@arbitrum/nitro-contracts 1.0.0-beta.7 → 1.0.0

package/src/bridge/SequencerInbox.sol

@@ -4,6 +4,24 @@
 
 pragma solidity ^0.8.0;
 
+import {
+    AlreadyInit,
+    HadZeroInit,
+    NotOrigin,
+    DataTooLarge,
+    NotRollup,
+    DelayedBackwards,
+    DelayedTooFar,
+    ForceIncludeBlockTooSoon,
+    ForceIncludeTimeTooSoon,
+    IncorrectMessagePreimage,
+    NotBatchPoster,
+    BadSequencerNumber,
+    DataNotAuthenticated,
+    AlreadyValidDASKeyset,
+    NoSuchKeyset,
+    NotForked
+} from "../libraries/Error.sol";
 import "./IBridge.sol";
 import "./IInbox.sol";
 import "./ISequencerInbox.sol";
@@ -27,20 +45,16 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
 
     IBridge public bridge;
 
-    /// @dev The size of the batch header
+    /// @inheritdoc ISequencerInbox
     uint256 public constant HEADER_LENGTH = 40;
-    /// @dev If the first batch data byte after the header has this bit set,
-    /// the sequencer inbox has authenticated the data. Currently not used.
+
+    /// @inheritdoc ISequencerInbox
     bytes1 public constant DATA_AUTHENTICATED_FLAG = 0x40;
 
     IOwnable public rollup;
     mapping(address => bool) public isBatchPoster;
     ISequencerInbox.MaxTimeVariation public maxTimeVariation;
 
-    struct DasKeySetInfo {
-        bool isValidKeyset;
-        uint64 creationBlock;
-    }
     mapping(bytes32 => DasKeySetInfo) public dasKeySetInfo;
 
     modifier onlyRollupOwner() {
@@ -48,6 +62,12 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         _;
     }
 
+    uint256 internal immutable deployTimeChainId = block.chainid;
+
+    function _chainIdChanged() internal view returns (bool) {
+        return deployTimeChainId != block.chainid;
+    }
+
     function initialize(
         IBridge bridge_,
         ISequencerInbox.MaxTimeVariation calldata maxTimeVariation_
@@ -72,17 +92,18 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         return bounds;
     }
 
-    /// @notice Force messages from the delayed inbox to be included in the chain
-    /// Callable by any address, but message can only be force-included after maxTimeVariation.delayBlocks and maxTimeVariation.delaySeconds
-    /// has elapsed. As part of normal behaviour the sequencer will include these messages
-    /// so it's only necessary to call this if the sequencer is down, or not including
-    /// any delayed messages.
-    /// @param _totalDelayedMessagesRead The total number of messages to read up to
-    /// @param kind The kind of the last message to be included
-    /// @param l1BlockAndTime The l1 block and the l1 timestamp of the last message to be included
-    /// @param baseFeeL1 The l1 gas price of the last message to be included
-    /// @param sender The sender of the last message to be included
-    /// @param messageDataHash The messageDataHash of the last message to be included
+    /// @inheritdoc ISequencerInbox
+    function removeDelayAfterFork() external {
+        if (!_chainIdChanged()) revert NotForked();
+        maxTimeVariation = ISequencerInbox.MaxTimeVariation({
+            delayBlocks: 1,
+            futureBlocks: 1,
+            delaySeconds: 1,
+            futureSeconds: 1
+        });
+    }
+
+    /// @inheritdoc ISequencerInbox
     function forceInclusion(
         uint256 _totalDelayedMessagesRead,
         uint8 kind,
@@ -120,12 +141,23 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         (bytes32 dataHash, TimeBounds memory timeBounds) = formEmptyDataHash(
             _totalDelayedMessagesRead
         );
+        uint256 __totalDelayedMessagesRead = _totalDelayedMessagesRead;
+        uint256 prevSeqMsgCount = bridge.sequencerReportedSubMessageCount();
+        uint256 newSeqMsgCount = prevSeqMsgCount +
+            _totalDelayedMessagesRead -
+            totalDelayedMessagesRead;
         (
             uint256 seqMessageIndex,
             bytes32 beforeAcc,
             bytes32 delayedAcc,
             bytes32 afterAcc
-        ) = addSequencerL2BatchImpl(dataHash, _totalDelayedMessagesRead, 0);
+        ) = addSequencerL2BatchImpl(
+                dataHash,
+                __totalDelayedMessagesRead,
+                0,
+                prevSeqMsgCount,
+                newSeqMsgCount
+            );
         emit SequencerBatchDelivered(
             seqMessageIndex,
             beforeAcc,
@@ -137,6 +169,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         );
     }
 
+    /// @dev Deprecated in favor of the variant specifying message counts for consistency
     function addSequencerL2BatchFromOrigin(
         uint256 sequenceNumber,
         bytes calldata data,
@@ -146,6 +179,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         // solhint-disable-next-line avoid-tx-origin
         if (msg.sender != tx.origin) revert NotOrigin();
         if (!isBatchPoster[msg.sender]) revert NotBatchPoster();
+
         (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
             data,
             afterDelayedMessagesRead
@@ -155,7 +189,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
             bytes32 beforeAcc,
             bytes32 delayedAcc,
             bytes32 afterAcc
-        ) = addSequencerL2BatchImpl(dataHash, afterDelayedMessagesRead, data.length);
+        ) = addSequencerL2BatchImpl(dataHash, afterDelayedMessagesRead, data.length, 0, 0);
         if (seqMessageIndex != sequenceNumber)
             revert BadSequencerNumber(seqMessageIndex, sequenceNumber);
         emit SequencerBatchDelivered(
@@ -169,38 +203,101 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         );
     }
 
-    function addSequencerL2Batch(
+    function addSequencerL2BatchFromOrigin(
         uint256 sequenceNumber,
         bytes calldata data,
         uint256 afterDelayedMessagesRead,
-        IGasRefunder gasRefunder
-    ) external override refundsGas(gasRefunder) {
-        if (!isBatchPoster[msg.sender] && msg.sender != address(rollup)) revert NotBatchPoster();
-
+        IGasRefunder gasRefunder,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
+    ) external refundsGas(gasRefunder) {
+        // solhint-disable-next-line avoid-tx-origin
+        if (msg.sender != tx.origin) revert NotOrigin();
+        if (!isBatchPoster[msg.sender]) revert NotBatchPoster();
         (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
             data,
             afterDelayedMessagesRead
         );
-        // we set the calldata length posted to 0 here since the caller isn't the origin
-        // of the tx, so they might have not paid tx input cost for the calldata
+        // Reformat the stack to prevent "Stack too deep"
+        uint256 sequenceNumber_ = sequenceNumber;
+        TimeBounds memory timeBounds_ = timeBounds;
+        bytes32 dataHash_ = dataHash;
+        uint256 dataLength = data.length;
+        uint256 afterDelayedMessagesRead_ = afterDelayedMessagesRead;
+        uint256 prevMessageCount_ = prevMessageCount;
+        uint256 newMessageCount_ = newMessageCount;
         (
             uint256 seqMessageIndex,
             bytes32 beforeAcc,
             bytes32 delayedAcc,
             bytes32 afterAcc
-        ) = addSequencerL2BatchImpl(dataHash, afterDelayedMessagesRead, 0);
-        if (seqMessageIndex != sequenceNumber)
-            revert BadSequencerNumber(seqMessageIndex, sequenceNumber);
+        ) = addSequencerL2BatchImpl(
+                dataHash_,
+                afterDelayedMessagesRead_,
+                dataLength,
+                prevMessageCount_,
+                newMessageCount_
+            );
+        if (seqMessageIndex != sequenceNumber_ && sequenceNumber_ != ~uint256(0))
+            revert BadSequencerNumber(seqMessageIndex, sequenceNumber_);
         emit SequencerBatchDelivered(
-            sequenceNumber,
+            seqMessageIndex,
             beforeAcc,
             afterAcc,
             delayedAcc,
-            afterDelayedMessagesRead,
-            timeBounds,
-            BatchDataLocation.SeparateBatchEvent
+            totalDelayedMessagesRead,
+            timeBounds_,
+            BatchDataLocation.TxInput
+        );
+    }
+
+    function addSequencerL2Batch(
+        uint256 sequenceNumber,
+        bytes calldata data,
+        uint256 afterDelayedMessagesRead,
+        IGasRefunder gasRefunder,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
+    ) external override refundsGas(gasRefunder) {
+        if (!isBatchPoster[msg.sender] && msg.sender != address(rollup)) revert NotBatchPoster();
+        (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
+            data,
+            afterDelayedMessagesRead
         );
-        emit SequencerBatchData(sequenceNumber, data);
+        uint256 seqMessageIndex;
+        {
+            // Reformat the stack to prevent "Stack too deep"
+            uint256 sequenceNumber_ = sequenceNumber;
+            TimeBounds memory timeBounds_ = timeBounds;
+            bytes32 dataHash_ = dataHash;
+            uint256 afterDelayedMessagesRead_ = afterDelayedMessagesRead;
+            uint256 prevMessageCount_ = prevMessageCount;
+            uint256 newMessageCount_ = newMessageCount;
+            // we set the calldata length posted to 0 here since the caller isn't the origin
+            // of the tx, so they might have not paid tx input cost for the calldata
+            bytes32 beforeAcc;
+            bytes32 delayedAcc;
+            bytes32 afterAcc;
+            (seqMessageIndex, beforeAcc, delayedAcc, afterAcc) = addSequencerL2BatchImpl(
+                dataHash_,
+                afterDelayedMessagesRead_,
+                0,
+                prevMessageCount_,
+                newMessageCount_
+            );
+            if (seqMessageIndex != sequenceNumber_ && sequenceNumber_ != ~uint256(0))
+                revert BadSequencerNumber(seqMessageIndex, sequenceNumber_);
+            emit SequencerBatchDelivered(
+                seqMessageIndex,
+                beforeAcc,
+                afterAcc,
+                delayedAcc,
+                totalDelayedMessagesRead,
+                timeBounds_,
+                BatchDataLocation.SeparateBatchEvent
+            );
+        }
+        emit SequencerBatchData(seqMessageIndex, data);
     }
 
     modifier validateBatchData(bytes calldata data) {
@@ -260,7 +357,9 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     function addSequencerL2BatchImpl(
         bytes32 dataHash,
         uint256 afterDelayedMessagesRead,
-        uint256 calldataLengthPosted
+        uint256 calldataLengthPosted,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
     )
         internal
         returns (
@@ -275,7 +374,9 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
 
         (seqMessageIndex, beforeAcc, delayedAcc, acc) = bridge.enqueueSequencerMessage(
             dataHash,
-            afterDelayedMessagesRead
+            afterDelayedMessagesRead,
+            prevMessageCount,
+            newMessageCount
         );
 
         totalDelayedMessagesRead = afterDelayedMessagesRead;
@@ -300,43 +401,35 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         }
     }
 
-    function inboxAccs(uint256 index) external view override returns (bytes32) {
+    function inboxAccs(uint256 index) external view returns (bytes32) {
         return bridge.sequencerInboxAccs(index);
     }
 
-    function batchCount() external view override returns (uint256) {
+    function batchCount() external view returns (uint256) {
         return bridge.sequencerMessageCount();
     }
 
-    /**
-     * @notice Set max delay for sequencer inbox
-     * @param maxTimeVariation_ the maximum time variation parameters
-     */
+    /// @inheritdoc ISequencerInbox
     function setMaxTimeVariation(ISequencerInbox.MaxTimeVariation memory maxTimeVariation_)
         external
-        override
         onlyRollupOwner
     {
         maxTimeVariation = maxTimeVariation_;
         emit OwnerFunctionCalled(0);
     }
 
-    /**
-     * @notice Updates whether an address is authorized to be a batch poster at the sequencer inbox
-     * @param addr the address
-     * @param isBatchPoster_ if the specified address should be authorized as a batch poster
-     */
-    function setIsBatchPoster(address addr, bool isBatchPoster_) external override onlyRollupOwner {
+    /// @inheritdoc ISequencerInbox
+    function setIsBatchPoster(address addr, bool isBatchPoster_) external onlyRollupOwner {
         isBatchPoster[addr] = isBatchPoster_;
         emit OwnerFunctionCalled(1);
     }
 
-    /**
-     * @notice Makes Data Availability Service keyset valid
-     * @param keysetBytes bytes of the serialized keyset
-     */
-    function setValidKeyset(bytes calldata keysetBytes) external override onlyRollupOwner {
-        bytes32 ksHash = keccak256(keysetBytes);
+    /// @inheritdoc ISequencerInbox
+    function setValidKeyset(bytes calldata keysetBytes) external onlyRollupOwner {
+        uint256 ksWord = uint256(keccak256(bytes.concat(hex"fe", keccak256(keysetBytes))));
+        bytes32 ksHash = bytes32(ksWord ^ (1 << 255));
+        require(keysetBytes.length < 64 * 1024, "keyset is too large");
+
         if (dasKeySetInfo[ksHash].isValidKeyset) revert AlreadyValidDASKeyset(ksHash);
         dasKeySetInfo[ksHash] = DasKeySetInfo({
             isValidKeyset: true,
@@ -346,11 +439,8 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         emit OwnerFunctionCalled(2);
     }
 
-    /**
-     * @notice Invalidates a Data Availability Service keyset
-     * @param ksHash hash of the keyset
-     */
-    function invalidateKeysetHash(bytes32 ksHash) external override onlyRollupOwner {
+    /// @inheritdoc ISequencerInbox
+    function invalidateKeysetHash(bytes32 ksHash) external onlyRollupOwner {
         if (!dasKeySetInfo[ksHash].isValidKeyset) revert NoSuchKeyset(ksHash);
         // we don't delete the block creation value since its used to fetch the SetValidKeyset
         // event efficiently. The event provides the hash preimage of the key.
@@ -364,7 +454,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         return dasKeySetInfo[ksHash].isValidKeyset;
     }
 
-    /// @notice the creation block is intended to still be available after a keyset is deleted
+    /// @inheritdoc ISequencerInbox
     function getKeysetCreationBlock(bytes32 ksHash) external view returns (uint256) {
         DasKeySetInfo memory ksInfo = dasKeySetInfo[ksHash];
         if (ksInfo.creationBlock == 0) revert NoSuchKeyset(ksHash);

package/src/challenge/ChallengeManager.sol

@@ -285,15 +285,6 @@ contract ChallengeManager is DelegateCallAware, IChallengeManager {
         return challenges[challengeIndex].current.addr;
     }
 
-    function currentResponderTimeLeft(uint64 challengeIndex)
-        public
-        view
-        override
-        returns (uint256)
-    {
-        return challenges[challengeIndex].current.timeLeft;
-    }
-
     function isTimedOut(uint64 challengeIndex) public view override returns (bool) {
         return challenges[challengeIndex].isTimedOut();
     }

package/src/challenge/IChallengeManager.sol

@@ -67,8 +67,6 @@ interface IChallengeManager {
 
     function isTimedOut(uint64 challengeIndex) external view returns (bool);
 
-    function currentResponderTimeLeft(uint64 challengeIndex_) external view returns (uint256);
-
     function clearChallenge(uint64 challengeIndex_) external;
 
     function timeout(uint64 challengeIndex_) external;

package/src/libraries/AdminFallbackProxy.sol

@@ -87,7 +87,7 @@ abstract contract DoubleLogicERC1967Upgrade is ERC1967Upgrade {
             try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
                 require(
                     slot == _IMPLEMENTATION_SECONDARY_SLOT,
-                    "ERC1967Upgrade: unsupported proxiableUUID"
+                    "ERC1967Upgrade: unsupported secondary proxiableUUID"
                 );
             } catch {
                 revert("ERC1967Upgrade: new secondary implementation is not UUPS");
@@ -132,8 +132,8 @@ contract AdminFallbackProxy is Proxy, DoubleLogicERC1967Upgrade {
         require(msg.data.length >= 4, "NO_FUNC_SIG");
         // if the sender is the proxy's admin, delegate to admin logic
         // if the admin is disabled, all calls will be forwarded to user logic
-        // admin affordances can be disabled by setting to address(1) since
-        // `ERC1697._setAdmin()` doesn't allow address(0) to be set
+        // admin affordances can be disabled by setting to a no-op smart contract
+        // since there is a check for contract code before updating the value
         address target = _getAdmin() != msg.sender
             ? DoubleLogicERC1967Upgrade._getSecondaryImplementation()
             : ERC1967Upgrade._getImplementation();
@@ -144,7 +144,7 @@ contract AdminFallbackProxy is Proxy, DoubleLogicERC1967Upgrade {
 
     /**
      * @dev unlike transparent upgradeable proxies, this does allow the admin to fallback to a logic contract
-     * the admin is expected to interact only with the secondary logic contract, which handles contract
+     * the admin is expected to interact only with the primary logic contract, which handles contract
      * upgrades using the UUPS approach
      */
     function _beforeFallback() internal override {

package/src/libraries/Constants.sol

@@ -8,3 +8,6 @@ pragma solidity ^0.8.4;
 uint256 constant MAX_DATA_SIZE = 117964;
 
 uint64 constant NO_CHAL_INDEX = 0;
+
+// Expected seconds per block in Ethereum PoS
+uint256 constant ETH_POS_BLOCK_TIME = 12;

package/src/libraries/{SecondaryLogicUUPSUpgradeable.sol → DoubleLogicUUPSUpgradeable.sol}

@@ -8,8 +8,9 @@ import {DoubleLogicERC1967Upgrade} from "./AdminFallbackProxy.sol";
 import "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
 
 /// @notice An extension to OZ's UUPSUpgradeable contract to be used for handling UUPS upgrades with a DoubleLogicERC1967Upgrade proxy
+///         The should be used in the primary implementation slot of the DoubleLogicUUPS proxy
 /// @dev upgrades should be handles by the primary logic contract in order to pass the `onlyProxy` check
-abstract contract SecondaryLogicUUPSUpgradeable is UUPSUpgradeable, DoubleLogicERC1967Upgrade {
+abstract contract DoubleLogicUUPSUpgradeable is UUPSUpgradeable, DoubleLogicERC1967Upgrade {
     /// @inheritdoc UUPSUpgradeable
     function proxiableUUID() external view override notDelegated returns (bytes32) {
         return _IMPLEMENTATION_SLOT;

package/src/libraries/Error.sol

@@ -42,3 +42,122 @@ error MerkleProofTooLong(uint256 actualLength, uint256 maxProofLength);
 /// @param rollup The rollup, which would be authorized
 /// @param owner The rollup's owner, which would be authorized
 error NotRollupOrOwner(address sender, address rollup, address owner);
+
+// Bridge Errors
+
+/// @dev Thrown when an un-authorized address tries to access an only-inbox function
+/// @param sender The un-authorized sender
+error NotDelayedInbox(address sender);
+
+/// @dev Thrown when an un-authorized address tries to access an only-sequencer-inbox function
+/// @param sender The un-authorized sender
+error NotSequencerInbox(address sender);
+
+/// @dev Thrown when an un-authorized address tries to access an only-outbox function
+/// @param sender The un-authorized sender
+error NotOutbox(address sender);
+
+/// @dev the provided outbox address isn't valid
+/// @param outbox address of outbox being set
+error InvalidOutboxSet(address outbox);
+
+// Inbox Errors
+
+/// @dev The contract is paused, so cannot be paused
+error AlreadyPaused();
+
+/// @dev The contract is unpaused, so cannot be unpaused
+error AlreadyUnpaused();
+
+/// @dev The contract is paused
+error Paused();
+
+/// @dev msg.value sent to the inbox isn't high enough
+error InsufficientValue(uint256 expected, uint256 actual);
+
+/// @dev submission cost provided isn't enough to create retryable ticket
+error InsufficientSubmissionCost(uint256 expected, uint256 actual);
+
+/// @dev address not allowed to interact with the given contract
+error NotAllowedOrigin(address origin);
+
+/// @dev used to convey retryable tx data in eth calls without requiring a tx trace
+/// this follows a pattern similar to EIP-3668 where reverts surface call information
+error RetryableData(
+    address from,
+    address to,
+    uint256 l2CallValue,
+    uint256 deposit,
+    uint256 maxSubmissionCost,
+    address excessFeeRefundAddress,
+    address callValueRefundAddress,
+    uint256 gasLimit,
+    uint256 maxFeePerGas,
+    bytes data
+);
+
+/// @dev Thrown when a L1 chainId fork is detected
+error L1Forked();
+
+/// @dev Thrown when a L1 chainId fork is not detected
+error NotForked();
+
+/// @dev The provided gasLimit is larger than uint64
+error GasLimitTooLarge();
+
+// Outbox Errors
+
+/// @dev The provided proof was too long
+/// @param proofLength The length of the too-long proof
+error ProofTooLong(uint256 proofLength);
+
+/// @dev The output index was greater than the maximum
+/// @param index The output index
+/// @param maxIndex The max the index could be
+error PathNotMinimal(uint256 index, uint256 maxIndex);
+
+/// @dev The calculated root does not exist
+/// @param root The calculated root
+error UnknownRoot(bytes32 root);
+
+/// @dev The record has already been spent
+/// @param index The index of the spent record
+error AlreadySpent(uint256 index);
+
+/// @dev A call to the bridge failed with no return data
+error BridgeCallFailed();
+
+// Sequencer Inbox Errors
+
+/// @dev Thrown when someone attempts to read fewer messages than have already been read
+error DelayedBackwards();
+
+/// @dev Thrown when someone attempts to read more messages than exist
+error DelayedTooFar();
+
+/// @dev Force include can only read messages more blocks old than the delay period
+error ForceIncludeBlockTooSoon();
+
+/// @dev Force include can only read messages more seconds old than the delay period
+error ForceIncludeTimeTooSoon();
+
+/// @dev The message provided did not match the hash in the delayed inbox
+error IncorrectMessagePreimage();
+
+/// @dev This can only be called by the batch poster
+error NotBatchPoster();
+
+/// @dev The sequence number provided to this message was inconsistent with the number of batches already included
+error BadSequencerNumber(uint256 stored, uint256 received);
+
+/// @dev The sequence message number provided to this message was inconsistent with the previous one
+error BadSequencerMessageNumber(uint256 stored, uint256 received);
+
+/// @dev The batch data has the inbox authenticated bit set, but the batch data was not authenticated by the inbox
+error DataNotAuthenticated();
+
+/// @dev Tried to create an already valid Data Availability Service keyset
+error AlreadyValidDASKeyset(bytes32);
+
+/// @dev Tried to use or invalidate an already invalid Data Availability Service keyset
+error NoSuchKeyset(bytes32);

package/src/libraries/IGasRefunder.sol

@@ -2,7 +2,8 @@
 // For license information, see https://github.com/nitro/blob/master/LICENSE
 // SPDX-License-Identifier: BUSL-1.1
 
-pragma solidity >=0.6.11 <0.9.0;
+// solhint-disable-next-line compiler-version
+pragma solidity >=0.6.9 <0.9.0;
 
 interface IGasRefunder {
     function onGasSpent(
@@ -20,14 +21,20 @@ abstract contract GasRefundEnabled {
         uint256 startGasLeft = gasleft();
         _;
         if (address(gasRefunder) != address(0)) {
-            uint256 calldataSize = 0;
+            uint256 calldataSize;
+            assembly {
+                calldataSize := calldatasize()
+            }
+            uint256 calldataWords = (calldataSize + 31) / 32;
+            // account for the CALLDATACOPY cost of the proxy contract, including the memory expansion cost
+            startGasLeft += calldataWords * 6 + (calldataWords**2) / 512;
             // if triggered in a contract call, the spender may be overrefunded by appending dummy data to the call
             // so we check if it is a top level call, which would mean the sender paid calldata as part of tx.input
             // solhint-disable-next-line avoid-tx-origin
-            if (msg.sender == tx.origin) {
-                assembly {
-                    calldataSize := calldatasize()
-                }
+            if (msg.sender != tx.origin) {
+                // We can't be sure if this calldata came from the top level tx,
+                // so to be safe we tell the gas refunder there was no calldata.
+                calldataSize = 0;
             }
             gasRefunder.onGasSpent(payable(msg.sender), startGasLeft - gasleft(), calldataSize);
         }

package/src/libraries/MerkleLib.sol

@@ -33,9 +33,9 @@ library MerkleLib {
         uint256 proofItems = nodes.length;
         if (proofItems > 256) revert MerkleProofTooLong(proofItems, 256);
         bytes32 h = item;
-        for (uint256 i = 0; i < proofItems; i++) {
+        for (uint256 i = 0; i < proofItems; ) {
             bytes32 node = nodes[i];
-            if (route % 2 == 0) {
+            if ((route & (1 << i)) == 0) {
                 assembly {
                     mstore(0x00, h)
                     mstore(0x20, node)
@@ -48,7 +48,9 @@ library MerkleLib {
                     h := keccak256(0x00, 0x40)
                 }
             }
-            route /= 2;
+            unchecked {
+                ++i;
+            }
         }
         return h;
     }

package/src/mocks/BridgeStub.sol

@@ -5,6 +5,7 @@
 pragma solidity ^0.8.0;
 
 import "./InboxStub.sol";
+import {BadSequencerMessageNumber} from "../libraries/Error.sol";
 
 import "../bridge/IBridge.sol";
 
@@ -28,6 +29,7 @@ contract BridgeStub is IBridge {
     bytes32[] public override sequencerInboxAccs;
 
     address public sequencerInbox;
+    uint256 public override sequencerReportedSubMessageCount;
 
     function setSequencerInbox(address _sequencerInbox) external override {
         sequencerInbox = _sequencerInbox;
@@ -59,7 +61,12 @@ contract BridgeStub is IBridge {
             );
     }
 
-    function enqueueSequencerMessage(bytes32 dataHash, uint256 afterDelayedMessagesRead)
+    function enqueueSequencerMessage(
+        bytes32 dataHash,
+        uint256 afterDelayedMessagesRead,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
+    )
         external
         returns (
             uint256 seqMessageIndex,
@@ -68,6 +75,14 @@ contract BridgeStub is IBridge {
             bytes32 acc
         )
     {
+        if (
+            sequencerReportedSubMessageCount != prevMessageCount &&
+            prevMessageCount != 0 &&
+            sequencerReportedSubMessageCount != 0
+        ) {
+            revert BadSequencerMessageNumber(sequencerReportedSubMessageCount, prevMessageCount);
+        }
+        sequencerReportedSubMessageCount = newMessageCount;
         seqMessageIndex = sequencerInboxAccs.length;
         if (sequencerInboxAccs.length > 0) {
             beforeAcc = sequencerInboxAccs[sequencerInboxAccs.length - 1];
@@ -158,4 +173,10 @@ contract BridgeStub is IBridge {
     function rollup() external pure override returns (IOwnable) {
         revert("NOT_IMPLEMENTED");
     }
+
+    function acceptFundsFromOldBridge() external payable {}
+
+    function initialize(IOwnable) external pure {
+        revert("NOT_IMPLEMENTED");
+    }
 }