@keep-network/tbtc-v2 0.1.1-dev.10 → 0.1.1-dev.102

package/contracts/vault/IVault.sol

@@ -13,30 +13,14 @@
 //               ▐████▌    ▐████▌
 //               ▐████▌    ▐████▌
 
-pragma solidity 0.8.4;
+pragma solidity ^0.8.9;
+
+import "../bank/IReceiveBalanceApproval.sol";
 
 /// @title Bank Vault interface
 /// @notice `IVault` is an interface for a smart contract consuming Bank
 ///         balances of other contracts or externally owned accounts (EOA).
-interface IVault {
-    /// @notice Called by the Bank in `approveBalanceAndCall` function after
-    ///         the balance `owner` approved `amount` of their balance in the
-    ///         Bank for the vault. This way, the depositor can approve balance
-    ///         and call the vault to use the approved balance in a single
-    ///         transaction.
-    /// @param owner Address of the Bank balance owner who approved their
-    ///        balance to be used by the vault
-    /// @param amount The amount of the Bank balance approved by the owner
-    ///        to be used by the vault
-    // @dev The implementation must ensure this function can only be called
-    ///      by the Bank. The Bank does _not_ guarantee that the `amount`
-    ///      approved by the `owner` currently exists on their balance. That is,
-    ///      the `owner` could approve more balance than they currently have.
-    ///      This works the same as `Bank.approve` function. The vault must
-    ///      ensure the actual balance is checked before performing any action
-    ///      based on it.
-    function receiveBalanceApproval(address owner, uint256 amount) external;
-
+interface IVault is IReceiveBalanceApproval {
     /// @notice Called by the Bank in `increaseBalanceAndCall` function after
     ///         increasing the balance in the Bank for the vault. It happens in
     ///         the same transaction in which deposits were swept by the Bridge.
@@ -46,9 +30,9 @@ interface IVault {
     ///         depositor does not have to execute additional transaction after
     ///         the deposit gets swept by the Bridge to approve and transfer
     ///         their balance to the vault.
-    /// @param depositors Addresses of depositors whose deposits have been swept
+    /// @param depositors Addresses of depositors whose deposits have been swept.
     /// @param depositedAmounts Amounts deposited by individual depositors and
-    ///        swept
+    ///        swept.
     /// @dev The implementation must ensure this function can only be called
     ///      by the Bank. The Bank guarantees that the vault's balance was
     ///      increased by the sum of all deposited amounts before this function

package/contracts/vault/TBTCVault.sol

@@ -13,33 +13,63 @@
 //               ▐████▌    ▐████▌
 //               ▐████▌    ▐████▌
 
-pragma solidity 0.8.4;
+pragma solidity ^0.8.9;
+
+import "@openzeppelin/contracts/access/Ownable.sol";
 
 import "./IVault.sol";
 import "../bank/Bank.sol";
 import "../token/TBTC.sol";
+import "../GovernanceUtils.sol";
 
 /// @title TBTC application vault
 /// @notice TBTC is a fully Bitcoin-backed ERC-20 token pegged to the price of
 ///         Bitcoin. It facilitates Bitcoin holders to act on the Ethereum
 ///         blockchain and access the decentralized finance (DeFi) ecosystem.
-///         TBTC Vault mints and redeems TBTC based on Bitcoin balances in the
+///         TBTC Vault mints and unmints TBTC based on Bitcoin balances in the
 ///         Bank.
 /// @dev TBTC Vault is the owner of TBTC token contract and is the only contract
 ///      minting the token.
-contract TBTCVault is IVault {
+contract TBTCVault is IVault, Ownable {
+    using SafeERC20 for IERC20;
+
+    /// @notice The time delay that needs to pass between initializing and
+    ///         finalizing upgrade to a new vault. The time delay forces the
+    ///         upgrading party to reflect on the vault address it is upgrading
+    ///         to and lets all TBTC holders notice the planned
+    ///         upgrade.
+    uint256 public constant UPGRADE_GOVERNANCE_DELAY = 24 hours;
+
     Bank public bank;
     TBTC public tbtcToken;
 
+    /// @notice The address of a new TBTC vault. Set only when the upgrade
+    ///         process is pending. Once the upgrade gets finalized, the new
+    ///         TBTC vault will become an owner of TBTC token.
+    address public newVault;
+    /// @notice The timestamp at which an upgrade to a new TBTC vault was
+    ///         initiated. Set only when the upgrade process is pending.
+    uint256 public upgradeInitiatedTimestamp;
+
     event Minted(address indexed to, uint256 amount);
+    event Unminted(address indexed from, uint256 amount);
 
-    event Redeemed(address indexed from, uint256 amount);
+    event UpgradeInitiated(address newVault, uint256 timestamp);
+    event UpgradeFinalized(address newVault);
 
     modifier onlyBank() {
         require(msg.sender == address(bank), "Caller is not the Bank");
         _;
     }
 
+    modifier onlyAfterUpgradeGovernanceDelay() {
+        GovernanceUtils.onlyAfterGovernanceDelay(
+            upgradeInitiatedTimestamp,
+            UPGRADE_GOVERNANCE_DELAY
+        );
+        _;
+    }
+
     constructor(Bank _bank, TBTC _tbtcToken) {
         require(
             address(_bank) != address(0),
@@ -59,7 +89,7 @@ contract TBTCVault is IVault {
     ///         to TBTC Vault, and mints `amount` of TBTC to the caller.
     /// @dev TBTC Vault must have an allowance for caller's balance in the Bank
     ///      for at least `amount`.
-    /// @param amount Amount of TBTC to mint
+    /// @param amount Amount of TBTC to mint.
     function mint(uint256 amount) external {
         address minter = msg.sender;
         require(
@@ -73,13 +103,13 @@ contract TBTCVault is IVault {
     /// @notice Transfers the given `amount` of the Bank balance from the caller
     ///         to TBTC Vault and mints `amount` of TBTC to the caller.
     /// @dev Can only be called by the Bank via `approveBalanceAndCall`.
-    /// @param owner The owner who approved their Bank balance
-    /// @param amount Amount of TBTC to mint
-    function receiveBalanceApproval(address owner, uint256 amount)
-        external
-        override
-        onlyBank
-    {
+    /// @param owner The owner who approved their Bank balance.
+    /// @param amount Amount of TBTC to mint.
+    function receiveBalanceApproval(
+        address owner,
+        uint256 amount,
+        bytes calldata
+    ) external override onlyBank {
         require(
             bank.balanceOf(owner) >= amount,
             "Amount exceeds balance in the bank"
@@ -104,32 +134,151 @@ contract TBTCVault is IVault {
         }
     }
 
-    /// @notice Burns `amount` of TBTC from the caller's account and transfers
+    /// @notice Burns `amount` of TBTC from the caller's balance and transfers
     ///         `amount` back to the caller's balance in the Bank.
     /// @dev Caller must have at least `amount` of TBTC approved to
     ///       TBTC Vault.
-    /// @param amount Amount of TBTC to redeem
-    function redeem(uint256 amount) external {
-        _redeem(msg.sender, amount);
+    /// @param amount Amount of TBTC to unmint.
+    function unmint(uint256 amount) external {
+        _unmint(msg.sender, amount);
     }
 
-    /// @notice Burns `amount` of TBTC from the caller's account and transfers
-    ///         `amount` back to the caller's balance in the Bank.
-    /// @dev This function is doing the same as `redeem` but it allows to
-    ///      execute redemption without an additional approval transaction.
-    ///      The function can be called only via `approveAndCall` of TBTC token.
-    /// @param from TBTC token holder executing redemption
-    /// @param amount Amount of TBTC to redeem
-    /// @param token TBTC token address
+    /// @notice Burns `amount` of TBTC from the caller's balance and transfers
+    ///         `amount` of Bank balance to the Bridge requesting redemption
+    ///         based on the provided `redemptionData`.
+    /// @dev Caller must have at least `amount` of TBTC approved to
+    ///       TBTC Vault.
+    /// @param amount Amount of TBTC to unmint and request to redeem in Bridge.
+    /// @param redemptionData Redemption data in a format expected from
+    ///        `redemptionData` parameter of Bridge's `receiveBalanceApproval`
+    ///        function.
+    function unmintAndRedeem(uint256 amount, bytes calldata redemptionData)
+        external
+    {
+        _unmintAndRedeem(msg.sender, amount, redemptionData);
+    }
+
+    /// @notice Burns `amount` of TBTC from the caller's balance. If `extraData`
+    ///         is empty, transfers `amount` back to the caller's balance in the
+    ///         Bank. If `extraData` is not empty, requests redemption in the
+    ///         Bridge using the `extraData` as a `redemptionData` parameter to
+    ///         Bridge's `receiveBalanceApproval` function.
+    /// @dev This function is doing the same as `unmint` or `unmintAndRedeem`
+    ///      (depending on `extraData` parameter) but it allows to execute
+    ///      unminting without a separate approval transaction. The function can
+    ///      be called only via `approveAndCall` of TBTC token.
+    /// @param from TBTC token holder executing unminting.
+    /// @param amount Amount of TBTC to unmint.
+    /// @param token TBTC token address.
+    /// @param extraData Redemption data in a format expected from
+    ///        `redemptionData` parameter of Bridge's `receiveBalanceApproval`
+    ///        function. If empty, `receiveApproval` is not requesting a
+    ///        redemption of Bank balance but is instead performing just TBTC
+    ///        unminting to a Bank balance.
     function receiveApproval(
         address from,
         uint256 amount,
         address token,
-        bytes calldata
+        bytes calldata extraData
     ) external {
         require(token == address(tbtcToken), "Token is not TBTC");
         require(msg.sender == token, "Only TBTC caller allowed");
-        _redeem(from, amount);
+        if (extraData.length == 0) {
+            _unmint(from, amount);
+        } else {
+            _unmintAndRedeem(from, amount, extraData);
+        }
+    }
+
+    /// @notice Initiates vault upgrade process. The upgrade process needs to be
+    ///         finalized with a call to `finalizeUpgrade` function after the
+    ///         `UPGRADE_GOVERNANCE_DELAY` passes. Only the governance can
+    ///         initiate the upgrade.
+    /// @param _newVault The new vault address.
+    function initiateUpgrade(address _newVault) external onlyOwner {
+        require(_newVault != address(0), "New vault address cannot be zero");
+        /* solhint-disable-next-line not-rely-on-time */
+        emit UpgradeInitiated(_newVault, block.timestamp);
+        /* solhint-disable-next-line not-rely-on-time */
+        upgradeInitiatedTimestamp = block.timestamp;
+        newVault = _newVault;
+    }
+
+    /// @notice Allows the governance to finalize vault upgrade process. The
+    ///         upgrade process needs to be first initiated with a call to
+    ///         `initiateUpgrade` and the `UPGRADE_GOVERNANCE_DELAY` needs to
+    ///         pass. Once the upgrade is finalized, the new vault becomes the
+    ///         owner of the TBTC token and receives the whole Bank balance of
+    ///         this vault.
+    function finalizeUpgrade()
+        external
+        onlyOwner
+        onlyAfterUpgradeGovernanceDelay
+    {
+        emit UpgradeFinalized(newVault);
+        // slither-disable-next-line reentrancy-no-eth
+        tbtcToken.transferOwnership(newVault);
+        bank.transferBalance(newVault, bank.balanceOf(address(this)));
+        newVault = address(0);
+        upgradeInitiatedTimestamp = 0;
+    }
+
+    /// @notice Allows the governance of the TBTCVault to recover any ERC20
+    ///         token sent mistakenly to the TBTC token contract address.
+    /// @param token Address of the recovered ERC20 token contract.
+    /// @param recipient Address the recovered token should be sent to.
+    /// @param amount Recovered amount.
+    function recoverERC20FromToken(
+        IERC20 token,
+        address recipient,
+        uint256 amount
+    ) external onlyOwner {
+        tbtcToken.recoverERC20(token, recipient, amount);
+    }
+
+    /// @notice Allows the governance of the TBTCVault to recover any ERC721
+    ///         token sent mistakenly to the TBTC token contract address.
+    /// @param token Address of the recovered ERC721 token contract.
+    /// @param recipient Address the recovered token should be sent to.
+    /// @param tokenId Identifier of the recovered token.
+    /// @param data Additional data.
+    function recoverERC721FromToken(
+        IERC721 token,
+        address recipient,
+        uint256 tokenId,
+        bytes calldata data
+    ) external onlyOwner {
+        tbtcToken.recoverERC721(token, recipient, tokenId, data);
+    }
+
+    /// @notice Allows the governance of the TBTCVault to recover any ERC20
+    ///         token sent - mistakenly or not - to the vault address. This
+    ///         function should be used to withdraw TBTC v1 tokens transferred
+    ///         to TBTCVault as a result of VendingMachine > TBTCVault upgrade.
+    /// @param token Address of the recovered ERC20 token contract.
+    /// @param recipient Address the recovered token should be sent to.
+    /// @param amount Recovered amount.
+    function recoverERC20(
+        IERC20 token,
+        address recipient,
+        uint256 amount
+    ) external onlyOwner {
+        token.safeTransfer(recipient, amount);
+    }
+
+    /// @notice Allows the governance of the TBTCVault to recover any ERC721
+    ///         token sent mistakenly to the vault address.
+    /// @param token Address of the recovered ERC721 token contract.
+    /// @param recipient Address the recovered token should be sent to.
+    /// @param tokenId Identifier of the recovered token.
+    /// @param data Additional data.
+    function recoverERC721(
+        IERC721 token,
+        address recipient,
+        uint256 tokenId,
+        bytes calldata data
+    ) external onlyOwner {
+        token.safeTransferFrom(address(this), recipient, tokenId, data);
     }
 
     // slither-disable-next-line calls-loop
@@ -138,9 +287,19 @@ contract TBTCVault is IVault {
         tbtcToken.mint(minter, amount);
     }
 
-    function _redeem(address redeemer, uint256 amount) internal {
-        emit Redeemed(redeemer, amount);
+    function _unmint(address unminter, uint256 amount) internal {
+        emit Unminted(unminter, amount);
+        tbtcToken.burnFrom(unminter, amount);
+        bank.transferBalance(unminter, amount);
+    }
+
+    function _unmintAndRedeem(
+        address redeemer,
+        uint256 amount,
+        bytes calldata redemptionData
+    ) internal {
+        emit Unminted(redeemer, amount);
         tbtcToken.burnFrom(redeemer, amount);
-        bank.transferBalance(redeemer, amount);
+        bank.approveBalanceAndCall(bank.bridge(), amount, redemptionData);
     }
 }

package/deploy/00_resolve_relay.ts

@@ -0,0 +1,28 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { getNamedAccounts, deployments, helpers } = hre
+  const { log } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const Relay = await deployments.getOrNull("Relay")
+
+  if (Relay && helpers.address.isValid(Relay.address)) {
+    log(`using external Relay at ${Relay.address}`)
+  } else if (hre.network.name !== "hardhat") {
+    throw new Error("deployed Relay contract not found")
+  } else {
+    log("deploying Relay stub")
+
+    await deployments.deploy("Relay", {
+      contract: "TestRelay",
+      from: deployer,
+      log: true,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["Relay"]

package/deploy/{03_transfer_roles.ts → 03_transfer_vending_machine_roles.ts}

@@ -38,7 +38,7 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
 
 export default func
 
-func.tags = ["TransferRoles"]
+func.tags = ["TransferVendingMachineRoles"]
 func.dependencies = ["TBTC", "VendingMachine"]
 func.runAtTheEnd = true
 func.skip = async function (hre: HardhatRuntimeEnvironment): Promise<boolean> {

package/deploy/04_deploy_bank.ts

@@ -0,0 +1,27 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { deployments, getNamedAccounts } = hre
+  const { deploy } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const Bank = await deploy("Bank", {
+    contract:
+      process.env.TEST_USE_STUBS_TBTC === "true" ? "BankStub" : undefined,
+    from: deployer,
+    args: [],
+    log: true,
+  })
+
+  if (hre.network.tags.tenderly) {
+    await hre.tenderly.verify({
+      name: "Bank",
+      address: Bank.address,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["Bank"]

package/deploy/05_deploy_bridge.ts

@@ -0,0 +1,80 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { ethers, helpers, deployments, getNamedAccounts } = hre
+  const { deploy } = deployments
+  const { deployer, treasury } = await getNamedAccounts()
+
+  const Bank = await deployments.get("Bank")
+  const Relay = await deployments.get("Relay")
+
+  // TODO: Test for mainnet deployment that when `WalletRegistry` is provided
+  // in `external/mainnet/` directory it gets resolved correctly, and the deployment
+  // script from `@keep-network/ecdsa` is not invoked once again.
+  const WalletRegistry = await deployments.get("WalletRegistry")
+
+  // For local tests use `1`.
+  const txProofDifficultyFactor =
+    deployments.getNetworkName() === "hardhat" ? 1 : 6
+
+  const Deposit = await deploy("Deposit", { from: deployer, log: true })
+  const DepositSweep = await deploy("DepositSweep", {
+    from: deployer,
+    log: true,
+  })
+  const Redemption = await deploy("Redemption", { from: deployer, log: true })
+  const Wallets = await deploy("Wallets", {
+    contract: "contracts/bridge/Wallets.sol:Wallets",
+    from: deployer,
+    log: true,
+  })
+  const Fraud = await deploy("Fraud", { from: deployer, log: true })
+  const MovingFunds = await deploy("MovingFunds", {
+    from: deployer,
+    log: true,
+  })
+
+  const bridge = await helpers.upgrades.deployProxy("Bridge", {
+    contractName:
+      process.env.TEST_USE_STUBS_TBTC === "true" ? "BridgeStub" : undefined,
+    initializerArgs: [
+      Bank.address,
+      Relay.address,
+      treasury,
+      WalletRegistry.address,
+      txProofDifficultyFactor,
+    ],
+    factoryOpts: {
+      signer: await ethers.getSigner(deployer),
+      libraries: {
+        Deposit: Deposit.address,
+        DepositSweep: DepositSweep.address,
+        Redemption: Redemption.address,
+        Wallets: Wallets.address,
+        Fraud: Fraud.address,
+        MovingFunds: MovingFunds.address,
+      },
+    },
+    proxyOpts: {
+      kind: "transparent",
+      // Allow external libraries linking. We need to ensure manually that the
+      // external  libraries we link are upgrade safe, as the OpenZeppelin plugin
+      // doesn't perform such a validation yet.
+      // See: https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#why-cant-i-use-external-libraries
+      unsafeAllow: ["external-library-linking"],
+    },
+  })
+
+  if (hre.network.tags.tenderly) {
+    await hre.tenderly.verify({
+      name: "Bridge",
+      address: bridge.address,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["Bridge"]
+func.dependencies = ["Bank", "Relay", "Treasury", "WalletRegistry"]

package/deploy/06_deploy_tbtc_vault.ts

@@ -0,0 +1,30 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { deployments, getNamedAccounts } = hre
+  const { deploy } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const Bank = await deployments.get("Bank")
+  const TBTC = await deployments.get("TBTC")
+
+  const TBTCVault = await deploy("TBTCVault", {
+    contract: "TBTCVault",
+    from: deployer,
+    args: [Bank.address, TBTC.address],
+    log: true,
+  })
+
+  if (hre.network.tags.tenderly) {
+    await hre.tenderly.verify({
+      name: "TBTCVault",
+      address: TBTCVault.address,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["TBTCVault"]
+func.dependencies = ["Bank", "TBTC"]

package/deploy/07_deploy_bridge_governance.ts

@@ -0,0 +1,40 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { deployments, getNamedAccounts } = hre
+  const { deploy } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const Bridge = await deployments.get("Bridge")
+
+  const BridgeGovernanceParameters = await deployments.deploy(
+    "BridgeGovernanceParameters",
+    {
+      from: deployer,
+      log: true,
+    }
+  )
+
+  const GOVERNANCE_DELAY = 604800 // 1 week
+
+  const BridgeGovernance = await deploy("BridgeGovernance", {
+    from: deployer,
+    args: [Bridge.address, GOVERNANCE_DELAY],
+    log: true,
+    libraries: {
+      BridgeGovernanceParameters: BridgeGovernanceParameters.address,
+    },
+  })
+
+  if (hre.network.tags.tenderly) {
+    await hre.tenderly.verify({
+      name: "BridgeGovernance",
+      address: BridgeGovernance.address,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["BridgeGovernance"]

package/deploy/08_deploy_maintainer_proxy.ts

@@ -0,0 +1,30 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { deployments, getNamedAccounts } = hre
+  const { deploy } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const Bridge = await deployments.get("Bridge")
+  const ReimbursementPool = await deployments.get("ReimbursementPool")
+
+  const MaintainerProxy = await deploy("MaintainerProxy", {
+    contract: "MaintainerProxy",
+    from: deployer,
+    args: [Bridge.address, ReimbursementPool.address],
+    log: true,
+  })
+
+  if (hre.network.tags.tenderly) {
+    await hre.tenderly.verify({
+      name: "MaintainerProxy",
+      address: MaintainerProxy.address,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["MaintainerProxy"]
+func.dependencies = ["Bridge", "ReimbursementPool"]

package/deploy/09_bank_update_bridge.ts

@@ -0,0 +1,19 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { getNamedAccounts, deployments } = hre
+  const { execute, log } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const Bridge = await deployments.get("Bridge")
+
+  log("updating Bridge in Bank")
+
+  await execute("Bank", { from: deployer }, "updateBridge", Bridge.address)
+}
+
+export default func
+
+func.tags = ["BankUpdateBridge"]
+func.dependencies = ["Bank", "Bridge"]

package/deploy/10_transfer_bank_ownership.ts

@@ -0,0 +1,15 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { getNamedAccounts, helpers } = hre
+  const { deployer, governance } = await getNamedAccounts()
+
+  await helpers.ownable.transferOwnership("Bank", governance, deployer)
+}
+
+export default func
+
+func.tags = ["TransferBankOwnership"]
+func.dependencies = ["Bank"]
+func.runAtTheEnd = true

package/deploy/11_transfer_bridge_governance.ts

@@ -0,0 +1,22 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { getNamedAccounts, deployments } = hre
+  const { deployer } = await getNamedAccounts()
+
+  const BridgeGovernance = await deployments.get("BridgeGovernance")
+
+  await deployments.execute(
+    "Bridge",
+    { from: deployer },
+    "transferGovernance",
+    BridgeGovernance.address
+  )
+}
+
+export default func
+
+func.tags = ["TransferBridgeGovernance"]
+func.dependencies = ["Bridge"]
+func.runAtTheEnd = true

package/deploy/12_transfer_bridge_governance_ownership.ts

@@ -0,0 +1,19 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { getNamedAccounts, helpers } = hre
+  const { deployer, governance } = await getNamedAccounts()
+
+  await helpers.ownable.transferOwnership(
+    "BridgeGovernance",
+    governance,
+    deployer
+  )
+}
+
+export default func
+
+func.tags = ["BridgeGovernanceOwnership"]
+func.dependencies = ["BridgeGovernance"]
+func.runAtTheEnd = true