GasLimitTooLarge();
+        }
+        return
+            _deliverMessage(
+                L1MessageType_L2FundedByL1,
+                // undoing sender alias here to cancel out the aliasing
+                AddressAliasHelper.undoL1ToL2Alias(msg.sender),
+                abi.encodePacked(
+                    L2MessageType_unsignedEOATx,
+                    gasLimit,
+                    maxFeePerGas,
+                    nonce,
+                    uint256(uint160(to)),
+                    msg.value,
+                    data
+                )
+            );
+    }
+
+    /// @inheritdoc IInbox
+    function sendUnsignedTransactionToFork(
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        uint256 nonce,
+        address to,
+        uint256 value,
+        bytes calldata data
+    ) external whenNotPaused onlyAllowed returns (uint256) {
+        if (!_chainIdChanged()) revert NotForked();
+        // solhint-disable-next-line avoid-tx-origin
+        if (msg.sender != tx.origin) revert NotOrigin();
+        // arbos will discard unsigned tx with gas limit too large
+        if (gasLimit > type(uint64).max) {
+            revert GasLimitTooLarge();
+        }
+        return
+            _deliverMessage(
+                L2_MSG,
+                // undoing sender alias here to cancel out the aliasing
+                AddressAliasHelper.undoL1ToL2Alias(msg.sender),
+                abi.encodePacked(
+                    L2MessageType_unsignedEOATx,
+                    gasLimit,
+                    maxFeePerGas,
+                    nonce,
+                    uint256(uint160(to)),
+                    value,
+                    data
+                )
+            );
+    }
+
+    /// @inheritdoc IInbox
+    function sendWithdrawEthToFork(
+        uint256 gasLimit,
+        uint256 maxFeePerGas,
+        uint256 nonce,
+        uint256 value,
+        address withdrawTo
+    ) external whenNotPaused onlyAllowed returns (uint256) {
+        if (!_chainIdChanged()) revert NotForked();
+        // solhint-disable-next-line avoid-tx-origin
+        if (msg.sender != tx.origin) revert NotOrigin();
+        // arbos will discard unsigned tx with gas limit too large
+        if (gasLimit > type(uint64).max) {
+            revert GasLimitTooLarge();
+        }
+        return
+            _deliverMessage(
+                L2_MSG,
+                // undoing sender alias here to cancel out the aliasing
+                AddressAliasHelper.undoL1ToL2Alias(msg.sender),
+                abi.encodePacked(
+                    L2MessageType_unsignedEOATx,
+                    gasLimit,
+                    maxFeePerGas,
+                    nonce,
+                    uint256(uint160(address(100))), // ArbSys address
+                    value,
+                    abi.encode(ArbSys.withdrawEth.selector, withdrawTo)
+                )
+            );
+    }
+
+    /// @inheritdoc IInbox
     function calculateRetryableSubmissionFee(uint256 dataLength, uint256 baseFee)
         public
-        pure
+        view
         returns (uint256)
     {
-        return (1400 + 6 * dataLength) * baseFee;
+        // Use current block basefee if baseFee parameter is 0
+        return (1400 + 6 * dataLength) * (baseFee == 0 ? block.basefee : baseFee);
     }
 
-    /// @notice deposit eth from L1 to L2
-    /// @dev this does not trigger the fallback function when receiving in the L2 side.
-    /// Look into retryable tickets if you are interested in this functionality.
-    /// @dev this function should not be called inside contract constructors
-    function depositEth() public payable override whenNotPaused onlyAllowed returns (uint256) {
+    /// @inheritdoc IInbox
+    function depositEth() public payable whenNotPaused onlyAllowed returns (uint256) {
         address dest = msg.sender;
 
         // solhint-disable-next-line avoid-tx-origin
         if (AddressUpgradeable.isContract(msg.sender) || tx.origin != msg.sender) {
             // isContract check fails if this function is called during a contract's constructor.
-            // We don't adjust the address for calls coming from L1 contracts since their addresses get remapped
-            // If the caller is an EOA, we adjust the address.
-            // This is needed because unsigned messages to the L2 (such as retryables)
-            // have the L1 sender address mapped.
             dest = AddressAliasHelper.applyL1ToL2Alias(msg.sender);
         }
 
@@ -280,15 +386,7 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
     }
 
     /// @notice deprecated in favour of depositEth with no parameters
-    function depositEth(uint256)
-        external
-        payable
-        virtual
-        override
-        whenNotPaused
-        onlyAllowed
-        returns (uint256)
-    {
+    function depositEth(uint256) external payable whenNotPaused onlyAllowed returns (uint256) {
         return depositEth();
     }
 
@@ -304,7 +402,7 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
      * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
      * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
      * @param data ABI encoded data of L2 message
-     * @return unique id for retryable transaction (keccak256(requestID, uint(0) )
+     * @return unique message number of the retryable transaction
      */
     function createRetryableTicketNoRefundAliasRewrite(
         address to,
@@ -315,7 +413,8 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         uint256 gasLimit,
         uint256 maxFeePerGas,
         bytes calldata data
-    ) external payable virtual whenNotPaused onlyAllowed returns (uint256) {
+    ) external payable whenNotPaused onlyAllowed returns (uint256) {
+        // gas limit is validated to be within uint64 in unsafeCreateRetryableTicket
         return
             unsafeCreateRetryableTicket(
                 to,
@@ -329,20 +428,7 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
             );
     }
 
-    /**
-     * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts
-     * @dev all msg.value will deposited to callValueRefundAddress on L2
-     * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error
-     * @param to destination L2 contract address
-     * @param l2CallValue call value for retryable L2 message
-     * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee
-     * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance
-     * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled
-     * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
-     * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
-     * @param data ABI encoded data of L2 message
-     * @return unique id for retryable transaction (keccak256(requestID, uint(0) )
-     */
+    /// @inheritdoc IInbox
     function createRetryableTicket(
         address to,
         uint256 l2CallValue,
@@ -352,7 +438,7 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         uint256 gasLimit,
         uint256 maxFeePerGas,
         bytes calldata data
-    ) external payable virtual override whenNotPaused onlyAllowed returns (uint256) {
+    ) external payable whenNotPaused onlyAllowed returns (uint256) {
         // ensure the user's deposit alone will make submission succeed
         if (msg.value < (maxSubmissionCost + l2CallValue + gasLimit * maxFeePerGas)) {
             revert InsufficientValue(
@@ -372,8 +458,9 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
             callValueRefundAddress = AddressAliasHelper.applyL1ToL2Alias(callValueRefundAddress);
         }
 
+        // gas limit is validated to be within uint64 in unsafeCreateRetryableTicket
         return
-            unsafeCreateRetryableTicketInternal(
+            unsafeCreateRetryableTicket(
                 to,
                 l2CallValue,
                 maxSubmissionCost,
@@ -385,24 +472,8 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
             );
     }
 
-    /**
-     * @notice Put a message in the L2 inbox that can be reexecuted for some fixed amount of time if it reverts
-     * @dev Same as createRetryableTicket, but does not guarantee that submission will succeed by requiring the needed funds
-     * come from the deposit alone, rather than falling back on the user's L2 balance
-     * @dev Advanced usage only (does not rewrite aliases for excessFeeRefundAddress and callValueRefundAddress).
-     * createRetryableTicket method is the recommended standard.
-     * @dev Gas limit and maxFeePerGas should not be set to 1 as that is used to trigger the RetryableData error
-     * @param to destination L2 contract address
-     * @param l2CallValue call value for retryable L2 message
-     * @param maxSubmissionCost Max gas deducted from user's L2 balance to cover base submission fee
-     * @param excessFeeRefundAddress gasLimit x maxFeePerGas - execution cost gets credited here on L2 balance
-     * @param callValueRefundAddress l2Callvalue gets credited here on L2 if retryable txn times out or gets cancelled
-     * @param gasLimit Max gas deducted from user's L2 balance to cover L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
-     * @param maxFeePerGas price bid for L2 execution. Should not be set to 1 (magic value used to trigger the RetryableData error)
-     * @param data ABI encoded data of L2 message
-     * @return unique id for retryable transaction (keccak256(requestID, uint(0) )
-     */
-    function unsafeCreateRetryableTicketInternal(
+    /// @inheritdoc IInbox
+    function unsafeCreateRetryableTicket(
         address to,
         uint256 l2CallValue,
         uint256 maxSubmissionCost,
@@ -411,7 +482,7 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
         uint256 gasLimit,
         uint256 maxFeePerGas,
         bytes calldata data
-    ) internal virtual whenNotPaused onlyAllowed returns (uint256) {
+    ) public payable whenNotPaused onlyAllowed returns (uint256) {
         // gas price and limit of 1 should never be a valid input, so instead they are used as
         // magic values to trigger a revert in eth calls that surface data without requiring a tx trace
         if (gasLimit == 1 || maxFeePerGas == 1)
@@ -428,6 +499,11 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
                 data
             );
 
+        // arbos will discard retryable with gas limit too large
+        if (gasLimit > type(uint64).max) {
+            revert GasLimitTooLarge();
+        }
+
         uint256 submissionFee = calculateRetryableSubmissionFee(data.length, block.basefee);
         if (maxSubmissionCost < submissionFee)
             revert InsufficientSubmissionCost(submissionFee, maxSubmissionCost);
@@ -451,19 +527,6 @@ contract Inbox is DelegateCallAware, PausableUpgradeable, IInbox {
             );
     }
 
-    function unsafeCreateRetryableTicket(
-        address,
-        uint256,
-        uint256,
-        address,
-        address,
-        uint256,
-        uint256,
-        bytes calldata
-    ) public payable override returns (uint256) {
-        revert("UNSAFE_RETRYABLES_TEMPORARILY_DISABLED");
-    }
-
     function _deliverMessage(
         uint8 _kind,
         address _sender,

package/src/bridge/Outbox.sol

@@ -4,6 +4,16 @@
 
 pragma solidity ^0.8.4;
 
+import {
+    AlreadyInit,
+    NotRollup,
+    ProofTooLong,
+    PathNotMinimal,
+    UnknownRoot,
+    AlreadySpent,
+    BridgeCallFailed,
+    HadZeroInit
+} from "../libraries/Error.sol";
 import "./IBridge.sol";
 import "./IOutbox.sol";
 import "../libraries/MerkleLib.sol";
@@ -42,6 +52,7 @@ contract Outbox is DelegateCallAware, IOutbox {
     uint128 public constant OUTBOX_VERSION = 2;
 
     function initialize(IBridge _bridge) external onlyDelegated {
+        if (address(_bridge) == address(0)) revert HadZeroInit();
         if (address(bridge) != address(0)) revert AlreadyInit();
         // address zero is returned if no context is set, but the values used in storage
         // are non-zero to save users some gas (as storage refunds are usually maxed out)
@@ -57,43 +68,38 @@ contract Outbox is DelegateCallAware, IOutbox {
         rollup = address(_bridge.rollup());
     }
 
-    function updateSendRoot(bytes32 root, bytes32 l2BlockHash) external override {
+    function updateSendRoot(bytes32 root, bytes32 l2BlockHash) external {
         if (msg.sender != rollup) revert NotRollup(msg.sender, rollup);
         roots[root] = l2BlockHash;
         emit SendRootUpdated(root, l2BlockHash);
     }
 
-    /// @notice When l2ToL1Sender returns a nonzero address, the message was originated by an L2 account
-    /// When the return value is zero, that means this is a system message
-    /// @dev the l2ToL1Sender behaves as the tx.origin, the msg.sender should be validated to protect against reentrancies
-    function l2ToL1Sender() external view override returns (address) {
+    /// @inheritdoc IOutbox
+    function l2ToL1Sender() external view returns (address) {
         address sender = context.sender;
         // we don't return the default context value to avoid a breaking change in the API
         if (sender == SENDER_DEFAULT_CONTEXT) return address(0);
         return sender;
     }
 
-    /// @return l2Block return L2 block when the L2 tx was initiated or zero
-    /// if no L2 to L1 transaction is active
-    function l2ToL1Block() external view override returns (uint256) {
+    /// @inheritdoc IOutbox
+    function l2ToL1Block() external view returns (uint256) {
         uint128 l2Block = context.l2Block;
         // we don't return the default context value to avoid a breaking change in the API
         if (l2Block == L1BLOCK_DEFAULT_CONTEXT) return uint256(0);
         return uint256(l2Block);
     }
 
-    /// @return l1Block return L1 block when the L2 tx was initiated or zero
-    /// if no L2 to L1 transaction is active
-    function l2ToL1EthBlock() external view override returns (uint256) {
+    /// @inheritdoc IOutbox
+    function l2ToL1EthBlock() external view returns (uint256) {
         uint128 l1Block = context.l1Block;
         // we don't return the default context value to avoid a breaking change in the API
         if (l1Block == L1BLOCK_DEFAULT_CONTEXT) return uint256(0);
         return uint256(l1Block);
     }
 
-    /// @return timestamp return L2 timestamp when the L2 tx was initiated or zero
-    /// if no L2 to L1 transaction is active
-    function l2ToL1Timestamp() external view override returns (uint256) {
+    /// @inheritdoc IOutbox
+    function l2ToL1Timestamp() external view returns (uint256) {
         uint128 timestamp = context.timestamp;
         // we don't return the default context value to avoid a breaking change in the API
         if (timestamp == TIMESTAMP_DEFAULT_CONTEXT) return uint256(0);
@@ -101,33 +107,19 @@ contract Outbox is DelegateCallAware, IOutbox {
     }
 
     /// @notice batch number is deprecated and now always returns 0
-    function l2ToL1BatchNum() external pure override returns (uint256) {
+    function l2ToL1BatchNum() external pure returns (uint256) {
         return 0;
     }
 
-    /// @return outputId returns the unique output identifier of the L2 to L1 tx or
-    /// zero if no L2 to L1 transaction is active
-    function l2ToL1OutputId() external view override returns (bytes32) {
+    /// @inheritdoc IOutbox
+    function l2ToL1OutputId() external view returns (bytes32) {
         bytes32 outputId = context.outputId;
         // we don't return the default context value to avoid a breaking change in the API
         if (outputId == OUTPUTID_DEFAULT_CONTEXT) return bytes32(0);
         return outputId;
     }
 
-    /**
-     * @notice Executes a messages in an Outbox entry.
-     * @dev Reverts if dispute period hasn't expired, since the outbox entry
-     * is only created once the rollup confirms the respective assertion.
-     * @param proof Merkle proof of message inclusion in send root
-     * @param index Merkle path to message
-     * @param l2Sender sender if original message (i.e., caller of ArbSys.sendTxToL1)
-     * @param to destination address for L1 contract call
-     * @param l2Block l2 block number at which sendTxToL1 call was made
-     * @param l1Block l1 block number at which sendTxToL1 call was made
-     * @param l2Timestamp l2 Timestamp at which sendTxToL1 call was made
-     * @param value wei in L1 message
-     * @param data abi-encoded L1 message data
-     */
+    /// @inheritdoc IOutbox
     function executeTransaction(
         bytes32[] calldata proof,
         uint256 index,
@@ -154,15 +146,7 @@ contract Outbox is DelegateCallAware, IOutbox {
         executeTransactionImpl(index, l2Sender, to, l2Block, l1Block, l2Timestamp, value, data);
     }
 
-    /// @dev function used to simulate the result of a particular function call from the outbox
-    /// it is useful for things such as gas estimates. This function includes all costs except for
-    /// proof validation (which can be considered offchain as a somewhat of a fixed cost - it's
-    /// not really a fixed cost, but can be treated as so with a fixed overhead for gas estimation).
-    /// We can't include the cost of proof validation since this is intended to be used to simulate txs
-    /// that are included in yet-to-be confirmed merkle roots. The simulation entrypoint could instead pretend
-    /// to confirm a pending merkle root, but that would be less pratical for integrating with tooling.
-    /// It is only possible to trigger it when the msg sender is address zero, which should be impossible
-    /// unless under simulation in an eth_call or eth_estimateGas
+    /// @inheritdoc IOutbox
     function executeTransactionSimulation(
         uint256 index,
         address l2Sender,
@@ -226,6 +210,7 @@ contract Outbox is DelegateCallAware, IOutbox {
         return ((replay >> bitOffset) & bytes32(uint256(1))) != bytes32(0);
     }
 
+    /// @inheritdoc IOutbox
     function isSpent(uint256 index) external view returns (bool) {
         (, uint256 bitOffset, bytes32 replay) = _calcSpentIndexOffset(index);
         return _isSpent(bitOffset, replay);