@aztec/ethereum 0.0.0-test.0 → 0.0.1-commit.21caa21

package/dest/deploy_l1_contracts.js

@@ -1,490 +1,1168 @@
+import { L1_TO_L2_MSG_SUBTREE_HEIGHT } from '@aztec/constants';
+import { SlotNumber } from '@aztec/foundation/branded-types';
+import { getActiveNetworkName } from '@aztec/foundation/config';
+import { keccak256String } from '@aztec/foundation/crypto';
 import { EthAddress } from '@aztec/foundation/eth-address';
+import { jsonStringify } from '@aztec/foundation/json-rpc';
 import { createLogger } from '@aztec/foundation/log';
-import { CoinIssuerAbi, CoinIssuerBytecode, ExtRollupLibAbi, ExtRollupLibBytecode, FeeJuicePortalAbi, FeeJuicePortalBytecode, ForwarderAbi, ForwarderBytecode, GovernanceAbi, GovernanceBytecode, GovernanceProposerAbi, GovernanceProposerBytecode, InboxAbi, InboxBytecode, OutboxAbi, OutboxBytecode, RegisterNewRollupVersionPayloadAbi, RegisterNewRollupVersionPayloadBytecode, RegistryAbi, RegistryBytecode, RewardDistributorAbi, RewardDistributorBytecode, RollupAbi, RollupBytecode, RollupLinkReferences, SlashFactoryAbi, SlashFactoryBytecode, TestERC20Abi, TestERC20Bytecode, ValidatorSelectionLibAbi, ValidatorSelectionLibBytecode } from '@aztec/l1-artifacts';
-import { concatHex, createPublicClient, createWalletClient, encodeDeployData, encodeFunctionData, fallback, getAddress, getContract, getContractAddress, http, numberToHex, padHex, publicActions } from 'viem';
-import { mnemonicToAccount, privateKeyToAccount } from 'viem/accounts';
+import { DateProvider } from '@aztec/foundation/timer';
+import { mkdir, writeFile } from 'fs/promises';
+import chunk from 'lodash.chunk';
+import { concatHex, encodeAbiParameters, encodeDeployData, encodeFunctionData, getAddress, getContract, getContractAddress, numberToHex, padHex } from 'viem';
 import { foundry } from 'viem/chains';
 import { isAnvilTestChain } from './chain.js';
+import { createExtendedL1Client } from './client.js';
+import { getEntryQueueConfig, getGovernanceConfiguration, getRewardBoostConfig, getRewardConfig, validateConfig } from './config.js';
+import { GSEContract } from './contracts/gse.js';
+import { deployMulticall3 } from './contracts/multicall.js';
 import { RegistryContract } from './contracts/registry.js';
-import { RollupContract } from './contracts/rollup.js';
-import { L1TxUtils, defaultL1TxUtilsConfig } from './l1_tx_utils.js';
+import { RollupContract, SlashingProposerType } from './contracts/rollup.js';
+import { CoinIssuerArtifact, DateGatedRelayerArtifact, FeeAssetArtifact, FeeAssetHandlerArtifact, GSEArtifact, GovernanceArtifact, GovernanceProposerArtifact, MultiAdderArtifact, RegisterNewRollupVersionPayloadArtifact, RegistryArtifact, RollupArtifact, SlashFactoryArtifact, StakingAssetArtifact, StakingAssetHandlerArtifact, l1ArtifactsVerifiers, mockVerifiers } from './l1_artifacts.js';
+import { createL1TxUtilsFromViemWallet, getL1TxUtilsConfigEnvVars } from './l1_tx_utils/index.js';
+import { formatViemError } from './utils.js';
+import { ZK_PASSPORT_DOMAIN, ZK_PASSPORT_SCOPE, ZK_PASSPORT_VERIFIER_ADDRESS } from './zkPassportVerifierAddress.js';
 export const DEPLOYER_ADDRESS = '0x4e59b44847b379578588920cA78FbF26c0B4956C';
-export const l1Artifacts = {
-    registry: {
-        contractAbi: RegistryAbi,
-        contractBytecode: RegistryBytecode
-    },
-    inbox: {
-        contractAbi: InboxAbi,
-        contractBytecode: InboxBytecode
-    },
-    outbox: {
-        contractAbi: OutboxAbi,
-        contractBytecode: OutboxBytecode
-    },
-    rollup: {
-        contractAbi: RollupAbi,
-        contractBytecode: RollupBytecode,
-        libraries: {
-            linkReferences: RollupLinkReferences,
-            libraryCode: {
-                ValidatorSelectionLib: {
-                    contractAbi: ValidatorSelectionLibAbi,
-                    contractBytecode: ValidatorSelectionLibBytecode
-                },
-                ExtRollupLib: {
-                    contractAbi: ExtRollupLibAbi,
-                    contractBytecode: ExtRollupLibBytecode
-                }
+// Minimal ERC20 ABI for validation purposes. We only read view methods.
+const ERC20_VALIDATION_ABI = [
+    {
+        type: 'function',
+        name: 'totalSupply',
+        stateMutability: 'view',
+        inputs: [],
+        outputs: [
+            {
+                name: '',
+                type: 'uint256'
             }
-        }
-    },
-    stakingAsset: {
-        contractAbi: TestERC20Abi,
-        contractBytecode: TestERC20Bytecode
+        ]
     },
-    feeAsset: {
-        contractAbi: TestERC20Abi,
-        contractBytecode: TestERC20Bytecode
-    },
-    feeJuicePortal: {
-        contractAbi: FeeJuicePortalAbi,
-        contractBytecode: FeeJuicePortalBytecode
-    },
-    rewardDistributor: {
-        contractAbi: RewardDistributorAbi,
-        contractBytecode: RewardDistributorBytecode
-    },
-    coinIssuer: {
-        contractAbi: CoinIssuerAbi,
-        contractBytecode: CoinIssuerBytecode
-    },
-    governanceProposer: {
-        contractAbi: GovernanceProposerAbi,
-        contractBytecode: GovernanceProposerBytecode
-    },
-    governance: {
-        contractAbi: GovernanceAbi,
-        contractBytecode: GovernanceBytecode
+    {
+        type: 'function',
+        name: 'name',
+        stateMutability: 'view',
+        inputs: [],
+        outputs: [
+            {
+                name: '',
+                type: 'string'
+            }
+        ]
     },
-    slashFactory: {
-        contractAbi: SlashFactoryAbi,
-        contractBytecode: SlashFactoryBytecode
+    {
+        type: 'function',
+        name: 'symbol',
+        stateMutability: 'view',
+        inputs: [],
+        outputs: [
+            {
+                name: '',
+                type: 'string'
+            }
+        ]
     },
-    registerNewRollupVersionPayload: {
-        contractAbi: RegisterNewRollupVersionPayloadAbi,
-        contractBytecode: RegisterNewRollupVersionPayloadBytecode
+    {
+        type: 'function',
+        name: 'decimals',
+        stateMutability: 'view',
+        inputs: [],
+        outputs: [
+            {
+                name: '',
+                type: 'uint8'
+            }
+        ]
     }
-};
+];
 /**
- * Creates a wallet and a public viem client for interacting with L1.
- * @param rpcUrls - List of RPC URLs to connect to L1.
- * @param mnemonicOrPrivateKeyOrHdAccount - Mnemonic or account for the wallet client.
- * @param chain - Optional chain spec (defaults to local foundry).
- * @param addressIndex - Optional index of the address to use from the mnemonic.
- * @returns - A wallet and a public client.
- */ export function createL1Clients(rpcUrls, mnemonicOrPrivateKeyOrHdAccount, chain = foundry, addressIndex) {
-    const hdAccount = typeof mnemonicOrPrivateKeyOrHdAccount === 'string' ? mnemonicOrPrivateKeyOrHdAccount.startsWith('0x') ? privateKeyToAccount(mnemonicOrPrivateKeyOrHdAccount) : mnemonicToAccount(mnemonicOrPrivateKeyOrHdAccount, {
-        addressIndex
-    }) : mnemonicOrPrivateKeyOrHdAccount;
-    // From what I can see, this is the difference between the HDAccount and the PrivateKeyAccount
-    // and we don't need it for anything. This lets us use the same type for both.
-    // eslint-disable-next-line camelcase
-    hdAccount.experimental_signAuthorization ??= ()=>{
-        throw new Error('experimental_signAuthorization not implemented for HDAccount');
-    };
-    const walletClient = createWalletClient({
-        account: hdAccount,
-        chain,
-        transport: fallback(rpcUrls.map((url)=>http(url)))
-    }).extend(publicActions);
-    const publicClient = createPublicClient({
-        chain,
-        transport: fallback(rpcUrls.map((url)=>http(url))),
-        pollingInterval: 100
+ * Validates that the provided address points to a contract that resembles an ERC20 token.
+ * Checks for contract code and attempts common ERC20 view calls.
+ * Throws an error if validation fails.
+ */ export async function validateExistingErc20TokenAddress(l1Client, tokenAddress, logger) {
+    const addressString = tokenAddress.toString();
+    // Ensure there is contract code at the address
+    const code = await l1Client.getCode({
+        address: addressString
     });
-    return {
-        walletClient,
-        publicClient
-    };
+    if (!code || code === '0x') {
+        throw new Error(`No contract code found at provided token address ${addressString}`);
+    }
+    const contract = getContract({
+        address: getAddress(addressString),
+        abi: ERC20_VALIDATION_ABI,
+        client: l1Client
+    });
+    // Validate all required ERC20 methods in parallel
+    const checks = [
+        contract.read.totalSupply().then((total)=>typeof total === 'bigint'),
+        contract.read.name().then(()=>true),
+        contract.read.symbol().then(()=>true),
+        contract.read.decimals().then((dec)=>typeof dec === 'number' || typeof dec === 'bigint')
+    ];
+    const results = await Promise.allSettled(checks);
+    const failedChecks = results.filter((result)=>result.status === 'rejected' || result.value !== true);
+    if (failedChecks.length > 0) {
+        throw new Error(`Address ${addressString} does not appear to implement ERC20 view methods`);
+    }
+    logger.verbose(`Validated existing token at ${addressString} appears to be ERC20-compatible`);
 }
-export const deployRollupAndPeriphery = async (clients, args, registryAddress, logger, txUtilsConfig)=>{
-    const deployer = new L1Deployer(clients.walletClient, clients.publicClient, args.salt, args.acceleratedTestDeployments, logger, txUtilsConfig);
-    const addresses = await RegistryContract.collectAddresses(clients.publicClient, registryAddress, 'canonical');
-    const rollup = await deployRollup(clients, deployer, args, addresses, logger);
-    const payloadAddress = await deployUpgradePayload(deployer, {
-        registryAddress: addresses.registryAddress,
-        rollupAddress: EthAddress.fromString(rollup.address)
+export const deploySharedContracts = async (l1Client, deployer, args, logger)=>{
+    const networkName = getActiveNetworkName();
+    logger.info(`Deploying shared contracts for network configuration: ${networkName}`);
+    const txHashes = [];
+    let feeAssetAddress;
+    let stakingAssetAddress;
+    if (args.existingTokenAddress) {
+        await validateExistingErc20TokenAddress(l1Client, args.existingTokenAddress, logger);
+        feeAssetAddress = args.existingTokenAddress;
+        stakingAssetAddress = args.existingTokenAddress;
+        logger.verbose(`Using existing token for fee and staking assets at ${args.existingTokenAddress}`);
+    } else {
+        const deployedFee = await deployer.deploy(FeeAssetArtifact, [
+            'FeeJuice',
+            'FEE',
+            l1Client.account.address
+        ]);
+        feeAssetAddress = deployedFee.address;
+        logger.verbose(`Deployed Fee Asset at ${feeAssetAddress}`);
+        // Mint a tiny bit of tokens to satisfy coin-issuer constraints
+        const { txHash } = await deployer.sendTransaction({
+            to: feeAssetAddress.toString(),
+            data: encodeFunctionData({
+                abi: FeeAssetArtifact.contractAbi,
+                functionName: 'mint',
+                args: [
+                    l1Client.account.address,
+                    1n * 10n ** 18n
+                ]
+            })
+        }, {
+            // contract may not have been deployed yet (CREATE2 returns address before mining),
+            // which causes gas estimation to fail. Hardcode to 100k which is plenty for ERC20 mint.
+            gasLimit: 100_000n
+        });
+        await l1Client.waitForTransactionReceipt({
+            hash: txHash
+        });
+        logger.verbose(`Minted tiny bit of tokens to satisfy coin-issuer constraints in ${txHash}`);
+        const deployedStaking = await deployer.deploy(StakingAssetArtifact, [
+            'Staking',
+            'STK',
+            l1Client.account.address
+        ]);
+        stakingAssetAddress = deployedStaking.address;
+        logger.verbose(`Deployed Staking Asset at ${stakingAssetAddress}`);
+        await deployer.waitForDeployments();
+    }
+    const gseAddress = (await deployer.deploy(GSEArtifact, [
+        l1Client.account.address,
+        stakingAssetAddress.toString(),
+        args.activationThreshold,
+        args.ejectionThreshold
+    ])).address;
+    logger.verbose(`Deployed GSE at ${gseAddress}`);
+    const { address: registryAddress } = await deployer.deploy(RegistryArtifact, [
+        l1Client.account.address,
+        feeAssetAddress.toString()
+    ]);
+    logger.verbose(`Deployed Registry at ${registryAddress}`);
+    const { address: governanceProposerAddress } = await deployer.deploy(GovernanceProposerArtifact, [
+        registryAddress.toString(),
+        gseAddress.toString(),
+        BigInt(args.governanceProposerQuorum ?? args.governanceProposerRoundSize / 2 + 1),
+        BigInt(args.governanceProposerRoundSize)
+    ]);
+    logger.verbose(`Deployed GovernanceProposer at ${governanceProposerAddress}`);
+    // @note @LHerskind the assets are expected to be the same at some point, but for better
+    // configurability they are different for now.
+    const { address: governanceAddress } = await deployer.deploy(GovernanceArtifact, [
+        stakingAssetAddress.toString(),
+        governanceProposerAddress.toString(),
+        gseAddress.toString(),
+        getGovernanceConfiguration(networkName)
+    ]);
+    logger.verbose(`Deployed Governance at ${governanceAddress}`);
+    let needToSetGovernance = false;
+    const existingCode = await l1Client.getCode({
+        address: gseAddress.toString()
     });
-    const slashFactoryAddress = await deploySlashFactory(deployer, rollup.address, logger);
+    if (!existingCode || existingCode === '0x') {
+        needToSetGovernance = true;
+    } else {
+        const gseContract = getContract({
+            address: getAddress(gseAddress.toString()),
+            abi: GSEArtifact.contractAbi,
+            client: l1Client
+        });
+        const existingGovernance = await gseContract.read.getGovernance();
+        if (EthAddress.fromString(existingGovernance).equals(EthAddress.ZERO)) {
+            needToSetGovernance = true;
+        }
+    }
+    if (needToSetGovernance) {
+        const { txHash } = await deployer.sendTransaction({
+            to: gseAddress.toString(),
+            data: encodeFunctionData({
+                abi: GSEArtifact.contractAbi,
+                functionName: 'setGovernance',
+                args: [
+                    governanceAddress.toString()
+                ]
+            })
+        }, {
+            gasLimit: 100_000n
+        });
+        logger.verbose(`Set governance on GSE in ${txHash}`);
+        txHashes.push(txHash);
+    }
+    logger.verbose(`Waiting for deployments to complete`);
+    await deployer.waitForDeployments();
+    const coinIssuerAddress = (await deployer.deploy(CoinIssuerArtifact, [
+        feeAssetAddress.toString(),
+        2n * 10n ** 17n,
+        l1Client.account.address
+    ], {
+        gasLimit: 1_000_000n,
+        noSimulation: true
+    })).address;
+    logger.verbose(`Deployed CoinIssuer at ${coinIssuerAddress}`);
+    logger.verbose(`Waiting for deployments to complete`);
+    await deployer.waitForDeployments();
+    // Registry ownership will be transferred to governance later, after rollup is added
+    let feeAssetHandlerAddress = undefined;
+    let stakingAssetHandlerAddress = undefined;
+    let zkPassportVerifierAddress = undefined;
+    // Only if not on mainnet will we deploy the handlers, and only when we control the token
+    if (l1Client.chain.id !== 1 && !args.existingTokenAddress) {
+        /* -------------------------------------------------------------------------- */ /*                          CHEAT CODES START HERE                            */ /* -------------------------------------------------------------------------- */ const deployedFeeAssetHandler = await deployer.deploy(FeeAssetHandlerArtifact, [
+            l1Client.account.address,
+            feeAssetAddress.toString(),
+            BigInt(1000n * 10n ** 18n)
+        ]);
+        feeAssetHandlerAddress = deployedFeeAssetHandler.address;
+        logger.verbose(`Deployed FeeAssetHandler at ${feeAssetHandlerAddress}`);
+        // Only add as minter if this is a new deployment (not reusing existing handler from failed previous run)
+        if (!deployedFeeAssetHandler.existed) {
+            const { txHash } = await deployer.sendTransaction({
+                to: feeAssetAddress.toString(),
+                data: encodeFunctionData({
+                    abi: FeeAssetArtifact.contractAbi,
+                    functionName: 'addMinter',
+                    args: [
+                        feeAssetHandlerAddress.toString()
+                    ]
+                })
+            });
+            logger.verbose(`Added fee asset handler ${feeAssetHandlerAddress} as minter on fee asset in ${txHash}`);
+            txHashes.push(txHash);
+        }
+        // Only if on sepolia will we deploy the staking asset handler
+        // Should not be deployed to devnet since it would cause caos with sequencers there etc.
+        if ([
+            11155111,
+            foundry.id
+        ].includes(l1Client.chain.id)) {
+            const AMIN = EthAddress.fromString('0x3b218d0F26d15B36C715cB06c949210a0d630637');
+            zkPassportVerifierAddress = await getZkPassportVerifierAddress(deployer, args);
+            const [domain, scope] = getZkPassportScopes(args);
+            const stakingAssetHandlerDeployArgs = {
+                owner: l1Client.account.address,
+                stakingAsset: stakingAssetAddress.toString(),
+                registry: registryAddress.toString(),
+                withdrawer: AMIN.toString(),
+                validatorsToFlush: 16n,
+                mintInterval: BigInt(60 * 60 * 24),
+                depositsPerMint: BigInt(10),
+                depositMerkleRoot: '0x0000000000000000000000000000000000000000000000000000000000000000',
+                zkPassportVerifier: zkPassportVerifierAddress.toString(),
+                unhinged: [
+                    AMIN.toString()
+                ],
+                // Scopes
+                domain: domain,
+                scope: scope,
+                // Skip checks
+                skipBindCheck: args.zkPassportArgs?.mockZkPassportVerifier ?? false,
+                skipMerkleCheck: true
+            };
+            stakingAssetHandlerAddress = (await deployer.deploy(StakingAssetHandlerArtifact, [
+                stakingAssetHandlerDeployArgs
+            ])).address;
+            logger.verbose(`Deployed StakingAssetHandler at ${stakingAssetHandlerAddress}`);
+            const { txHash: stakingMinterTxHash } = await deployer.sendTransaction({
+                to: stakingAssetAddress.toString(),
+                data: encodeFunctionData({
+                    abi: StakingAssetArtifact.contractAbi,
+                    functionName: 'addMinter',
+                    args: [
+                        stakingAssetHandlerAddress.toString()
+                    ]
+                })
+            });
+            logger.verbose(`Added staking asset handler ${stakingAssetHandlerAddress} as minter on staking asset in ${stakingMinterTxHash}`);
+            txHashes.push(stakingMinterTxHash);
+        }
+    }
+    /* -------------------------------------------------------------------------- */ /*                           CHEAT CODES END HERE                             */ /* -------------------------------------------------------------------------- */ logger.verbose(`Waiting for deployments to complete`);
+    await deployer.waitForDeployments();
+    await Promise.all(txHashes.map((txHash)=>l1Client.waitForTransactionReceipt({
+            hash: txHash
+        })));
+    logger.verbose(`Deployed shared contracts`);
+    const registry = new RegistryContract(l1Client, registryAddress);
+    /* -------------------------------------------------------------------------- */ /*                      FUND REWARD DISTRIBUTOR START                         */ /* -------------------------------------------------------------------------- */ const rewardDistributorAddress = await registry.getRewardDistributor();
+    if (!args.existingTokenAddress) {
+        const checkpointReward = getRewardConfig(networkName).checkpointReward;
+        const funding = checkpointReward * 200000n;
+        const { txHash: fundRewardDistributorTxHash } = await deployer.sendTransaction({
+            to: feeAssetAddress.toString(),
+            data: encodeFunctionData({
+                abi: FeeAssetArtifact.contractAbi,
+                functionName: 'mint',
+                args: [
+                    rewardDistributorAddress.toString(),
+                    funding
+                ]
+            })
+        });
+        logger.verbose(`Funded reward distributor with ${funding} fee asset in ${fundRewardDistributorTxHash}`);
+    } else {
+        logger.verbose(`Skipping reward distributor funding as existing token is provided`);
+    }
+    /* -------------------------------------------------------------------------- */ /*                      FUND REWARD DISTRIBUTOR STOP                          */ /* -------------------------------------------------------------------------- */ return {
+        feeAssetAddress,
+        feeAssetHandlerAddress,
+        stakingAssetAddress,
+        stakingAssetHandlerAddress,
+        zkPassportVerifierAddress,
+        registryAddress,
+        gseAddress,
+        governanceAddress,
+        governanceProposerAddress,
+        coinIssuerAddress,
+        rewardDistributorAddress: await registry.getRewardDistributor()
+    };
+};
+const getZkPassportVerifierAddress = async (deployer, args)=>{
+    if (args.zkPassportArgs?.mockZkPassportVerifier) {
+        return (await deployer.deploy(mockVerifiers.mockZkPassportVerifier)).address;
+    }
+    return ZK_PASSPORT_VERIFIER_ADDRESS;
+};
+/**
+ * Get the zk passport scopes - default to testnet values if not provided
+ * @param args - The deployment arguments
+ * @returns The zk passport scopes
+ */ const getZkPassportScopes = (args)=>{
+    const domain = args.zkPassportArgs?.zkPassportDomain ?? ZK_PASSPORT_DOMAIN;
+    const scope = args.zkPassportArgs?.zkPassportScope ?? ZK_PASSPORT_SCOPE;
+    return [
+        domain,
+        scope
+    ];
+};
+/**
+ * Generates verification records for a deployed rollup and its associated contracts (Inbox, Outbox, Slasher, etc).
+ * @param rollup - The deployed rollup contract.
+ * @param deployer - The L1 deployer instance.
+ * @param args - The deployment arguments used for the rollup.
+ * @param addresses - The L1 contract addresses.
+ * @param extendedClient - The extended viem wallet client.
+ * @param logger - The logger.
+ */ async function generateRollupVerificationRecords(rollup, deployer, args, addresses, extendedClient, logger) {
+    try {
+        // Add Inbox / Outbox verification records (constructor args are created inside RollupCore)
+        const rollupAddr = rollup.address;
+        const rollupAddresses = await rollup.getRollupAddresses();
+        const inboxAddr = rollupAddresses.inboxAddress.toString();
+        const outboxAddr = rollupAddresses.outboxAddress.toString();
+        const feeAsset = rollupAddresses.feeJuiceAddress.toString();
+        const version = await rollup.getVersion();
+        const inboxCtor = encodeAbiParameters([
+            {
+                type: 'address'
+            },
+            {
+                type: 'address'
+            },
+            {
+                type: 'uint256'
+            },
+            {
+                type: 'uint256'
+            }
+        ], [
+            rollupAddr,
+            feeAsset,
+            version,
+            BigInt(L1_TO_L2_MSG_SUBTREE_HEIGHT)
+        ]);
+        const outboxCtor = encodeAbiParameters([
+            {
+                type: 'address'
+            },
+            {
+                type: 'uint256'
+            }
+        ], [
+            rollupAddr,
+            version
+        ]);
+        deployer.verificationRecords.push({
+            name: 'Inbox',
+            address: inboxAddr,
+            constructorArgsHex: inboxCtor,
+            libraries: []
+        }, {
+            name: 'Outbox',
+            address: outboxAddr,
+            constructorArgsHex: outboxCtor,
+            libraries: []
+        });
+        // Include Slasher and SlashingProposer (if deployed) in verification data
+        try {
+            const slasherAddrHex = await rollup.getSlasherAddress();
+            const slasherAddr = EthAddress.fromString(slasherAddrHex);
+            if (!slasherAddr.isZero()) {
+                // Slasher constructor: (address _vetoer, address _governance)
+                const slasherCtor = encodeAbiParameters([
+                    {
+                        type: 'address'
+                    },
+                    {
+                        type: 'address'
+                    }
+                ], [
+                    args.slashingVetoer.toString(),
+                    extendedClient.account.address
+                ]);
+                deployer.verificationRecords.push({
+                    name: 'Slasher',
+                    address: slasherAddr.toString(),
+                    constructorArgsHex: slasherCtor,
+                    libraries: []
+                });
+                // Proposer address is stored in Slasher.PROPOSER()
+                const proposerAddr = (await rollup.getSlashingProposerAddress()).toString();
+                // Compute constructor args matching deployment path in RollupCore
+                const computedRoundSize = BigInt(args.slashingRoundSizeInEpochs * args.aztecEpochDuration);
+                const computedQuorum = BigInt(args.slashingQuorum ?? args.slashingRoundSizeInEpochs * args.aztecEpochDuration / 2 + 1);
+                const lifetimeInRounds = BigInt(args.slashingLifetimeInRounds);
+                const executionDelayInRounds = BigInt(args.slashingExecutionDelayInRounds);
+                if (args.slasherFlavor === 'tally') {
+                    const slashAmounts = [
+                        args.slashAmountSmall,
+                        args.slashAmountMedium,
+                        args.slashAmountLarge
+                    ];
+                    const committeeSize = BigInt(args.aztecTargetCommitteeSize);
+                    const epochDuration = BigInt(args.aztecEpochDuration);
+                    const slashOffsetInRounds = BigInt(args.slashingOffsetInRounds);
+                    const proposerCtor = encodeAbiParameters([
+                        {
+                            type: 'address'
+                        },
+                        {
+                            type: 'address'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256[3]'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256'
+                        }
+                    ], [
+                        rollup.address,
+                        slasherAddr.toString(),
+                        computedQuorum,
+                        computedRoundSize,
+                        lifetimeInRounds,
+                        executionDelayInRounds,
+                        slashAmounts,
+                        committeeSize,
+                        epochDuration,
+                        slashOffsetInRounds
+                    ]);
+                    deployer.verificationRecords.push({
+                        name: 'TallySlashingProposer',
+                        address: proposerAddr,
+                        constructorArgsHex: proposerCtor,
+                        libraries: []
+                    });
+                } else if (args.slasherFlavor === 'empire') {
+                    const proposerCtor = encodeAbiParameters([
+                        {
+                            type: 'address'
+                        },
+                        {
+                            type: 'address'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256'
+                        },
+                        {
+                            type: 'uint256'
+                        }
+                    ], [
+                        rollup.address,
+                        slasherAddr.toString(),
+                        computedQuorum,
+                        computedRoundSize,
+                        lifetimeInRounds,
+                        executionDelayInRounds
+                    ]);
+                    deployer.verificationRecords.push({
+                        name: 'EmpireSlashingProposer',
+                        address: proposerAddr,
+                        constructorArgsHex: proposerCtor,
+                        libraries: []
+                    });
+                }
+            }
+        } catch (e) {
+            logger.warn(`Failed to add Slasher/Proposer verification records: ${String(e)}`);
+        }
+    } catch (e) {
+        throw new Error(`Failed to generate rollup verification records: ${String(e)}`);
+    }
+}
+/**
+ * Writes verification records to a JSON file for later forge verify.
+ * @param deployer - The L1 deployer containing verification records.
+ * @param outputDirectory - The directory to write the verification file to.
+ * @param chainId - The chain ID.
+ * @param filenameSuffix - Optional suffix for the filename (e.g., 'upgrade').
+ * @param logger - The logger.
+ */ async function writeVerificationJson(deployer, outputDirectory, chainId, filenameSuffix = '', logger) {
+    try {
+        const date = new Date();
+        const formattedDate = date.toISOString().slice(2, 19).replace(/[-T:]/g, '');
+        // Ensure the verification output directory exists
+        await mkdir(outputDirectory, {
+            recursive: true
+        });
+        const suffix = filenameSuffix ? `-${filenameSuffix}` : '';
+        const verificationOutputPath = `${outputDirectory}/l1-verify${suffix}-${chainId}-${formattedDate.slice(0, 6)}-${formattedDate.slice(6)}.json`;
+        const networkName = getActiveNetworkName();
+        const verificationData = {
+            chainId: chainId,
+            network: networkName,
+            records: deployer.verificationRecords
+        };
+        await writeFile(verificationOutputPath, JSON.stringify(verificationData, null, 2));
+        logger.info(`Wrote L1 verification data to ${verificationOutputPath}`);
+    } catch (e) {
+        logger.warn(`Failed to write L1 verification data file: ${String(e)}`);
+    }
+}
+/**
+ * Deploys a new rollup, using the existing canonical version to derive certain values (addresses of assets etc).
+ * @param clients - The L1 clients.
+ * @param args - The deployment arguments.
+ * @param registryAddress - The address of the registry.
+ * @param logger - The logger.
+ * @param txUtilsConfig - The L1 tx utils config.
+ * @param createVerificationJson - Optional path to write verification data for forge verify.
+ */ export const deployRollupForUpgrade = async (extendedClient, args, registryAddress, logger, txUtilsConfig, createVerificationJson = false)=>{
+    const deployer = new L1Deployer(extendedClient, args.salt, undefined, args.acceleratedTestDeployments, logger, txUtilsConfig, !!createVerificationJson);
+    const addresses = await RegistryContract.collectAddresses(extendedClient, registryAddress, 'canonical');
+    const { rollup, slashFactoryAddress } = await deployRollup(extendedClient, deployer, args, addresses, logger);
     await deployer.waitForDeployments();
+    // Write verification data (constructor args + linked libraries) to file for later forge verify
+    if (createVerificationJson) {
+        await generateRollupVerificationRecords(rollup, deployer, args, addresses, extendedClient, logger);
+        await writeVerificationJson(deployer, createVerificationJson, extendedClient.chain.id, 'upgrade', logger);
+    }
     return {
         rollup,
-        payloadAddress,
         slashFactoryAddress
     };
 };
 export const deploySlashFactory = async (deployer, rollupAddress, logger)=>{
-    const slashFactoryAddress = await deployer.deploy(l1Artifacts.slashFactory, [
+    const slashFactoryAddress = (await deployer.deploy(SlashFactoryArtifact, [
         rollupAddress
-    ]);
+    ])).address;
     logger.verbose(`Deployed SlashFactory at ${slashFactoryAddress}`);
     return slashFactoryAddress;
 };
 export const deployUpgradePayload = async (deployer, addresses)=>{
-    const payloadAddress = await deployer.deploy(l1Artifacts.registerNewRollupVersionPayload, [
+    const payloadAddress = (await deployer.deploy(RegisterNewRollupVersionPayloadArtifact, [
         addresses.registryAddress.toString(),
         addresses.rollupAddress.toString()
-    ]);
+    ])).address;
     return payloadAddress;
 };
-export const deployRollup = async (clients, deployer, args, addresses, logger)=>{
+function slasherFlavorToSolidityEnum(flavor) {
+    switch(flavor){
+        case 'none':
+            return SlashingProposerType.None.valueOf();
+        case 'tally':
+            return SlashingProposerType.Tally.valueOf();
+        case 'empire':
+            return SlashingProposerType.Empire.valueOf();
+        default:
+            {
+                const _ = flavor;
+                throw new Error(`Unexpected slasher flavor ${flavor}`);
+            }
+    }
+}
+/**
+ * Deploys a new rollup contract, funds and initializes the fee juice portal, and initializes the validator set.
+ */ export const deployRollup = async (extendedClient, deployer, args, addresses, logger)=>{
+    if (!addresses.gseAddress) {
+        throw new Error('GSE address is required when deploying');
+    }
+    const networkName = getActiveNetworkName();
+    logger.info(`Deploying rollup using network configuration: ${networkName}`);
+    const txHashes = [];
+    let epochProofVerifier = EthAddress.ZERO;
+    if (args.realVerifier) {
+        epochProofVerifier = (await deployer.deploy(l1ArtifactsVerifiers.honkVerifier)).address;
+        logger.verbose(`Rollup will use the real verifier at ${epochProofVerifier}`);
+    } else {
+        epochProofVerifier = (await deployer.deploy(mockVerifiers.mockVerifier)).address;
+        logger.verbose(`Rollup will use the mock verifier at ${epochProofVerifier}`);
+    }
+    const rewardConfig = {
+        ...getRewardConfig(networkName),
+        rewardDistributor: addresses.rewardDistributorAddress.toString()
+    };
     const rollupConfigArgs = {
-        aztecSlotDuration: args.aztecSlotDuration,
-        aztecEpochDuration: args.aztecEpochDuration,
-        targetCommitteeSize: args.aztecTargetCommitteeSize,
-        aztecProofSubmissionWindow: args.aztecProofSubmissionWindow,
-        minimumStake: args.minimumStake,
-        slashingQuorum: args.slashingQuorum,
-        slashingRoundSize: args.slashingRoundSize
+        aztecSlotDuration: BigInt(args.aztecSlotDuration),
+        aztecEpochDuration: BigInt(args.aztecEpochDuration),
+        targetCommitteeSize: BigInt(args.aztecTargetCommitteeSize),
+        lagInEpochsForValidatorSet: BigInt(args.lagInEpochsForValidatorSet),
+        lagInEpochsForRandao: BigInt(args.lagInEpochsForRandao),
+        aztecProofSubmissionEpochs: BigInt(args.aztecProofSubmissionEpochs),
+        slashingQuorum: BigInt(args.slashingQuorum ?? args.slashingRoundSizeInEpochs * args.aztecEpochDuration / 2 + 1),
+        slashingRoundSize: BigInt(args.slashingRoundSizeInEpochs * args.aztecEpochDuration),
+        slashingLifetimeInRounds: BigInt(args.slashingLifetimeInRounds),
+        slashingExecutionDelayInRounds: BigInt(args.slashingExecutionDelayInRounds),
+        slashingVetoer: args.slashingVetoer.toString(),
+        manaTarget: args.manaTarget,
+        provingCostPerMana: args.provingCostPerMana,
+        rewardConfig: rewardConfig,
+        version: 0,
+        rewardBoostConfig: getRewardBoostConfig(),
+        stakingQueueConfig: getEntryQueueConfig(networkName),
+        exitDelaySeconds: BigInt(args.exitDelaySeconds),
+        slasherFlavor: slasherFlavorToSolidityEnum(args.slasherFlavor),
+        slashingOffsetInRounds: BigInt(args.slashingOffsetInRounds),
+        slashAmounts: [
+            args.slashAmountSmall,
+            args.slashAmountMedium,
+            args.slashAmountLarge
+        ],
+        localEjectionThreshold: args.localEjectionThreshold,
+        slashingDisableDuration: BigInt(args.slashingDisableDuration ?? 0n),
+        earliestRewardsClaimableTimestamp: 0n
     };
     const genesisStateArgs = {
         vkTreeRoot: args.vkTreeRoot.toString(),
-        protocolContractTreeRoot: args.protocolContractTreeRoot.toString(),
-        genesisArchiveRoot: args.genesisArchiveRoot.toString(),
-        genesisBlockHash: args.genesisBlockHash.toString()
+        protocolContractsHash: args.protocolContractsHash.toString(),
+        genesisArchiveRoot: args.genesisArchiveRoot.toString()
     };
+    // Until there is an actual chain-id for the version, we will just draw a random value.
+    // TODO(https://linear.app/aztec-labs/issue/TMNT-139/version-at-deployment)
+    rollupConfigArgs.version = Buffer.from(keccak256String(jsonStringify({
+        rollupConfigArgs,
+        genesisStateArgs
+    }))).readUint32BE(0);
     logger.verbose(`Rollup config args`, rollupConfigArgs);
     const rollupArgs = [
-        addresses.feeJuicePortalAddress.toString(),
-        addresses.rewardDistributorAddress.toString(),
+        addresses.feeJuiceAddress.toString(),
         addresses.stakingAssetAddress.toString(),
-        clients.walletClient.account.address.toString(),
+        addresses.gseAddress.toString(),
+        epochProofVerifier.toString(),
+        extendedClient.account.address,
         genesisStateArgs,
         rollupConfigArgs
     ];
-    const rollupAddress = await deployer.deploy(l1Artifacts.rollup, rollupArgs);
-    logger.verbose(`Deployed Rollup at ${rollupAddress}`, rollupConfigArgs);
+    const { address: rollupAddress, existed: rollupExisted } = await deployer.deploy(RollupArtifact, rollupArgs, {
+        gasLimit: 15_000_000n
+    });
+    logger.verbose(`Deployed Rollup at ${rollupAddress}, already existed: ${rollupExisted}`, rollupConfigArgs);
+    const rollupContract = new RollupContract(extendedClient, rollupAddress);
     await deployer.waitForDeployments();
     logger.verbose(`All core contracts have been deployed`);
-    const rollup = getContract({
-        address: getAddress(rollupAddress.toString()),
-        abi: l1Artifacts.rollup.contractAbi,
-        client: clients.walletClient
+    if (args.feeJuicePortalInitialBalance && args.feeJuicePortalInitialBalance > 0n) {
+        // Skip funding when using an external token, as we likely don't have mint permissions
+        if (!('existingTokenAddress' in args) || !args.existingTokenAddress) {
+            const feeJuicePortalAddress = await rollupContract.getFeeJuicePortal();
+            // In fast mode, use the L1TxUtils to send transactions with nonce management
+            const { txHash: mintTxHash } = await deployer.sendTransaction({
+                to: addresses.feeJuiceAddress.toString(),
+                data: encodeFunctionData({
+                    abi: FeeAssetArtifact.contractAbi,
+                    functionName: 'mint',
+                    args: [
+                        feeJuicePortalAddress.toString(),
+                        args.feeJuicePortalInitialBalance
+                    ]
+                })
+            });
+            logger.verbose(`Funding fee juice portal with ${args.feeJuicePortalInitialBalance} fee juice in ${mintTxHash} (accelerated test deployments)`);
+            txHashes.push(mintTxHash);
+        } else {
+            logger.verbose('Skipping fee juice portal funding due to external token usage');
+        }
+    }
+    const slashFactoryAddress = (await deployer.deploy(SlashFactoryArtifact, [
+        rollupAddress.toString()
+    ])).address;
+    logger.verbose(`Deployed SlashFactory at ${slashFactoryAddress}`);
+    // We need to call a function on the registry to set the various contract addresses.
+    const registryContract = getContract({
+        address: getAddress(addresses.registryAddress.toString()),
+        abi: RegistryArtifact.contractAbi,
+        client: extendedClient
     });
-    const txHashes = [];
-    if (args.initialValidators && args.initialValidators.length > 0) {
-        // Check if some of the initial validators are already registered, so we support idempotent deployments
-        let newValidatorsAddresses = args.initialValidators.map((v)=>v.toString());
-        if (!args.acceleratedTestDeployments) {
-            const validatorsInfo = await Promise.all(args.initialValidators.map(async (address)=>({
-                    address,
-                    ...await rollup.read.getInfo([
-                        address.toString()
-                    ])
-                })));
-            const existingValidators = validatorsInfo.filter((v)=>v.status !== 0);
-            if (existingValidators.length > 0) {
-                logger.warn(`Validators ${existingValidators.map((v)=>v.address).join(', ')} already exist. Skipping from initialization.`);
-            }
-            newValidatorsAddresses = validatorsInfo.filter((v)=>v.status === 0).map((v)=>v.address.toString());
+    // Only if we are the owner will we be sending these transactions
+    if (await registryContract.read.owner() === getAddress(extendedClient.account.address)) {
+        const version = await rollupContract.getVersion();
+        try {
+            const retrievedRollupAddress = await registryContract.read.getRollup([
+                version
+            ]);
+            logger.verbose(`Rollup ${retrievedRollupAddress} already exists in registry`);
+        } catch  {
+            const { txHash: addRollupTxHash } = await deployer.sendTransaction({
+                to: addresses.registryAddress.toString(),
+                data: encodeFunctionData({
+                    abi: RegistryArtifact.contractAbi,
+                    functionName: 'addRollup',
+                    args: [
+                        getAddress(rollupContract.address)
+                    ]
+                })
+            });
+            logger.verbose(`Adding rollup ${rollupContract.address} to registry ${addresses.registryAddress} in tx ${addRollupTxHash}`);
+            txHashes.push(addRollupTxHash);
         }
-        if (newValidatorsAddresses.length > 0) {
-            // Mint tokens, approve them, use cheat code to initialise validator set without setting up the epoch.
-            const stakeNeeded = args.minimumStake * BigInt(newValidatorsAddresses.length);
-            await Promise.all([
-                await deployer.sendTransaction({
-                    to: addresses.stakingAssetAddress.toString(),
-                    data: encodeFunctionData({
-                        abi: l1Artifacts.stakingAsset.contractAbi,
-                        functionName: 'mint',
-                        args: [
-                            clients.walletClient.account.address,
-                            stakeNeeded
-                        ]
-                    })
-                }),
-                await deployer.sendTransaction({
-                    to: addresses.stakingAssetAddress.toString(),
-                    data: encodeFunctionData({
-                        abi: l1Artifacts.stakingAsset.contractAbi,
-                        functionName: 'approve',
-                        args: [
-                            rollupAddress.toString(),
-                            stakeNeeded
-                        ]
-                    })
+    } else {
+        logger.verbose(`Not the owner of the registry, skipping rollup addition`);
+    }
+    // We need to call a function on the registry to set the various contract addresses.
+    const gseContract = getContract({
+        address: getAddress(addresses.gseAddress.toString()),
+        abi: GSEArtifact.contractAbi,
+        client: extendedClient
+    });
+    if (await gseContract.read.owner() === getAddress(extendedClient.account.address)) {
+        if (!await gseContract.read.isRollupRegistered([
+            rollupContract.address
+        ])) {
+            const { txHash: addRollupTxHash } = await deployer.sendTransaction({
+                to: addresses.gseAddress.toString(),
+                data: encodeFunctionData({
+                    abi: GSEArtifact.contractAbi,
+                    functionName: 'addRollup',
+                    args: [
+                        getAddress(rollupContract.address)
+                    ]
                 })
-            ].map((tx)=>clients.publicClient.waitForTransactionReceipt({
-                    hash: tx.txHash
-                })));
-            const validators = newValidatorsAddresses.map((v)=>({
-                    attester: v,
-                    proposer: getExpectedAddress(ForwarderAbi, ForwarderBytecode, [
-                        v
-                    ], v).address,
-                    withdrawer: v,
-                    amount: args.minimumStake
-                }));
-            // const initiateValidatorSetTxHash = await rollup.write.cheat__InitialiseValidatorSet([validators]);
-            const initiateValidatorSetTxHash = await deployer.walletClient.writeContract({
-                address: rollupAddress.toString(),
-                abi: l1Artifacts.rollup.contractAbi,
-                functionName: 'cheat__InitialiseValidatorSet',
-                args: [
-                    validators
-                ]
             });
-            txHashes.push(initiateValidatorSetTxHash);
-            logger.info(`Initialized validator set`, {
-                validators,
-                txHash: initiateValidatorSetTxHash
+            logger.verbose(`Adding rollup ${rollupContract.address} to GSE ${addresses.gseAddress} in tx ${addRollupTxHash}`);
+            // wait for this tx to land in case we have to register initialValidators
+            await extendedClient.waitForTransactionReceipt({
+                hash: addRollupTxHash
             });
+        } else {
+            logger.verbose(`Rollup ${rollupContract.address} is already registered in GSE ${addresses.gseAddress}`);
         }
+    } else {
+        logger.verbose(`Not the owner of the gse, skipping rollup addition`);
     }
-    await Promise.all(txHashes.map((txHash)=>clients.publicClient.waitForTransactionReceipt({
-            hash: txHash
-        })));
-    return new RollupContract(clients.publicClient, rollupAddress);
-};
-/**
- * Deploys the aztec L1 contracts; Rollup & (optionally) Decoder Helper.
- * @param rpcUrls - List of URLs of the ETH RPC to use for deployment.
- * @param account - Private Key or HD Account that will deploy the contracts.
- * @param chain - The chain instance to deploy to.
- * @param logger - A logger object.
- * @param args - Arguments for initialization of L1 contracts
- * @returns A list of ETH addresses of the deployed contracts.
- */ export const deployL1Contracts = async (rpcUrls, account, chain, logger, args, txUtilsConfig = defaultL1TxUtilsConfig)=>{
-    const clients = createL1Clients(rpcUrls, account, chain);
-    const { walletClient, publicClient } = clients;
-    // We are assuming that you are running this on a local anvil node which have 1s block times
-    // To align better with actual deployment, we update the block interval to 12s
-    const rpcCall = async (method, params)=>{
-        logger.info(`Calling ${method} with params: ${JSON.stringify(params)}`);
-        return await publicClient.transport.request({
-            method,
-            params
+    const activeAttestorCount = await rollupContract.getActiveAttesterCount();
+    const queuedAttestorCount = await rollupContract.getEntryQueueLength();
+    logger.info(`Rollup has ${activeAttestorCount} active attestors and ${queuedAttestorCount} queued attestors`);
+    const shouldAddValidators = activeAttestorCount === 0n && queuedAttestorCount === 0n;
+    if (args.initialValidators && shouldAddValidators && await gseContract.read.isRollupRegistered([
+        rollupContract.address
+    ])) {
+        await addMultipleValidators(extendedClient, deployer, addresses.gseAddress.toString(), rollupAddress.toString(), addresses.stakingAssetAddress.toString(), args.initialValidators, args.acceleratedTestDeployments, logger);
+    }
+    // If the owner is not the Governance contract, transfer ownership to the Governance contract
+    logger.verbose(addresses.governanceAddress.toString());
+    if (getAddress(await rollupContract.getOwner()) !== getAddress(addresses.governanceAddress.toString())) {
+        // TODO(md): add send transaction to the deployer such that we do not need to manage tx hashes here
+        const { txHash: transferOwnershipTxHash } = await deployer.sendTransaction({
+            to: rollupContract.address,
+            data: encodeFunctionData({
+                abi: RegistryArtifact.contractAbi,
+                functionName: 'transferOwnership',
+                args: [
+                    getAddress(addresses.governanceAddress.toString())
+                ]
+            })
         });
-    };
-    if (isAnvilTestChain(chain.id)) {
-        try {
-            await rpcCall('anvil_setBlockTimestampInterval', [
-                args.ethereumSlotDuration
-            ]);
-            logger.warn(`Set block interval to ${args.ethereumSlotDuration}`);
-        } catch (e) {
-            logger.error(`Error setting block interval: ${e}`);
-        }
+        logger.verbose(`Transferring the ownership of the rollup contract at ${rollupContract.address} to the Governance ${addresses.governanceAddress} in tx ${transferOwnershipTxHash}`);
+        txHashes.push(transferOwnershipTxHash);
     }
-    logger.verbose(`Deploying contracts from ${account.address.toString()}`);
-    // Governance stuff
-    const deployer = new L1Deployer(walletClient, publicClient, args.salt, args.acceleratedTestDeployments, logger, txUtilsConfig);
-    const registryAddress = await deployer.deploy(l1Artifacts.registry, [
-        account.address.toString()
-    ]);
-    logger.verbose(`Deployed Registry at ${registryAddress}`);
-    const feeAssetAddress = await deployer.deploy(l1Artifacts.feeAsset, [
-        'FeeJuice',
-        'FEE',
-        account.address.toString()
-    ]);
-    logger.verbose(`Deployed Fee Juice at ${feeAssetAddress}`);
-    const stakingAssetAddress = await deployer.deploy(l1Artifacts.stakingAsset, [
-        'Staking',
-        'STK',
-        account.address.toString()
-    ]);
-    logger.verbose(`Deployed Staking Asset at ${stakingAssetAddress}`);
-    const governanceProposerAddress = await deployer.deploy(l1Artifacts.governanceProposer, [
-        registryAddress.toString(),
-        args.governanceProposerQuorum,
-        args.governanceProposerRoundSize
-    ]);
-    logger.verbose(`Deployed GovernanceProposer at ${governanceProposerAddress}`);
-    // @note @LHerskind the assets are expected to be the same at some point, but for better
-    // configurability they are different for now.
-    const governanceAddress = await deployer.deploy(l1Artifacts.governance, [
-        feeAssetAddress.toString(),
-        governanceProposerAddress.toString()
-    ]);
-    logger.verbose(`Deployed Governance at ${governanceAddress}`);
-    const coinIssuerAddress = await deployer.deploy(l1Artifacts.coinIssuer, [
-        feeAssetAddress.toString(),
-        1n * 10n ** 18n,
-        governanceAddress.toString()
-    ]);
-    logger.verbose(`Deployed CoinIssuer at ${coinIssuerAddress}`);
-    const rewardDistributorAddress = await deployer.deploy(l1Artifacts.rewardDistributor, [
-        feeAssetAddress.toString(),
-        registryAddress.toString(),
-        governanceAddress.toString()
-    ]);
-    logger.verbose(`Deployed RewardDistributor at ${rewardDistributorAddress}`);
-    const feeJuicePortalAddress = await deployer.deploy(l1Artifacts.feeJuicePortal, [
-        registryAddress.toString(),
-        feeAssetAddress.toString(),
-        args.l2FeeJuiceAddress.toString()
-    ]);
-    logger.verbose(`Deployed Fee Juice Portal at ${feeJuicePortalAddress}`);
-    logger.verbose(`Waiting for governance contracts to be deployed`);
     await deployer.waitForDeployments();
-    logger.verbose(`All governance contracts deployed`);
-    const feeJuicePortal = getContract({
-        address: feeJuicePortalAddress.toString(),
-        abi: l1Artifacts.feeJuicePortal.contractAbi,
-        client: walletClient
+    await Promise.all(txHashes.map((txHash)=>extendedClient.waitForTransactionReceipt({
+            hash: txHash
+        })));
+    logger.verbose(`Rollup deployed`);
+    return {
+        rollup: rollupContract,
+        slashFactoryAddress
+    };
+};
+export const handoverToGovernance = async (extendedClient, deployer, registryAddress, gseAddress, coinIssuerAddress, feeAssetAddress, governanceAddress, logger, acceleratedTestDeployments, useExternalToken = false)=>{
+    // We need to call a function on the registry to set the various contract addresses.
+    const registryContract = getContract({
+        address: getAddress(registryAddress.toString()),
+        abi: RegistryArtifact.contractAbi,
+        client: extendedClient
+    });
+    const gseContract = getContract({
+        address: getAddress(gseAddress.toString()),
+        abi: GSEArtifact.contractAbi,
+        client: extendedClient
+    });
+    const coinIssuerContract = getContract({
+        address: getAddress(coinIssuerAddress.toString()),
+        abi: CoinIssuerArtifact.contractAbi,
+        client: extendedClient
     });
     const feeAsset = getContract({
-        address: feeAssetAddress.toString(),
-        abi: l1Artifacts.feeAsset.contractAbi,
-        client: walletClient
+        address: getAddress(feeAssetAddress.toString()),
+        abi: FeeAssetArtifact.contractAbi,
+        client: extendedClient
     });
-    // Transaction hashes to await
     const txHashes = [];
-    if (args.acceleratedTestDeployments || !await feeAsset.read.freeForAll()) {
-        const { txHash } = await deployer.sendTransaction({
-            to: feeAssetAddress.toString(),
+    // If the owner is not the Governance contract, transfer ownership to the Governance contract
+    if (acceleratedTestDeployments || await registryContract.read.owner() !== getAddress(governanceAddress.toString())) {
+        // TODO(md): add send transaction to the deployer such that we do not need to manage tx hashes here
+        const { txHash: transferOwnershipTxHash } = await deployer.sendTransaction({
+            to: registryAddress.toString(),
             data: encodeFunctionData({
-                abi: l1Artifacts.feeAsset.contractAbi,
-                functionName: 'setFreeForAll',
+                abi: RegistryArtifact.contractAbi,
+                functionName: 'transferOwnership',
                 args: [
-                    true
+                    getAddress(governanceAddress.toString())
                 ]
             })
         });
-        logger.verbose(`Fee asset set to free for all in ${txHash}`);
-        txHashes.push(txHash);
+        logger.verbose(`Transferring the ownership of the registry contract at ${registryAddress} to the Governance ${governanceAddress} in tx ${transferOwnershipTxHash}`);
+        txHashes.push(transferOwnershipTxHash);
     }
-    if (args.acceleratedTestDeployments || await feeAsset.read.owner() !== getAddress(coinIssuerAddress.toString())) {
-        const { txHash } = await deployer.sendTransaction({
-            to: feeAssetAddress.toString(),
+    // If the owner is not the Governance contract, transfer ownership to the Governance contract
+    if (acceleratedTestDeployments || await gseContract.read.owner() !== getAddress(governanceAddress.toString())) {
+        // TODO(md): add send transaction to the deployer such that we do not need to manage tx hashes here
+        const { txHash: transferOwnershipTxHash } = await deployer.sendTransaction({
+            to: gseContract.address,
             data: encodeFunctionData({
-                abi: l1Artifacts.feeAsset.contractAbi,
+                abi: GSEArtifact.contractAbi,
                 functionName: 'transferOwnership',
                 args: [
-                    coinIssuerAddress.toString()
+                    getAddress(governanceAddress.toString())
                 ]
             })
         });
-        logger.verbose(`Fee asset transferred ownership to coin issuer in ${txHash}`);
-        txHashes.push(txHash);
-    }
-    // @note  This value MUST match what is in `constants.nr`. It is currently specified here instead of just importing
-    //        because there is circular dependency hell. This is a temporary solution. #3342
-    // @todo  #8084
-    // fund the portal contract with Fee Juice
-    const FEE_JUICE_INITIAL_MINT = 200000000000000000000000n;
-    // In fast mode, use the L1TxUtils to send transactions with nonce management
-    const { txHash: mintTxHash } = await deployer.sendTransaction({
-        to: feeAssetAddress.toString(),
-        data: encodeFunctionData({
-            abi: l1Artifacts.feeAsset.contractAbi,
-            functionName: 'mint',
-            args: [
-                feeJuicePortalAddress.toString(),
-                FEE_JUICE_INITIAL_MINT
-            ]
-        })
-    });
-    logger.verbose(`Funding fee juice portal contract with fee juice in ${mintTxHash} (accelerated test deployments)`);
-    txHashes.push(mintTxHash);
-    // @note  This is used to ensure we fully wait for the transaction when running against a real chain
-    //        otherwise we execute subsequent transactions too soon
-    if (!args.acceleratedTestDeployments) {
-        await publicClient.waitForTransactionReceipt({
-            hash: mintTxHash
-        });
-        logger.verbose(`Funding fee juice portal contract with fee juice in ${mintTxHash}`);
-    }
-    // Check if portal needs initialization
-    let needsInitialization = args.acceleratedTestDeployments;
-    if (!args.acceleratedTestDeployments) {
-        // Only check if not in fast mode and not already known to need initialization
-        needsInitialization = !await feeJuicePortal.read.initialized();
+        logger.verbose(`Transferring the ownership of the gse contract at ${gseAddress} to the Governance ${governanceAddress} in tx ${transferOwnershipTxHash}`);
+        txHashes.push(transferOwnershipTxHash);
     }
-    if (needsInitialization) {
-        const { txHash: initPortalTxHash } = await deployer.sendTransaction({
-            to: feeJuicePortalAddress.toString(),
+    if (!useExternalToken && (acceleratedTestDeployments || await feeAsset.read.owner() !== coinIssuerAddress.toString())) {
+        const { txHash } = await deployer.sendTransaction({
+            to: feeAssetAddress.toString(),
             data: encodeFunctionData({
-                abi: l1Artifacts.feeJuicePortal.contractAbi,
-                functionName: 'initialize',
-                args: []
+                abi: FeeAssetArtifact.contractAbi,
+                functionName: 'transferOwnership',
+                args: [
+                    coinIssuerAddress.toString()
+                ]
             })
+        }, {
+            gasLimit: 500_000n
         });
-        txHashes.push(initPortalTxHash);
-        logger.verbose(`Fee juice portal initializing in tx ${initPortalTxHash}`);
-    } else {
-        logger.verbose(`Fee juice portal is already initialized`);
-    }
-    logger.verbose(`Initialized Fee Juice Portal at ${feeJuicePortalAddress} to bridge between L1 ${feeAssetAddress} to L2 ${args.l2FeeJuiceAddress}`);
-    const rollup = await deployRollup({
-        walletClient,
-        publicClient
-    }, deployer, args, {
-        feeJuicePortalAddress,
-        rewardDistributorAddress,
-        stakingAssetAddress
-    }, logger);
-    const slashFactoryAddress = await deploySlashFactory(deployer, rollup.address, logger);
-    logger.verbose('Waiting for rollup and slash factory to be deployed');
-    await deployer.waitForDeployments();
-    logger.verbose(`Rollup and slash factory deployed`);
-    // We need to call a function on the registry to set the various contract addresses.
-    const registryContract = getContract({
-        address: getAddress(registryAddress.toString()),
-        abi: l1Artifacts.registry.contractAbi,
-        client: walletClient
-    });
-    if (args.acceleratedTestDeployments || !await registryContract.read.isRollupRegistered([
-        getAddress(rollup.address.toString())
-    ])) {
-        const { txHash: upgradeTxHash } = await deployer.sendTransaction({
-            to: registryAddress.toString(),
+        logger.verbose(`Transfer ownership of fee asset to coin issuer ${coinIssuerAddress} in ${txHash}`);
+        txHashes.push(txHash);
+        const { txHash: acceptTokenOwnershipTxHash } = await deployer.sendTransaction({
+            to: coinIssuerAddress.toString(),
             data: encodeFunctionData({
-                abi: l1Artifacts.registry.contractAbi,
-                functionName: 'upgrade',
-                args: [
-                    getAddress(rollup.address.toString())
-                ]
+                abi: CoinIssuerArtifact.contractAbi,
+                functionName: 'acceptTokenOwnership'
             })
+        }, {
+            gasLimit: 500_000n
         });
-        logger.verbose(`Upgrading registry contract at ${registryAddress} to rollup ${rollup.address} in tx ${upgradeTxHash}`);
-        txHashes.push(upgradeTxHash);
-    } else {
-        logger.verbose(`Registry ${registryAddress} has already registered rollup ${rollup.address}`);
+        logger.verbose(`Accept ownership of fee asset in ${acceptTokenOwnershipTxHash}`);
+        txHashes.push(acceptTokenOwnershipTxHash);
+    } else if (useExternalToken) {
+        logger.verbose('Skipping fee asset ownership transfer due to external token usage');
     }
+    // Either deploy or at least predict the address of the date gated relayer
+    const dateGatedRelayer = await deployer.deploy(DateGatedRelayerArtifact, [
+        governanceAddress.toString(),
+        1798761600n
+    ]);
     // If the owner is not the Governance contract, transfer ownership to the Governance contract
-    if (args.acceleratedTestDeployments || await registryContract.read.owner() !== getAddress(governanceAddress.toString())) {
-        // TODO(md): add send transaction to the deployer such that we do not need to manage tx hashes here
+    if (acceleratedTestDeployments || await coinIssuerContract.read.owner() === deployer.client.account.address) {
         const { txHash: transferOwnershipTxHash } = await deployer.sendTransaction({
-            to: registryAddress.toString(),
+            to: coinIssuerContract.address,
             data: encodeFunctionData({
-                abi: l1Artifacts.registry.contractAbi,
+                abi: CoinIssuerArtifact.contractAbi,
                 functionName: 'transferOwnership',
                 args: [
-                    getAddress(governanceAddress.toString())
+                    getAddress(dateGatedRelayer.address.toString())
                 ]
             })
         });
-        logger.verbose(`Transferring the ownership of the registry contract at ${registryAddress} to the Governance ${governanceAddress} in tx ${transferOwnershipTxHash}`);
+        logger.verbose(`Transferring the ownership of the coin issuer contract at ${coinIssuerAddress} to the DateGatedRelayer ${dateGatedRelayer.address} in tx ${transferOwnershipTxHash}`);
         txHashes.push(transferOwnershipTxHash);
     }
     // Wait for all actions to be mined
-    await Promise.all(txHashes.map((txHash)=>publicClient.waitForTransactionReceipt({
+    await deployer.waitForDeployments();
+    await Promise.all(txHashes.map((txHash)=>extendedClient.waitForTransactionReceipt({
             hash: txHash
         })));
+    return {
+        dateGatedRelayerAddress: dateGatedRelayer.address
+    };
+};
+/*
+ * Adds multiple validators to the rollup
+ *
+ * @param extendedClient - The L1 clients.
+ * @param deployer - The L1 deployer.
+ * @param rollupAddress - The address of the rollup.
+ * @param stakingAssetAddress - The address of the staking asset.
+ * @param validators - The validators to initialize.
+ * @param acceleratedTestDeployments - Whether to use accelerated test deployments.
+ * @param logger - The logger.
+ */ export const addMultipleValidators = async (extendedClient, deployer, gseAddress, rollupAddress, stakingAssetAddress, validators, acceleratedTestDeployments, logger)=>{
+    const rollup = new RollupContract(extendedClient, rollupAddress);
+    const activationThreshold = await rollup.getActivationThreshold();
+    if (validators && validators.length > 0) {
+        // Check if some of the initial validators are already registered, so we support idempotent deployments
+        if (!acceleratedTestDeployments) {
+            const enrichedValidators = await Promise.all(validators.map(async (operator)=>({
+                    operator,
+                    status: await rollup.getStatus(operator.attester)
+                })));
+            const existingValidators = enrichedValidators.filter((v)=>v.status !== 0);
+            if (existingValidators.length > 0) {
+                logger.warn(`Validators ${existingValidators.map((v)=>v.operator.attester).join(', ')} already exist. Skipping from initialization.`);
+            }
+            validators = enrichedValidators.filter((v)=>v.status === 0).map((v)=>v.operator);
+        }
+        if (validators.length === 0) {
+            logger.warn('No validators to add. Skipping.');
+            return;
+        }
+        const gseContract = new GSEContract(extendedClient, gseAddress);
+        const multiAdder = (await deployer.deploy(MultiAdderArtifact, [
+            rollupAddress,
+            deployer.client.account.address
+        ])).address;
+        const makeValidatorTuples = async (validator)=>{
+            const registrationTuple = await gseContract.makeRegistrationTuple(validator.bn254SecretKey.getValue());
+            return {
+                attester: getAddress(validator.attester.toString()),
+                withdrawer: getAddress(validator.withdrawer.toString()),
+                ...registrationTuple
+            };
+        };
+        const validatorsTuples = await Promise.all(validators.map(makeValidatorTuples));
+        // Mint tokens, approve them, use cheat code to initialize validator set without setting up the epoch.
+        const stakeNeeded = activationThreshold * BigInt(validators.length);
+        await deployer.l1TxUtils.sendAndMonitorTransaction({
+            to: stakingAssetAddress,
+            data: encodeFunctionData({
+                abi: StakingAssetArtifact.contractAbi,
+                functionName: 'mint',
+                args: [
+                    multiAdder.toString(),
+                    stakeNeeded
+                ]
+            })
+        });
+        const entryQueueLengthBefore = await rollup.getEntryQueueLength();
+        const validatorCountBefore = await rollup.getActiveAttesterCount();
+        logger.info(`Adding ${validators.length} validators to the rollup`);
+        const chunkSize = 16;
+        // We will add `chunkSize` validators to the queue until we have covered all of our validators.
+        // The `chunkSize` needs to be small enough to fit inside a single tx, therefore 16.
+        for (const c of chunk(validatorsTuples, chunkSize)){
+            await deployer.l1TxUtils.sendAndMonitorTransaction({
+                to: multiAdder.toString(),
+                data: encodeFunctionData({
+                    abi: MultiAdderArtifact.contractAbi,
+                    functionName: 'addValidators',
+                    args: [
+                        c,
+                        BigInt(0)
+                    ]
+                })
+            }, {
+                gasLimit: 16_000_000n
+            });
+        }
+        // After adding to the queue, we will now try to flush from it.
+        // We are explicitly doing this as a second step instead of as part of adding to benefit
+        // from the accounting used to speed the process up.
+        // As the queue computes the amount of possible flushes in an epoch when told to flush,
+        // waiting until we have added all we want allows us to benefit in the case were we added
+        // enough to pass the bootstrap set size without needing to wait another epoch.
+        // This is useful when we are testing as it speeds up the tests slightly.
+        while(true){
+            // If the queue is empty, we can break
+            if (await rollup.getEntryQueueLength() == 0n) {
+                break;
+            }
+            // If there are no available validator flushes, no need to even try
+            if (await rollup.getAvailableValidatorFlushes() == 0n) {
+                break;
+            }
+            // Note that we are flushing at most `chunkSize` at each call
+            await deployer.l1TxUtils.sendAndMonitorTransaction({
+                to: rollup.address,
+                data: encodeFunctionData({
+                    abi: RollupArtifact.contractAbi,
+                    functionName: 'flushEntryQueue',
+                    args: [
+                        BigInt(chunkSize)
+                    ]
+                })
+            }, {
+                gasLimit: 16_000_000n
+            });
+        }
+        const entryQueueLengthAfter = await rollup.getEntryQueueLength();
+        const validatorCountAfter = await rollup.getActiveAttesterCount();
+        if (entryQueueLengthAfter + validatorCountAfter < entryQueueLengthBefore + validatorCountBefore + BigInt(validators.length)) {
+            throw new Error(`Failed to add ${validators.length} validators. Active validators: ${validatorCountBefore} -> ${validatorCountAfter}. Queue: ${entryQueueLengthBefore} -> ${entryQueueLengthAfter}. A likely issue is the bootstrap size.`);
+        }
+        logger.info(`Added ${validators.length} validators. Active validators: ${validatorCountBefore} -> ${validatorCountAfter}. Queue: ${entryQueueLengthBefore} -> ${entryQueueLengthAfter}`);
+    }
+};
+/**
+ * Initialize the fee asset handler and make it a minter on the fee asset.
+ * @note This function will only be used for testing purposes.
+ *
+ * @param extendedClient - The L1 clients.
+ * @param deployer - The L1 deployer.
+ * @param feeAssetAddress - The address of the fee asset.
+ * @param logger - The logger.
+ */ // eslint-disable-next-line camelcase
+export const cheat_initializeFeeAssetHandler = async (extendedClient, deployer, feeAssetAddress, logger)=>{
+    const feeAssetHandlerAddress = (await deployer.deploy(FeeAssetHandlerArtifact, [
+        extendedClient.account.address,
+        feeAssetAddress.toString(),
+        BigInt(1e18)
+    ])).address;
+    logger.verbose(`Deployed FeeAssetHandler at ${feeAssetHandlerAddress}`);
+    const { txHash } = await deployer.sendTransaction({
+        to: feeAssetAddress.toString(),
+        data: encodeFunctionData({
+            abi: FeeAssetArtifact.contractAbi,
+            functionName: 'addMinter',
+            args: [
+                feeAssetHandlerAddress.toString()
+            ]
+        })
+    });
+    logger.verbose(`Added fee asset handler ${feeAssetHandlerAddress} as minter on fee asset in ${txHash}`);
+    return {
+        feeAssetHandlerAddress,
+        txHash
+    };
+};
+/**
+ * Deploys the aztec L1 contracts; Rollup & (optionally) Decoder Helper.
+ * @param rpcUrls - List of URLs of the ETH RPC to use for deployment.
+ * @param account - Private Key or HD Account that will deploy the contracts.
+ * @param chain - The chain instance to deploy to.
+ * @param logger - A logger object.
+ * @param args - Arguments for initialization of L1 contracts
+ * @returns A list of ETH addresses of the deployed contracts.
+ */ export const deployL1Contracts = async (rpcUrls, account, chain, logger, args, txUtilsConfig = getL1TxUtilsConfigEnvVars(), createVerificationJson = false)=>{
+    logger.info(`Deploying L1 contracts with config: ${jsonStringify(args)}`);
+    validateConfig(args);
+    if (args.initialValidators && args.initialValidators.length > 0 && args.existingTokenAddress) {
+        throw new Error('Cannot deploy with both initialValidators and existingTokenAddress. ' + 'Initial validator funding requires minting tokens, which is not possible with an external token.');
+    }
+    const l1Client = createExtendedL1Client(rpcUrls, account, chain);
+    // Deploy multicall3 if it does not exist in this network
+    await deployMulticall3(l1Client, logger);
+    // We are assuming that you are running this on a local anvil node which have 1s block times
+    // To align better with actual deployment, we update the block interval to 12s
+    const rpcCall = async (method, params)=>{
+        logger.info(`Calling ${method} with params: ${JSON.stringify(params)}`);
+        return await l1Client.transport.request({
+            method,
+            params
+        });
+    };
+    if (isAnvilTestChain(chain.id)) {
+        try {
+            await rpcCall('anvil_setBlockTimestampInterval', [
+                args.ethereumSlotDuration
+            ]);
+            logger.warn(`Set block interval to ${args.ethereumSlotDuration}`);
+        } catch (e) {
+            logger.error(`Error setting block interval: ${e}`);
+        }
+    }
+    logger.verbose(`Deploying contracts from ${account.address.toString()}`);
+    const dateProvider = new DateProvider();
+    const deployer = new L1Deployer(l1Client, args.salt, dateProvider, args.acceleratedTestDeployments, logger, txUtilsConfig, !!createVerificationJson);
+    const { feeAssetAddress, feeAssetHandlerAddress, stakingAssetAddress, stakingAssetHandlerAddress, registryAddress, gseAddress, governanceAddress, rewardDistributorAddress, zkPassportVerifierAddress, coinIssuerAddress } = await deploySharedContracts(l1Client, deployer, args, logger);
+    const { rollup, slashFactoryAddress } = await deployRollup(l1Client, deployer, args, {
+        feeJuiceAddress: feeAssetAddress,
+        registryAddress,
+        gseAddress,
+        rewardDistributorAddress,
+        stakingAssetAddress,
+        governanceAddress
+    }, logger);
+    logger.verbose('Waiting for rollup and slash factory to be deployed');
+    await deployer.waitForDeployments();
+    // Now that the rollup has been deployed and added to the registry, transfer ownership to governance
+    const { dateGatedRelayerAddress } = await handoverToGovernance(l1Client, deployer, registryAddress, gseAddress, coinIssuerAddress, feeAssetAddress, governanceAddress, logger, args.acceleratedTestDeployments, !!args.existingTokenAddress);
+    logger.info(`Handing over to governance complete`);
     logger.verbose(`All transactions for L1 deployment have been mined`);
-    const l1Contracts = await RegistryContract.collectAddresses(publicClient, registryAddress, 'canonical');
+    const l1Contracts = await RegistryContract.collectAddresses(l1Client, registryAddress, 'canonical');
     logger.info(`Aztec L1 contracts initialized`, l1Contracts);
+    // Write verification data (constructor args + linked libraries) to file for later forge verify
+    if (createVerificationJson) {
+        await generateRollupVerificationRecords(rollup, deployer, args, l1Contracts, l1Client, logger);
+        await writeVerificationJson(deployer, createVerificationJson, chain.id, '', logger);
+    }
     if (isAnvilTestChain(chain.id)) {
         // @note  We make a time jump PAST the very first slot to not have to deal with the edge case of the first slot.
         //        The edge case being that the genesis block is already occupying slot 0, so we cannot have another block.
         try {
             // Need to get the time
             const currentSlot = await rollup.getSlotNumber();
-            if (BigInt(currentSlot) === 0n) {
-                const ts = Number(await rollup.getTimestampForSlot(1n));
+            if (currentSlot === 0) {
+                const ts = Number(await rollup.getTimestampForSlot(SlotNumber(1)));
                 await rpcCall('evm_setNextBlockTimestamp', [
                     ts
                 ]);
@@ -492,7 +1170,7 @@ export const deployRollup = async (clients, deployer, args, addresses, logger)=>
                     1
                 ]);
                 const currentSlot = await rollup.getSlotNumber();
-                if (BigInt(currentSlot) !== 1n) {
+                if (currentSlot !== 1) {
                     throw new Error(`Error jumping time: current slot is ${currentSlot}`);
                 }
                 logger.info(`Jumped to slot 1`);
@@ -502,41 +1180,94 @@ export const deployRollup = async (clients, deployer, args, addresses, logger)=>
         }
     }
     return {
-        walletClient,
-        publicClient,
+        rollupVersion: Number(await rollup.getVersion()),
+        l1Client: l1Client,
         l1ContractAddresses: {
             ...l1Contracts,
-            slashFactoryAddress
+            slashFactoryAddress,
+            feeAssetHandlerAddress,
+            stakingAssetHandlerAddress,
+            zkPassportVerifierAddress,
+            coinIssuerAddress,
+            dateGatedRelayerAddress
         }
     };
 };
-class L1Deployer {
-    walletClient;
-    publicClient;
+export class L1Deployer {
+    client;
     acceleratedTestDeployments;
     logger;
     txUtilsConfig;
+    createVerificationJson;
     salt;
     txHashes;
     l1TxUtils;
-    constructor(walletClient, publicClient, maybeSalt, acceleratedTestDeployments = false, logger = createLogger('L1Deployer'), txUtilsConfig){
-        this.walletClient = walletClient;
-        this.publicClient = publicClient;
+    verificationRecords;
+    constructor(client, maybeSalt, dateProvider = new DateProvider(), acceleratedTestDeployments = false, logger = createLogger('L1Deployer'), txUtilsConfig, createVerificationJson = false){
+        this.client = client;
         this.acceleratedTestDeployments = acceleratedTestDeployments;
         this.logger = logger;
         this.txUtilsConfig = txUtilsConfig;
+        this.createVerificationJson = createVerificationJson;
         this.txHashes = [];
+        this.verificationRecords = [];
         this.salt = maybeSalt ? padHex(numberToHex(maybeSalt), {
             size: 32
         }) : undefined;
-        this.l1TxUtils = new L1TxUtils(this.publicClient, this.walletClient, this.logger, this.txUtilsConfig, this.acceleratedTestDeployments);
+        this.l1TxUtils = createL1TxUtilsFromViemWallet(this.client, {
+            logger: this.logger,
+            dateProvider
+        }, {
+            ...this.txUtilsConfig,
+            debugMaxGasLimit: acceleratedTestDeployments
+        });
     }
-    async deploy(params, args = []) {
-        const { txHash, address } = await deployL1Contract(this.walletClient, this.publicClient, params.contractAbi, params.contractBytecode, args, this.salt, params.libraries, this.logger, this.l1TxUtils, this.acceleratedTestDeployments);
-        if (txHash) {
-            this.txHashes.push(txHash);
+    async deploy(params, args, opts = {}) {
+        this.logger.debug(`Deploying ${params.name} contract`, {
+            args
+        });
+        try {
+            const { txHash, address, deployedLibraries, existed } = await deployL1Contract(this.client, params.contractAbi, params.contractBytecode, args ?? [], {
+                salt: this.salt,
+                libraries: params.libraries,
+                logger: this.logger,
+                l1TxUtils: this.l1TxUtils,
+                acceleratedTestDeployments: this.acceleratedTestDeployments,
+                gasLimit: opts.gasLimit,
+                noSimulation: opts.noSimulation
+            });
+            if (txHash) {
+                this.txHashes.push(txHash);
+            }
+            this.logger.debug(`Deployed ${params.name} at ${address}`, {
+                args
+            });
+            if (this.createVerificationJson) {
+                // Encode constructor args for verification
+                let constructorArgsHex = '0x';
+                try {
+                    const abiItem = params.contractAbi.find((x)=>x && x.type === 'constructor');
+                    const inputDefs = abiItem && Array.isArray(abiItem.inputs) ? abiItem.inputs : [];
+                    constructorArgsHex = inputDefs.length > 0 ? encodeAbiParameters(inputDefs, args ?? []) : '0x';
+                } catch  {
+                    constructorArgsHex = '0x';
+                }
+                this.verificationRecords.push({
+                    name: params.name,
+                    address: address.toString(),
+                    constructorArgsHex,
+                    libraries: deployedLibraries ?? []
+                });
+            }
+            return {
+                address,
+                existed
+            };
+        } catch (error) {
+            throw new Error(`Failed to deploy ${params.name}`, {
+                cause: formatViemError(error)
+            });
         }
-        return address;
     }
     async waitForDeployments() {
         if (this.acceleratedTestDeployments) {
@@ -546,17 +1277,28 @@ class L1Deployer {
         if (this.txHashes.length === 0) {
             return;
         }
-        this.logger.info(`Waiting for ${this.txHashes.length} transactions to be mined...`);
-        await Promise.all(this.txHashes.map((txHash)=>this.publicClient.waitForTransactionReceipt({
+        this.logger.verbose(`Waiting for ${this.txHashes.length} transactions to be mined`, {
+            txHashes: this.txHashes
+        });
+        const receipts = await Promise.all(this.txHashes.map((txHash)=>this.client.waitForTransactionReceipt({
                 hash: txHash
             })));
-        this.logger.info('All transactions mined successfully');
+        const failed = receipts.filter((r)=>r.status !== 'success');
+        if (failed.length > 0) {
+            throw new Error(`Some deployment txs have failed: ${failed.map((f)=>f.transactionHash).join(', ')}`);
+        }
+        this.logger.info('All transactions mined successfully', {
+            txHashes: this.txHashes
+        });
     }
-    sendTransaction(tx) {
-        return this.l1TxUtils.sendTransaction(tx);
+    sendTransaction(tx, options) {
+        return this.l1TxUtils.sendTransaction(tx, options).then(({ txHash, state })=>({
+                txHash,
+                gasLimit: state.gasLimit,
+                gasPrice: state.gasPrice
+            }));
     }
 }
-// docs:start:deployL1Contract
 /**
  * Helper function to deploy ETH contracts.
  * @param walletClient - A viem WalletClient.
@@ -564,13 +1306,22 @@ class L1Deployer {
  * @param abi - The ETH contract's ABI (as abitype's Abi).
  * @param bytecode  - The ETH contract's bytecode.
  * @param args - Constructor arguments for the contract.
- * @param maybeSalt - Optional salt for CREATE2 deployment (does not wait for deployment tx to be mined if set, does not send tx if contract already exists).
+ * @param salt - Optional salt for CREATE2 deployment (does not wait for deployment tx to be mined if set, does not send tx if contract already exists).
  * @returns The ETH address the contract was deployed to.
- */ export async function deployL1Contract(walletClient, publicClient, abi, bytecode, args = [], maybeSalt, libraries, logger, l1TxUtils, acceleratedTestDeployments = false) {
+ */ export async function deployL1Contract(extendedClient, abi, bytecode, args = [], opts = {}) {
     let txHash = undefined;
     let resultingAddress = undefined;
+    const deployedLibraries = [];
+    const { salt: saltFromOpts, libraries, logger, gasLimit, acceleratedTestDeployments, noSimulation } = opts;
+    let { l1TxUtils } = opts;
     if (!l1TxUtils) {
-        l1TxUtils = new L1TxUtils(publicClient, walletClient, logger, undefined, acceleratedTestDeployments);
+        const config = getL1TxUtilsConfigEnvVars();
+        l1TxUtils = createL1TxUtilsFromViemWallet(extendedClient, {
+            logger
+        }, {
+            ...config,
+            debugMaxGasLimit: acceleratedTestDeployments
+        });
     }
     if (libraries) {
         // Note that this does NOT work well for linked libraries having linked libraries.
@@ -586,10 +1337,32 @@ class L1Deployer {
         const libraryTxs = [];
         for(const libraryName in libraries?.libraryCode){
             const lib = libraries.libraryCode[libraryName];
-            const { address, txHash } = await deployL1Contract(walletClient, publicClient, lib.contractAbi, lib.contractBytecode, [], maybeSalt, undefined, logger, l1TxUtils, acceleratedTestDeployments);
+            const { libraries: _libraries, ...optsWithoutLibraries } = opts;
+            const { address, txHash } = await deployL1Contract(extendedClient, lib.contractAbi, lib.contractBytecode, [], optsWithoutLibraries);
+            // Log deployed library name and address for easier verification/triage
+            logger?.verbose(`Linked library deployed`, {
+                library: libraryName,
+                address: address.toString(),
+                txHash
+            });
             if (txHash) {
                 libraryTxs.push(txHash);
             }
+            // Try to find the source file for this library from linkReferences
+            let fileNameForLibrary = undefined;
+            for(const fileName in libraries.linkReferences){
+                if (libraries.linkReferences[fileName] && libraries.linkReferences[fileName][libraryName]) {
+                    fileNameForLibrary = fileName;
+                    break;
+                }
+            }
+            if (fileNameForLibrary) {
+                deployedLibraries.push({
+                    file: fileNameForLibrary,
+                    contract: libraryName,
+                    address: address.toString()
+                });
+            }
             for(const linkRef in libraries.linkReferences){
                 for(const contractName in libraries.linkReferences[linkRef]){
                     // If the library name matches the one we just deployed, we replace it.
@@ -616,34 +1389,61 @@ class L1Deployer {
         // However, if we are in fast mode or using debugMaxGasLimit, we will skip simulation, so we can skip waiting.
         if (libraryTxs.length > 0 && !acceleratedTestDeployments) {
             logger?.verbose(`Awaiting for linked libraries to be deployed`);
-            await Promise.all(libraryTxs.map((txHash)=>publicClient.waitForTransactionReceipt({
+            await Promise.all(libraryTxs.map((txHash)=>extendedClient.waitForTransactionReceipt({
                     hash: txHash
                 })));
         } else {
             logger?.verbose(`Skipping waiting for linked libraries to be deployed ${acceleratedTestDeployments ? '(accelerated test deployments)' : ''}`);
         }
     }
-    if (maybeSalt) {
-        const { address, paddedSalt: salt, calldata } = getExpectedAddress(abi, bytecode, args, maybeSalt);
+    let existed = false;
+    if (saltFromOpts) {
+        logger?.info(`Deploying contract with salt ${saltFromOpts}`);
+        const { address, paddedSalt: salt, calldata } = getExpectedAddress(abi, bytecode, args, saltFromOpts);
         resultingAddress = address;
-        const existing = await publicClient.getBytecode({
+        const existing = await extendedClient.getCode({
             address: resultingAddress
         });
         if (existing === undefined || existing === '0x') {
+            if (!noSimulation) {
+                try {
+                    await l1TxUtils.simulate({
+                        to: DEPLOYER_ADDRESS,
+                        data: concatHex([
+                            salt,
+                            calldata
+                        ]),
+                        gas: gasLimit
+                    });
+                } catch (err) {
+                    logger?.error(`Failed to simulate deployment tx using universal deployer`, err);
+                    await l1TxUtils.simulate({
+                        to: null,
+                        data: encodeDeployData({
+                            abi,
+                            bytecode,
+                            args
+                        }),
+                        gas: gasLimit
+                    });
+                }
+            }
             const res = await l1TxUtils.sendTransaction({
                 to: DEPLOYER_ADDRESS,
                 data: concatHex([
                     salt,
                     calldata
                 ])
+            }, {
+                gasLimit
             });
             txHash = res.txHash;
             logger?.verbose(`Deployed contract with salt ${salt} to address ${resultingAddress} in tx ${txHash}.`);
         } else {
             logger?.verbose(`Skipping existing deployment of contract with salt ${salt} to address ${resultingAddress}`);
+            existed = true;
         }
     } else {
-        // Regular deployment path
         const deployData = encodeDeployData({
             abi,
             bytecode,
@@ -652,6 +1452,8 @@ class L1Deployer {
         const { receipt } = await l1TxUtils.sendAndMonitorTransaction({
             to: null,
             data: deployData
+        }, {
+            gasLimit
         });
         txHash = receipt.transactionHash;
         resultingAddress = receipt.contractAddress;
@@ -661,7 +1463,9 @@ class L1Deployer {
     }
     return {
         address: EthAddress.fromString(resultingAddress),
-        txHash
+        txHash,
+        deployedLibraries,
+        existed
     };
 }
 export function getExpectedAddress(abi, bytecode, args, salt) {
@@ -684,4 +1488,4 @@ export function getExpectedAddress(abi, bytecode, args, salt) {
         paddedSalt,
         calldata
     };
-} // docs:end:deployL1Contract
+}