@arbitrum/nitro-contracts 1.0.0-beta.8 → 1.0.0

package/src/bridge/Outbox.sol

@@ -11,7 +11,8 @@ import {
     PathNotMinimal,
     UnknownRoot,
     AlreadySpent,
-    BridgeCallFailed
+    BridgeCallFailed,
+    HadZeroInit
 } from "../libraries/Error.sol";
 import "./IBridge.sol";
 import "./IOutbox.sol";
@@ -51,6 +52,7 @@ contract Outbox is DelegateCallAware, IOutbox {
     uint128 public constant OUTBOX_VERSION = 2;
 
     function initialize(IBridge _bridge) external onlyDelegated {
+        if (address(_bridge) == address(0)) revert HadZeroInit();
         if (address(bridge) != address(0)) revert AlreadyInit();
         // address zero is returned if no context is set, but the values used in storage
         // are non-zero to save users some gas (as storage refunds are usually maxed out)
@@ -66,43 +68,38 @@ contract Outbox is DelegateCallAware, IOutbox {
         rollup = address(_bridge.rollup());
     }
 
-    function updateSendRoot(bytes32 root, bytes32 l2BlockHash) external override {
+    function updateSendRoot(bytes32 root, bytes32 l2BlockHash) external {
         if (msg.sender != rollup) revert NotRollup(msg.sender, rollup);
         roots[root] = l2BlockHash;
         emit SendRootUpdated(root, l2BlockHash);
     }
 
-    /// @notice When l2ToL1Sender returns a nonzero address, the message was originated by an L2 account
-    /// When the return value is zero, that means this is a system message
-    /// @dev the l2ToL1Sender behaves as the tx.origin, the msg.sender should be validated to protect against reentrancies
-    function l2ToL1Sender() external view override returns (address) {
+    /// @inheritdoc IOutbox
+    function l2ToL1Sender() external view returns (address) {
         address sender = context.sender;
         // we don't return the default context value to avoid a breaking change in the API
         if (sender == SENDER_DEFAULT_CONTEXT) return address(0);
         return sender;
     }
 
-    /// @return l2Block return L2 block when the L2 tx was initiated or zero
-    /// if no L2 to L1 transaction is active
-    function l2ToL1Block() external view override returns (uint256) {
+    /// @inheritdoc IOutbox
+    function l2ToL1Block() external view returns (uint256) {
         uint128 l2Block = context.l2Block;
         // we don't return the default context value to avoid a breaking change in the API
         if (l2Block == L1BLOCK_DEFAULT_CONTEXT) return uint256(0);
         return uint256(l2Block);
     }
 
-    /// @return l1Block return L1 block when the L2 tx was initiated or zero
-    /// if no L2 to L1 transaction is active
-    function l2ToL1EthBlock() external view override returns (uint256) {
+    /// @inheritdoc IOutbox
+    function l2ToL1EthBlock() external view returns (uint256) {
         uint128 l1Block = context.l1Block;
         // we don't return the default context value to avoid a breaking change in the API
         if (l1Block == L1BLOCK_DEFAULT_CONTEXT) return uint256(0);
         return uint256(l1Block);
     }
 
-    /// @return timestamp return L2 timestamp when the L2 tx was initiated or zero
-    /// if no L2 to L1 transaction is active
-    function l2ToL1Timestamp() external view override returns (uint256) {
+    /// @inheritdoc IOutbox
+    function l2ToL1Timestamp() external view returns (uint256) {
         uint128 timestamp = context.timestamp;
         // we don't return the default context value to avoid a breaking change in the API
         if (timestamp == TIMESTAMP_DEFAULT_CONTEXT) return uint256(0);
@@ -110,33 +107,19 @@ contract Outbox is DelegateCallAware, IOutbox {
     }
 
     /// @notice batch number is deprecated and now always returns 0
-    function l2ToL1BatchNum() external pure override returns (uint256) {
+    function l2ToL1BatchNum() external pure returns (uint256) {
         return 0;
     }
 
-    /// @return outputId returns the unique output identifier of the L2 to L1 tx or
-    /// zero if no L2 to L1 transaction is active
-    function l2ToL1OutputId() external view override returns (bytes32) {
+    /// @inheritdoc IOutbox
+    function l2ToL1OutputId() external view returns (bytes32) {
         bytes32 outputId = context.outputId;
         // we don't return the default context value to avoid a breaking change in the API
         if (outputId == OUTPUTID_DEFAULT_CONTEXT) return bytes32(0);
         return outputId;
     }
 
-    /**
-     * @notice Executes a messages in an Outbox entry.
-     * @dev Reverts if dispute period hasn't expired, since the outbox entry
-     * is only created once the rollup confirms the respective assertion.
-     * @param proof Merkle proof of message inclusion in send root
-     * @param index Merkle path to message
-     * @param l2Sender sender if original message (i.e., caller of ArbSys.sendTxToL1)
-     * @param to destination address for L1 contract call
-     * @param l2Block l2 block number at which sendTxToL1 call was made
-     * @param l1Block l1 block number at which sendTxToL1 call was made
-     * @param l2Timestamp l2 Timestamp at which sendTxToL1 call was made
-     * @param value wei in L1 message
-     * @param data abi-encoded L1 message data
-     */
+    /// @inheritdoc IOutbox
     function executeTransaction(
         bytes32[] calldata proof,
         uint256 index,
@@ -147,7 +130,7 @@ contract Outbox is DelegateCallAware, IOutbox {
         uint256 l2Timestamp,
         uint256 value,
         bytes calldata data
-    ) external override {
+    ) external {
         bytes32 userTx = calculateItemHash(
             l2Sender,
             to,
@@ -163,15 +146,7 @@ contract Outbox is DelegateCallAware, IOutbox {
         executeTransactionImpl(index, l2Sender, to, l2Block, l1Block, l2Timestamp, value, data);
     }
 
-    /// @dev function used to simulate the result of a particular function call from the outbox
-    /// it is useful for things such as gas estimates. This function includes all costs except for
-    /// proof validation (which can be considered offchain as a somewhat of a fixed cost - it's
-    /// not really a fixed cost, but can be treated as so with a fixed overhead for gas estimation).
-    /// We can't include the cost of proof validation since this is intended to be used to simulate txs
-    /// that are included in yet-to-be confirmed merkle roots. The simulation entrypoint could instead pretend
-    /// to confirm a pending merkle root, but that would be less pratical for integrating with tooling.
-    /// It is only possible to trigger it when the msg sender is address zero, which should be impossible
-    /// unless under simulation in an eth_call or eth_estimateGas
+    /// @inheritdoc IOutbox
     function executeTransactionSimulation(
         uint256 index,
         address l2Sender,
@@ -181,7 +156,7 @@ contract Outbox is DelegateCallAware, IOutbox {
         uint256 l2Timestamp,
         uint256 value,
         bytes calldata data
-    ) external override {
+    ) external {
         if (msg.sender != address(0)) revert SimulationOnlyEntrypoint();
         executeTransactionImpl(index, l2Sender, to, l2Block, l1Block, l2Timestamp, value, data);
     }
@@ -235,7 +210,8 @@ contract Outbox is DelegateCallAware, IOutbox {
         return ((replay >> bitOffset) & bytes32(uint256(1))) != bytes32(0);
     }
 
-    function isSpent(uint256 index) external view override returns (bool) {
+    /// @inheritdoc IOutbox
+    function isSpent(uint256 index) external view returns (bool) {
         (, uint256 bitOffset, bytes32 replay) = _calcSpentIndexOffset(index);
         return _isSpent(bitOffset, replay);
     }
@@ -285,7 +261,7 @@ contract Outbox is DelegateCallAware, IOutbox {
         uint256 l2Timestamp,
         uint256 value,
         bytes calldata data
-    ) public pure override returns (bytes32) {
+    ) public pure returns (bytes32) {
         return
             keccak256(abi.encodePacked(l2Sender, to, l2Block, l1Block, l2Timestamp, value, data));
     }
@@ -294,7 +270,7 @@ contract Outbox is DelegateCallAware, IOutbox {
         bytes32[] memory proof,
         uint256 path,
         bytes32 item
-    ) public pure override returns (bytes32) {
+    ) public pure returns (bytes32) {
         return MerkleLib.calculateRoot(proof, path, keccak256(abi.encodePacked(item)));
     }
 }

package/src/bridge/SequencerInbox.sol

@@ -19,7 +19,8 @@ import {
     BadSequencerNumber,
     DataNotAuthenticated,
     AlreadyValidDASKeyset,
-    NoSuchKeyset
+    NoSuchKeyset,
+    NotForked
 } from "../libraries/Error.sol";
 import "./IBridge.sol";
 import "./IInbox.sol";
@@ -44,20 +45,16 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
 
     IBridge public bridge;
 
-    /// @dev The size of the batch header
+    /// @inheritdoc ISequencerInbox
     uint256 public constant HEADER_LENGTH = 40;
-    /// @dev If the first batch data byte after the header has this bit set,
-    /// the sequencer inbox has authenticated the data. Currently not used.
+
+    /// @inheritdoc ISequencerInbox
     bytes1 public constant DATA_AUTHENTICATED_FLAG = 0x40;
 
     IOwnable public rollup;
     mapping(address => bool) public isBatchPoster;
     ISequencerInbox.MaxTimeVariation public maxTimeVariation;
 
-    struct DasKeySetInfo {
-        bool isValidKeyset;
-        uint64 creationBlock;
-    }
     mapping(bytes32 => DasKeySetInfo) public dasKeySetInfo;
 
     modifier onlyRollupOwner() {
@@ -65,6 +62,12 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         _;
     }
 
+    uint256 internal immutable deployTimeChainId = block.chainid;
+
+    function _chainIdChanged() internal view returns (bool) {
+        return deployTimeChainId != block.chainid;
+    }
+
     function initialize(
         IBridge bridge_,
         ISequencerInbox.MaxTimeVariation calldata maxTimeVariation_
@@ -89,17 +92,18 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         return bounds;
     }
 
-    /// @notice Force messages from the delayed inbox to be included in the chain
-    /// Callable by any address, but message can only be force-included after maxTimeVariation.delayBlocks and maxTimeVariation.delaySeconds
-    /// has elapsed. As part of normal behaviour the sequencer will include these messages
-    /// so it's only necessary to call this if the sequencer is down, or not including
-    /// any delayed messages.
-    /// @param _totalDelayedMessagesRead The total number of messages to read up to
-    /// @param kind The kind of the last message to be included
-    /// @param l1BlockAndTime The l1 block and the l1 timestamp of the last message to be included
-    /// @param baseFeeL1 The l1 gas price of the last message to be included
-    /// @param sender The sender of the last message to be included
-    /// @param messageDataHash The messageDataHash of the last message to be included
+    /// @inheritdoc ISequencerInbox
+    function removeDelayAfterFork() external {
+        if (!_chainIdChanged()) revert NotForked();
+        maxTimeVariation = ISequencerInbox.MaxTimeVariation({
+            delayBlocks: 1,
+            futureBlocks: 1,
+            delaySeconds: 1,
+            futureSeconds: 1
+        });
+    }
+
+    /// @inheritdoc ISequencerInbox
     function forceInclusion(
         uint256 _totalDelayedMessagesRead,
         uint8 kind,
@@ -137,12 +141,23 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         (bytes32 dataHash, TimeBounds memory timeBounds) = formEmptyDataHash(
             _totalDelayedMessagesRead
         );
+        uint256 __totalDelayedMessagesRead = _totalDelayedMessagesRead;
+        uint256 prevSeqMsgCount = bridge.sequencerReportedSubMessageCount();
+        uint256 newSeqMsgCount = prevSeqMsgCount +
+            _totalDelayedMessagesRead -
+            totalDelayedMessagesRead;
         (
             uint256 seqMessageIndex,
             bytes32 beforeAcc,
             bytes32 delayedAcc,
             bytes32 afterAcc
-        ) = addSequencerL2BatchImpl(dataHash, _totalDelayedMessagesRead, 0);
+        ) = addSequencerL2BatchImpl(
+                dataHash,
+                __totalDelayedMessagesRead,
+                0,
+                prevSeqMsgCount,
+                newSeqMsgCount
+            );
         emit SequencerBatchDelivered(
             seqMessageIndex,
             beforeAcc,
@@ -154,6 +169,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         );
     }
 
+    /// @dev Deprecated in favor of the variant specifying message counts for consistency
     function addSequencerL2BatchFromOrigin(
         uint256 sequenceNumber,
         bytes calldata data,
@@ -163,6 +179,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         // solhint-disable-next-line avoid-tx-origin
         if (msg.sender != tx.origin) revert NotOrigin();
         if (!isBatchPoster[msg.sender]) revert NotBatchPoster();
+
         (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
             data,
             afterDelayedMessagesRead
@@ -172,7 +189,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
             bytes32 beforeAcc,
             bytes32 delayedAcc,
             bytes32 afterAcc
-        ) = addSequencerL2BatchImpl(dataHash, afterDelayedMessagesRead, data.length);
+        ) = addSequencerL2BatchImpl(dataHash, afterDelayedMessagesRead, data.length, 0, 0);
         if (seqMessageIndex != sequenceNumber)
             revert BadSequencerNumber(seqMessageIndex, sequenceNumber);
         emit SequencerBatchDelivered(
@@ -186,38 +203,101 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         );
     }
 
-    function addSequencerL2Batch(
+    function addSequencerL2BatchFromOrigin(
         uint256 sequenceNumber,
         bytes calldata data,
         uint256 afterDelayedMessagesRead,
-        IGasRefunder gasRefunder
-    ) external override refundsGas(gasRefunder) {
-        if (!isBatchPoster[msg.sender] && msg.sender != address(rollup)) revert NotBatchPoster();
-
+        IGasRefunder gasRefunder,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
+    ) external refundsGas(gasRefunder) {
+        // solhint-disable-next-line avoid-tx-origin
+        if (msg.sender != tx.origin) revert NotOrigin();
+        if (!isBatchPoster[msg.sender]) revert NotBatchPoster();
         (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
             data,
             afterDelayedMessagesRead
         );
-        // we set the calldata length posted to 0 here since the caller isn't the origin
-        // of the tx, so they might have not paid tx input cost for the calldata
+        // Reformat the stack to prevent "Stack too deep"
+        uint256 sequenceNumber_ = sequenceNumber;
+        TimeBounds memory timeBounds_ = timeBounds;
+        bytes32 dataHash_ = dataHash;
+        uint256 dataLength = data.length;
+        uint256 afterDelayedMessagesRead_ = afterDelayedMessagesRead;
+        uint256 prevMessageCount_ = prevMessageCount;
+        uint256 newMessageCount_ = newMessageCount;
         (
             uint256 seqMessageIndex,
             bytes32 beforeAcc,
             bytes32 delayedAcc,
             bytes32 afterAcc
-        ) = addSequencerL2BatchImpl(dataHash, afterDelayedMessagesRead, 0);
-        if (seqMessageIndex != sequenceNumber)
-            revert BadSequencerNumber(seqMessageIndex, sequenceNumber);
+        ) = addSequencerL2BatchImpl(
+                dataHash_,
+                afterDelayedMessagesRead_,
+                dataLength,
+                prevMessageCount_,
+                newMessageCount_
+            );
+        if (seqMessageIndex != sequenceNumber_ && sequenceNumber_ != ~uint256(0))
+            revert BadSequencerNumber(seqMessageIndex, sequenceNumber_);
         emit SequencerBatchDelivered(
-            sequenceNumber,
+            seqMessageIndex,
             beforeAcc,
             afterAcc,
             delayedAcc,
-            afterDelayedMessagesRead,
-            timeBounds,
-            BatchDataLocation.SeparateBatchEvent
+            totalDelayedMessagesRead,
+            timeBounds_,
+            BatchDataLocation.TxInput
+        );
+    }
+
+    function addSequencerL2Batch(
+        uint256 sequenceNumber,
+        bytes calldata data,
+        uint256 afterDelayedMessagesRead,
+        IGasRefunder gasRefunder,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
+    ) external override refundsGas(gasRefunder) {
+        if (!isBatchPoster[msg.sender] && msg.sender != address(rollup)) revert NotBatchPoster();
+        (bytes32 dataHash, TimeBounds memory timeBounds) = formDataHash(
+            data,
+            afterDelayedMessagesRead
         );
-        emit SequencerBatchData(sequenceNumber, data);
+        uint256 seqMessageIndex;
+        {
+            // Reformat the stack to prevent "Stack too deep"
+            uint256 sequenceNumber_ = sequenceNumber;
+            TimeBounds memory timeBounds_ = timeBounds;
+            bytes32 dataHash_ = dataHash;
+            uint256 afterDelayedMessagesRead_ = afterDelayedMessagesRead;
+            uint256 prevMessageCount_ = prevMessageCount;
+            uint256 newMessageCount_ = newMessageCount;
+            // we set the calldata length posted to 0 here since the caller isn't the origin
+            // of the tx, so they might have not paid tx input cost for the calldata
+            bytes32 beforeAcc;
+            bytes32 delayedAcc;
+            bytes32 afterAcc;
+            (seqMessageIndex, beforeAcc, delayedAcc, afterAcc) = addSequencerL2BatchImpl(
+                dataHash_,
+                afterDelayedMessagesRead_,
+                0,
+                prevMessageCount_,
+                newMessageCount_
+            );
+            if (seqMessageIndex != sequenceNumber_ && sequenceNumber_ != ~uint256(0))
+                revert BadSequencerNumber(seqMessageIndex, sequenceNumber_);
+            emit SequencerBatchDelivered(
+                seqMessageIndex,
+                beforeAcc,
+                afterAcc,
+                delayedAcc,
+                totalDelayedMessagesRead,
+                timeBounds_,
+                BatchDataLocation.SeparateBatchEvent
+            );
+        }
+        emit SequencerBatchData(seqMessageIndex, data);
     }
 
     modifier validateBatchData(bytes calldata data) {
@@ -277,7 +357,9 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
     function addSequencerL2BatchImpl(
         bytes32 dataHash,
         uint256 afterDelayedMessagesRead,
-        uint256 calldataLengthPosted
+        uint256 calldataLengthPosted,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
     )
         internal
         returns (
@@ -292,7 +374,9 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
 
         (seqMessageIndex, beforeAcc, delayedAcc, acc) = bridge.enqueueSequencerMessage(
             dataHash,
-            afterDelayedMessagesRead
+            afterDelayedMessagesRead,
+            prevMessageCount,
+            newMessageCount
         );
 
         totalDelayedMessagesRead = afterDelayedMessagesRead;
@@ -317,42 +401,31 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         }
     }
 
-    function inboxAccs(uint256 index) external view override returns (bytes32) {
+    function inboxAccs(uint256 index) external view returns (bytes32) {
         return bridge.sequencerInboxAccs(index);
     }
 
-    function batchCount() external view override returns (uint256) {
+    function batchCount() external view returns (uint256) {
         return bridge.sequencerMessageCount();
     }
 
-    /**
-     * @notice Set max delay for sequencer inbox
-     * @param maxTimeVariation_ the maximum time variation parameters
-     */
+    /// @inheritdoc ISequencerInbox
     function setMaxTimeVariation(ISequencerInbox.MaxTimeVariation memory maxTimeVariation_)
         external
-        override
         onlyRollupOwner
     {
         maxTimeVariation = maxTimeVariation_;
         emit OwnerFunctionCalled(0);
     }
 
-    /**
-     * @notice Updates whether an address is authorized to be a batch poster at the sequencer inbox
-     * @param addr the address
-     * @param isBatchPoster_ if the specified address should be authorized as a batch poster
-     */
-    function setIsBatchPoster(address addr, bool isBatchPoster_) external override onlyRollupOwner {
+    /// @inheritdoc ISequencerInbox
+    function setIsBatchPoster(address addr, bool isBatchPoster_) external onlyRollupOwner {
         isBatchPoster[addr] = isBatchPoster_;
         emit OwnerFunctionCalled(1);
     }
 
-    /**
-     * @notice Makes Data Availability Service keyset valid
-     * @param keysetBytes bytes of the serialized keyset
-     */
-    function setValidKeyset(bytes calldata keysetBytes) external override onlyRollupOwner {
+    /// @inheritdoc ISequencerInbox
+    function setValidKeyset(bytes calldata keysetBytes) external onlyRollupOwner {
         uint256 ksWord = uint256(keccak256(bytes.concat(hex"fe", keccak256(keysetBytes))));
         bytes32 ksHash = bytes32(ksWord ^ (1 << 255));
         require(keysetBytes.length < 64 * 1024, "keyset is too large");
@@ -366,11 +439,8 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         emit OwnerFunctionCalled(2);
     }
 
-    /**
-     * @notice Invalidates a Data Availability Service keyset
-     * @param ksHash hash of the keyset
-     */
-    function invalidateKeysetHash(bytes32 ksHash) external override onlyRollupOwner {
+    /// @inheritdoc ISequencerInbox
+    function invalidateKeysetHash(bytes32 ksHash) external onlyRollupOwner {
         if (!dasKeySetInfo[ksHash].isValidKeyset) revert NoSuchKeyset(ksHash);
         // we don't delete the block creation value since its used to fetch the SetValidKeyset
         // event efficiently. The event provides the hash preimage of the key.
@@ -384,7 +454,7 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
         return dasKeySetInfo[ksHash].isValidKeyset;
     }
 
-    /// @notice the creation block is intended to still be available after a keyset is deleted
+    /// @inheritdoc ISequencerInbox
     function getKeysetCreationBlock(bytes32 ksHash) external view returns (uint256) {
         DasKeySetInfo memory ksInfo = dasKeySetInfo[ksHash];
         if (ksInfo.creationBlock == 0) revert NoSuchKeyset(ksHash);

package/src/challenge/ChallengeManager.sol

@@ -285,15 +285,6 @@ contract ChallengeManager is DelegateCallAware, IChallengeManager {
         return challenges[challengeIndex].current.addr;
     }
 
-    function currentResponderTimeLeft(uint64 challengeIndex)
-        public
-        view
-        override
-        returns (uint256)
-    {
-        return challenges[challengeIndex].current.timeLeft;
-    }
-
     function isTimedOut(uint64 challengeIndex) public view override returns (bool) {
         return challenges[challengeIndex].isTimedOut();
     }

package/src/challenge/IChallengeManager.sol

@@ -67,8 +67,6 @@ interface IChallengeManager {
 
     function isTimedOut(uint64 challengeIndex) external view returns (bool);
 
-    function currentResponderTimeLeft(uint64 challengeIndex_) external view returns (uint256);
-
     function clearChallenge(uint64 challengeIndex_) external;
 
     function timeout(uint64 challengeIndex_) external;

package/src/libraries/AdminFallbackProxy.sol

@@ -87,7 +87,7 @@ abstract contract DoubleLogicERC1967Upgrade is ERC1967Upgrade {
             try IERC1822Proxiable(newImplementation).proxiableUUID() returns (bytes32 slot) {
                 require(
                     slot == _IMPLEMENTATION_SECONDARY_SLOT,
-                    "ERC1967Upgrade: unsupported proxiableUUID"
+                    "ERC1967Upgrade: unsupported secondary proxiableUUID"
                 );
             } catch {
                 revert("ERC1967Upgrade: new secondary implementation is not UUPS");
@@ -132,8 +132,8 @@ contract AdminFallbackProxy is Proxy, DoubleLogicERC1967Upgrade {
         require(msg.data.length >= 4, "NO_FUNC_SIG");
         // if the sender is the proxy's admin, delegate to admin logic
         // if the admin is disabled, all calls will be forwarded to user logic
-        // admin affordances can be disabled by setting to address(1) since
-        // `ERC1697._setAdmin()` doesn't allow address(0) to be set
+        // admin affordances can be disabled by setting to a no-op smart contract
+        // since there is a check for contract code before updating the value
         address target = _getAdmin() != msg.sender
             ? DoubleLogicERC1967Upgrade._getSecondaryImplementation()
             : ERC1967Upgrade._getImplementation();
@@ -144,7 +144,7 @@ contract AdminFallbackProxy is Proxy, DoubleLogicERC1967Upgrade {
 
     /**
      * @dev unlike transparent upgradeable proxies, this does allow the admin to fallback to a logic contract
-     * the admin is expected to interact only with the secondary logic contract, which handles contract
+     * the admin is expected to interact only with the primary logic contract, which handles contract
      * upgrades using the UUPS approach
      */
     function _beforeFallback() internal override {

package/src/libraries/Constants.sol

@@ -8,3 +8,6 @@ pragma solidity ^0.8.4;
 uint256 constant MAX_DATA_SIZE = 117964;
 
 uint64 constant NO_CHAL_INDEX = 0;
+
+// Expected seconds per block in Ethereum PoS
+uint256 constant ETH_POS_BLOCK_TIME = 12;

package/src/libraries/{SecondaryLogicUUPSUpgradeable.sol → DoubleLogicUUPSUpgradeable.sol}

@@ -8,8 +8,9 @@ import {DoubleLogicERC1967Upgrade} from "./AdminFallbackProxy.sol";
 import "@openzeppelin/contracts/proxy/utils/UUPSUpgradeable.sol";
 
 /// @notice An extension to OZ's UUPSUpgradeable contract to be used for handling UUPS upgrades with a DoubleLogicERC1967Upgrade proxy
+///         The should be used in the primary implementation slot of the DoubleLogicUUPS proxy
 /// @dev upgrades should be handles by the primary logic contract in order to pass the `onlyProxy` check
-abstract contract SecondaryLogicUUPSUpgradeable is UUPSUpgradeable, DoubleLogicERC1967Upgrade {
+abstract contract DoubleLogicUUPSUpgradeable is UUPSUpgradeable, DoubleLogicERC1967Upgrade {
     /// @inheritdoc UUPSUpgradeable
     function proxiableUUID() external view override notDelegated returns (bytes32) {
         return _IMPLEMENTATION_SLOT;

package/src/libraries/Error.sol

@@ -96,6 +96,15 @@ error RetryableData(
     bytes data
 );
 
+/// @dev Thrown when a L1 chainId fork is detected
+error L1Forked();
+
+/// @dev Thrown when a L1 chainId fork is not detected
+error NotForked();
+
+/// @dev The provided gasLimit is larger than uint64
+error GasLimitTooLarge();
+
 // Outbox Errors
 
 /// @dev The provided proof was too long
@@ -141,6 +150,9 @@ error NotBatchPoster();
 /// @dev The sequence number provided to this message was inconsistent with the number of batches already included
 error BadSequencerNumber(uint256 stored, uint256 received);
 
+/// @dev The sequence message number provided to this message was inconsistent with the previous one
+error BadSequencerMessageNumber(uint256 stored, uint256 received);
+
 /// @dev The batch data has the inbox authenticated bit set, but the batch data was not authenticated by the inbox
 error DataNotAuthenticated();
 

package/src/libraries/IGasRefunder.sol

@@ -21,14 +21,20 @@ abstract contract GasRefundEnabled {
         uint256 startGasLeft = gasleft();
         _;
         if (address(gasRefunder) != address(0)) {
-            uint256 calldataSize = 0;
+            uint256 calldataSize;
+            assembly {
+                calldataSize := calldatasize()
+            }
+            uint256 calldataWords = (calldataSize + 31) / 32;
+            // account for the CALLDATACOPY cost of the proxy contract, including the memory expansion cost
+            startGasLeft += calldataWords * 6 + (calldataWords**2) / 512;
             // if triggered in a contract call, the spender may be overrefunded by appending dummy data to the call
             // so we check if it is a top level call, which would mean the sender paid calldata as part of tx.input
             // solhint-disable-next-line avoid-tx-origin
-            if (msg.sender == tx.origin) {
-                assembly {
-                    calldataSize := calldatasize()
-                }
+            if (msg.sender != tx.origin) {
+                // We can't be sure if this calldata came from the top level tx,
+                // so to be safe we tell the gas refunder there was no calldata.
+                calldataSize = 0;
             }
             gasRefunder.onGasSpent(payable(msg.sender), startGasLeft - gasleft(), calldataSize);
         }

package/src/libraries/MerkleLib.sol

@@ -33,9 +33,9 @@ library MerkleLib {
         uint256 proofItems = nodes.length;
         if (proofItems > 256) revert MerkleProofTooLong(proofItems, 256);
         bytes32 h = item;
-        for (uint256 i = 0; i < proofItems; i++) {
+        for (uint256 i = 0; i < proofItems; ) {
             bytes32 node = nodes[i];
-            if (route % 2 == 0) {
+            if ((route & (1 << i)) == 0) {
                 assembly {
                     mstore(0x00, h)
                     mstore(0x20, node)
@@ -48,7 +48,9 @@ library MerkleLib {
                     h := keccak256(0x00, 0x40)
                 }
             }
-            route /= 2;
+            unchecked {
+                ++i;
+            }
         }
         return h;
     }