@keep-network/tbtc-v2 0.1.1-dev.101 → 0.1.1-dev.104

package/build/contracts/token/TBTC.sol/TBTC.dbg.json

@@ -1,4 +1,4 @@
 {
   "_format": "hh-sol-dbg-1",
-  "buildInfo": "../../../build-info/40c79653ea2ed641b43c801c288b535d.json"
+  "buildInfo": "../../../build-info/af4088d07d242870c25a4caa413f2a4e.json"
 }

package/build/contracts/vault/DonationVault.sol/DonationVault.dbg.json

@@ -1,4 +1,4 @@
 {
   "_format": "hh-sol-dbg-1",
-  "buildInfo": "../../../build-info/40c79653ea2ed641b43c801c288b535d.json"
+  "buildInfo": "../../../build-info/af4088d07d242870c25a4caa413f2a4e.json"
 }

package/build/contracts/vault/IVault.sol/IVault.dbg.json

@@ -1,4 +1,4 @@
 {
   "_format": "hh-sol-dbg-1",
-  "buildInfo": "../../../build-info/40c79653ea2ed641b43c801c288b535d.json"
+  "buildInfo": "../../../build-info/af4088d07d242870c25a4caa413f2a4e.json"
 }

package/build/contracts/vault/TBTCVault.sol/TBTCVault.dbg.json

@@ -1,4 +1,4 @@
 {
   "_format": "hh-sol-dbg-1",
-  "buildInfo": "../../../build-info/40c79653ea2ed641b43c801c288b535d.json"
+  "buildInfo": "../../../build-info/af4088d07d242870c25a4caa413f2a4e.json"
 }

package/contracts/bridge/Bridge.sol

@@ -472,10 +472,10 @@ contract Bridge is
     ///        - redeemer: The Ethereum address of the redeemer who will be able
     ///        to claim Bank balance if anything goes wrong during the redemption.
     ///        In the most basic case, when someone redeems their balance
-    ///        from the Bank, `balanceOwner` is the same as `redemeer`.
+    ///        from the Bank, `balanceOwner` is the same as `redeemer`.
     ///        However, when a Vault is redeeming part of its balance for some
     ///        redeemer address (for example, someone who has earlier deposited
-    ///        into that Vault), `balanceOwner` is the Vault, and `redemeer` is
+    ///        into that Vault), `balanceOwner` is the Vault, and `redeemer` is
     ///        the address for which the vault is redeeming its balance to,
     ///        - walletPubKeyHash: The 20-byte wallet public key hash (computed
     ///        using Bitcoin HASH160 over the compressed ECDSA public key),

package/contracts/bridge/BridgeGovernance.sol

@@ -336,7 +336,7 @@ contract BridgeGovernance is Ownable {
 
     /// @notice Finalizes the bridge governance transfer process.
     /// @dev Can be called only by the contract owner, after the governance
-    ///      delay elapses. Bridge governance trannsferred event can be read
+    ///      delay elapses. Bridge governance transferred event can be read
     ///      from the Governable bridge contract 'GovernanceTransferred(old, new)'.
     ///      Event that informs about the transfer in this function is skipped on
     ///      purpose to go down with the contract size.
@@ -1329,7 +1329,7 @@ contract BridgeGovernance is Ownable {
         walletData.finalizeWalletMaxAgeUpdate(governanceDelay());
     }
 
-    /// @notice Begins the wallet max btc transafer amount update process.
+    /// @notice Begins the wallet max btc transfer amount update process.
     /// @dev Can be called only by the contract owner.
     /// @param _newWalletMaxBtcTransfer New wallet max btc transfer.
     function beginWalletMaxBtcTransferUpdate(uint64 _newWalletMaxBtcTransfer)

package/contracts/bridge/Redemption.sol

@@ -218,7 +218,7 @@ library Redemption {
     ///        the Ethereum chain.
     /// @param balanceOwner The address of the Bank balance owner whose balance
     ///        is getting redeemed. Balance owner address is stored as
-    ///        a redemeer address who will be able co claim back the Bank
+    ///        a redeemer address who will be able co claim back the Bank
     ///        balance if anything goes wrong during the redemption.
     /// @param redeemerOutputScript The redeemer's length-prefixed output
     ///        script (P2PKH, P2WPKH, P2SH or P2WSH) that will be used to lock
@@ -289,10 +289,10 @@ library Redemption {
     ///        - redeemer: The Ethereum address of the redeemer who will be able
     ///        to claim Bank balance if anything goes wrong during the redemption.
     ///        In the most basic case, when someone redeems their Bitcoin
-    ///        balance from the Bank, `balanceOwner` is the same as `redemeer`.
+    ///        balance from the Bank, `balanceOwner` is the same as `redeemer`.
     ///        However, when a Vault is redeeming part of its balance for some
     ///        redeemer address (for example, someone who has earlier deposited
-    ///        into that Vault), `balanceOwner` is the Vault, and `redemeer` is
+    ///        into that Vault), `balanceOwner` is the Vault, and `redeemer` is
     ///        the address for which the vault is redeeming its balance to,
     ///        - walletPubKeyHash: The 20-byte wallet public key hash (computed
     ///        using Bitcoin HASH160 over the compressed ECDSA public key),

package/contracts/maintainer/MaintainerProxy.sol

@@ -0,0 +1,512 @@
+// SPDX-License-Identifier: MIT
+
+// ██████████████     ▐████▌     ██████████████
+// ██████████████     ▐████▌     ██████████████
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+// ██████████████     ▐████▌     ██████████████
+// ██████████████     ▐████▌     ██████████████
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+
+pragma solidity ^0.8.9;
+
+import "@openzeppelin/contracts/access/Ownable.sol";
+import "@keep-network/random-beacon/contracts/Reimbursable.sol";
+import "@keep-network/random-beacon/contracts/ReimbursementPool.sol";
+
+import "../bridge/BitcoinTx.sol";
+import "../bridge/Bridge.sol";
+
+/// @title Maintainer Proxy
+/// @notice Maintainers are the willing off-chain clients approved by the governance.
+///         Maintainers proxy calls to the Bridge contract via 'MaintainerProxy'
+///         and are refunded for the spent gas from the Reimbursement Pool.
+///         Only the authorized maintainers can call 'MaintainerProxy' functions.
+contract MaintainerProxy is Ownable, Reimbursable {
+    Bridge public bridge;
+
+    /// @notice Authorized maintainers that can interact with the set of functions
+    ///         for maintainers only. Authorization can be granted and removed by
+    ///         the governance.
+    /// @dev    'Key' is the address of the maintainer. 'Value' represents an index+1
+    ///         in the 'maintainers' array. 1 was added so the maintainer index can
+    ///         never be 0 which is a reserved index for a non-existent maintainer
+    ///         in this map.
+    mapping(address => uint256) public isAuthorized;
+
+    /// @notice This list of maintainers keeps the order of which maintainer should
+    ///         be submitting a next transaction. It does not enforce the order
+    ///         but only tracks who should be next in line.
+    address[] public maintainers;
+
+    /// @notice Gas that is meant to balance the submission of deposit sweep proof
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public submitDepositSweepProofGasOffset;
+
+    /// @notice Gas that is meant to balance the submission of redemption proof
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public submitRedemptionProofGasOffset;
+
+    /// @notice Gas that is meant to balance the submission of moving funds commitment
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public submitMovingFundsCommitmentGasOffset;
+
+    /// @notice Gas that is meant to balance the reset of moving funds timeout
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public resetMovingFundsTimeoutGasOffset;
+
+    /// @notice Gas that is meant to balance the submission of moving funds proof
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public submitMovingFundsProofGasOffset;
+
+    /// @notice Gas that is meant to balance the notification of moving funds below
+    ///         dust overall cost. Can be updated by the governance based on the
+    ///         current market conditions.
+    uint256 public notifyMovingFundsBelowDustGasOffset;
+
+    /// @notice Gas that is meant to balance the submission of moved funds sweep
+    ///         proof overall cost. Can be updated by the governance based on the
+    ///         current market conditions.
+    uint256 public submitMovedFundsSweepProofGasOffset;
+
+    /// @notice Gas that is meant to balance the request of a new wallet overall
+    ///         cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public requestNewWalletGasOffset;
+
+    /// @notice Gas that is meant to balance the notification of closeable wallet
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public notifyWalletCloseableGasOffset;
+
+    /// @notice Gas that is meant to balance the notification of wallet closing
+    ///         period elapsed overall cost. Can be updated by the governance
+    ///         based on the current market conditions.
+    uint256 public notifyWalletClosingPeriodElapsedGasOffset;
+
+    /// @notice Gas that is meant to balance the defeat fraud challenge
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public defeatFraudChallengeGasOffset;
+
+    /// @notice Gas that is meant to balance the defeat fraud challenge with heartbeat
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public defeatFraudChallengeWithHeartbeatGasOffset;
+
+    event MaintainerAuthorized(address indexed maintainer);
+
+    event MaintainerUnauthorized(address indexed maintainer);
+
+    event BridgeUpdated(address newBridge);
+
+    event GasOffsetParametersUpdated(
+        uint256 submitDepositSweepProofGasOffset,
+        uint256 submitRedemptionProofGasOffset,
+        uint256 submitMovingFundsCommitmentGasOffset,
+        uint256 resetMovingFundsTimeoutGasOffset,
+        uint256 submitMovingFundsProofGasOffset,
+        uint256 notifyMovingFundsBelowDustGasOffset,
+        uint256 submitMovedFundsSweepProofGasOffset,
+        uint256 requestNewWalletGasOffset,
+        uint256 notifyWalletCloseableGasOffset,
+        uint256 notifyWalletClosingPeriodElapsedGasOffset,
+        uint256 defeatFraudChallengeGasOffset,
+        uint256 defeatFraudChallengeWithHeartbeatGasOffset
+    );
+
+    modifier onlyMaintainer() {
+        require(isAuthorized[msg.sender] != 0, "Caller is not authorized");
+        _;
+    }
+
+    modifier onlyReimbursableAdmin() override {
+        require(owner() == msg.sender, "Caller is not the owner");
+        _;
+    }
+
+    constructor(Bridge _bridge, ReimbursementPool _reimbursementPool) {
+        bridge = _bridge;
+        reimbursementPool = _reimbursementPool;
+        submitDepositSweepProofGasOffset = 27000;
+        submitRedemptionProofGasOffset = 9750;
+        submitMovingFundsCommitmentGasOffset = 8000;
+        resetMovingFundsTimeoutGasOffset = 1000;
+        submitMovingFundsProofGasOffset = 15000;
+        notifyMovingFundsBelowDustGasOffset = 3500;
+        submitMovedFundsSweepProofGasOffset = 22000;
+        requestNewWalletGasOffset = 3500;
+        notifyWalletCloseableGasOffset = 4000;
+        notifyWalletClosingPeriodElapsedGasOffset = 3000;
+        defeatFraudChallengeGasOffset = 10000;
+        defeatFraudChallengeWithHeartbeatGasOffset = 5000;
+    }
+
+    /// @notice Wraps `Bridge.submitDepositSweepProof` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitDepositSweepProof` function documentation.
+    function submitDepositSweepProof(
+        BitcoinTx.Info calldata sweepTx,
+        BitcoinTx.Proof calldata sweepProof,
+        BitcoinTx.UTXO calldata mainUtxo,
+        address vault
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.submitDepositSweepProof(sweepTx, sweepProof, mainUtxo, vault);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitDepositSweepProofGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.submitRedemptionProof` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitRedemptionProof` function documentation.
+    function submitRedemptionProof(
+        BitcoinTx.Info calldata redemptionTx,
+        BitcoinTx.Proof calldata redemptionProof,
+        BitcoinTx.UTXO calldata mainUtxo,
+        bytes20 walletPubKeyHash
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.submitRedemptionProof(
+            redemptionTx,
+            redemptionProof,
+            mainUtxo,
+            walletPubKeyHash
+        );
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitRedemptionProofGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.submitMovingFundsCommitment` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitMovingFundsCommitment` function documentation.
+    function submitMovingFundsCommitment(
+        bytes20 walletPubKeyHash,
+        BitcoinTx.UTXO calldata walletMainUtxo,
+        uint32[] calldata walletMembersIDs,
+        uint256 walletMemberIndex,
+        bytes20[] calldata targetWallets
+    ) external {
+        uint256 gasStart = gasleft();
+
+        bridge.submitMovingFundsCommitment(
+            walletPubKeyHash,
+            walletMainUtxo,
+            walletMembersIDs,
+            walletMemberIndex,
+            targetWallets
+        );
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitMovingFundsCommitmentGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.resetMovingFundsTimeout` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.resetMovingFundsTimeout` function documentation.
+    function resetMovingFundsTimeout(bytes20 walletPubKeyHash) external {
+        uint256 gasStart = gasleft();
+
+        bridge.resetMovingFundsTimeout(walletPubKeyHash);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + resetMovingFundsTimeoutGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.submitMovingFundsProof` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitMovingFundsProof` function documentation.
+    function submitMovingFundsProof(
+        BitcoinTx.Info calldata movingFundsTx,
+        BitcoinTx.Proof calldata movingFundsProof,
+        BitcoinTx.UTXO calldata mainUtxo,
+        bytes20 walletPubKeyHash
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.submitMovingFundsProof(
+            movingFundsTx,
+            movingFundsProof,
+            mainUtxo,
+            walletPubKeyHash
+        );
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitMovingFundsProofGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.notifyMovingFundsBelowDust` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.notifyMovingFundsBelowDust` function documentation.
+    function notifyMovingFundsBelowDust(
+        bytes20 walletPubKeyHash,
+        BitcoinTx.UTXO calldata mainUtxo
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.notifyMovingFundsBelowDust(walletPubKeyHash, mainUtxo);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + notifyMovingFundsBelowDustGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.submitMovedFundsSweepProof` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitMovedFundsSweepProof` function documentation.
+    function submitMovedFundsSweepProof(
+        BitcoinTx.Info calldata sweepTx,
+        BitcoinTx.Proof calldata sweepProof,
+        BitcoinTx.UTXO calldata mainUtxo
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.submitMovedFundsSweepProof(sweepTx, sweepProof, mainUtxo);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitMovedFundsSweepProofGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.requestNewWallet` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.requestNewWallet` function documentation.
+    function requestNewWallet(BitcoinTx.UTXO calldata activeWalletMainUtxo)
+        external
+        onlyMaintainer
+    {
+        uint256 gasStart = gasleft();
+
+        bridge.requestNewWallet(activeWalletMainUtxo);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + requestNewWalletGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.notifyWalletCloseable` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.notifyWalletCloseable` function documentation.
+    function notifyWalletCloseable(
+        bytes20 walletPubKeyHash,
+        BitcoinTx.UTXO calldata walletMainUtxo
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.notifyWalletCloseable(walletPubKeyHash, walletMainUtxo);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + notifyWalletCloseableGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.notifyWalletClosingPeriodElapsed` call and reimburses
+    ///         the caller's transaction cost.
+    /// @dev See `Bridge.notifyWalletClosingPeriodElapsed` function documentation.
+    function notifyWalletClosingPeriodElapsed(bytes20 walletPubKeyHash)
+        external
+        onlyMaintainer
+    {
+        uint256 gasStart = gasleft();
+
+        bridge.notifyWalletClosingPeriodElapsed(walletPubKeyHash);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + notifyWalletClosingPeriodElapsedGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.defeatFraudChallenge` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.defeatFraudChallenge` function documentation.
+    function defeatFraudChallenge(
+        bytes calldata walletPublicKey,
+        bytes calldata preimage,
+        bool witness
+    ) external {
+        uint256 gasStart = gasleft();
+
+        bridge.defeatFraudChallenge(walletPublicKey, preimage, witness);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + defeatFraudChallengeGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.defeatFraudChallengeWithHeartbeat` call and
+    ///         reimburses the caller's transaction cost.
+    /// @dev See `Bridge.defeatFraudChallengeWithHeartbeat` function documentation.
+    function defeatFraudChallengeWithHeartbeat(
+        bytes calldata walletPublicKey,
+        bytes calldata heartbeatMessage
+    ) external {
+        uint256 gasStart = gasleft();
+
+        bridge.defeatFraudChallengeWithHeartbeat(
+            walletPublicKey,
+            heartbeatMessage
+        );
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + defeatFraudChallengeWithHeartbeatGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Authorize a maintainer that can interact with this reimbursement pool.
+    ///         Can be authorized by the owner only.
+    /// @param maintainer Maintainer to authorize.
+    function authorize(address maintainer) external onlyOwner {
+        maintainers.push(maintainer);
+        isAuthorized[maintainer] = maintainers.length;
+
+        emit MaintainerAuthorized(maintainer);
+    }
+
+    /// @notice Unauthorize a maintainer that was previously authorized to interact
+    ///         with the Maintainer Proxy contract. Can be unauthorized by the
+    ///         owner only.
+    /// @dev    The last maintainer is swapped with the one to be unauthorized.
+    ///         The unauthorized maintainer is then removed from the list. An index
+    ///         of the last maintainer is changed with the removed maintainer.
+    ///         Ex.
+    ///         'maintainers' list: [0x1, 0x2, 0x3, 0x4, 0x5]
+    ///         'isAuthorized' map: [0x1 -> 1, 0x2 -> 2, 0x3 -> 3, 0x4 -> 4, 0x5 -> 5]
+    ///         unauthorize: 0x3
+    ///         new 'maintainers' list: [0x1, 0x2, 0x5, 0x4]
+    ///         new 'isAuthorized' map: [0x1 -> 1, 0x2 -> 2, 0x4 -> 4, 0x5 -> 3]
+    /// @param maintainerToUnauthorize Maintainer to unauthorize.
+    function unauthorize(address maintainerToUnauthorize) external onlyOwner {
+        uint256 maintainerIdToUnauthorize = isAuthorized[
+            maintainerToUnauthorize
+        ];
+
+        require(maintainerIdToUnauthorize != 0, "No maintainer to unauthorize");
+
+        address lastMaintainerAddress = maintainers[maintainers.length - 1];
+
+        maintainers[maintainerIdToUnauthorize - 1] = lastMaintainerAddress;
+        maintainers.pop();
+
+        isAuthorized[lastMaintainerAddress] = maintainerIdToUnauthorize;
+
+        delete isAuthorized[maintainerToUnauthorize];
+
+        emit MaintainerUnauthorized(maintainerToUnauthorize);
+    }
+
+    /// @notice Allows the Governance to upgrade the Bridge address.
+    /// @dev The function does not implement any governance delay and does not
+    ///      check the status of the Bridge. The Governance implementation needs
+    ///      to ensure all requirements for the upgrade are satisfied before
+    ///      executing this function.
+    function updateBridge(Bridge _bridge) external onlyOwner {
+        bridge = _bridge;
+
+        emit BridgeUpdated(address(_bridge));
+    }
+
+    /// @notice Updates the values of gas offset parameters.
+    /// @dev Can be called only by the contract owner. The caller is responsible
+    ///      for validating parameters.
+    /// @param newSubmitDepositSweepProofGasOffset New submit deposit sweep
+    ///        proof gas offset.
+    /// @param newSubmitRedemptionProofGasOffset New submit redemption proof gas
+    ///        offset.
+    /// @param newSubmitMovingFundsCommitmentGasOffset New submit moving funds
+    ///        commitment gas offset.
+    /// @param newResetMovingFundsTimeoutGasOffset New reset moving funds
+    ///        timeout gas offset.
+    /// @param newSubmitMovingFundsProofGasOffset New submit moving funds proof
+    ///        gas offset.
+    /// @param newNotifyMovingFundsBelowDustGasOffset New notify moving funds
+    ///        below dust gas offset.
+    /// @param newSubmitMovedFundsSweepProofGasOffset New submit moved funds
+    ///        sweep proof gas offset.
+    /// @param newRequestNewWalletGasOffset New request new wallet gas offset.
+    /// @param newNotifyWalletCloseableGasOffset New notify closeable wallet gas
+    ///        offset.
+    /// @param newNotifyWalletClosingPeriodElapsedGasOffset New notify wallet
+    ///        closing period elapsed gas offset.
+    /// @param newDefeatFraudChallengeGasOffset New defeat fraud challenge gas
+    ///        offset.
+    /// @param newDefeatFraudChallengeWithHeartbeatGasOffset New defeat fraud
+    ///        challenge with heartbeat gas offset.
+    function updateGasOffsetParameters(
+        uint256 newSubmitDepositSweepProofGasOffset,
+        uint256 newSubmitRedemptionProofGasOffset,
+        uint256 newSubmitMovingFundsCommitmentGasOffset,
+        uint256 newResetMovingFundsTimeoutGasOffset,
+        uint256 newSubmitMovingFundsProofGasOffset,
+        uint256 newNotifyMovingFundsBelowDustGasOffset,
+        uint256 newSubmitMovedFundsSweepProofGasOffset,
+        uint256 newRequestNewWalletGasOffset,
+        uint256 newNotifyWalletCloseableGasOffset,
+        uint256 newNotifyWalletClosingPeriodElapsedGasOffset,
+        uint256 newDefeatFraudChallengeGasOffset,
+        uint256 newDefeatFraudChallengeWithHeartbeatGasOffset
+    ) external onlyOwner {
+        submitDepositSweepProofGasOffset = newSubmitDepositSweepProofGasOffset;
+        submitRedemptionProofGasOffset = newSubmitRedemptionProofGasOffset;
+        submitMovingFundsCommitmentGasOffset = newSubmitMovingFundsCommitmentGasOffset;
+        resetMovingFundsTimeoutGasOffset = newResetMovingFundsTimeoutGasOffset;
+        submitMovingFundsProofGasOffset = newSubmitMovingFundsProofGasOffset;
+        notifyMovingFundsBelowDustGasOffset = newNotifyMovingFundsBelowDustGasOffset;
+        submitMovedFundsSweepProofGasOffset = newSubmitMovedFundsSweepProofGasOffset;
+        requestNewWalletGasOffset = newRequestNewWalletGasOffset;
+        notifyWalletCloseableGasOffset = newNotifyWalletCloseableGasOffset;
+        notifyWalletClosingPeriodElapsedGasOffset = newNotifyWalletClosingPeriodElapsedGasOffset;
+        defeatFraudChallengeGasOffset = newDefeatFraudChallengeGasOffset;
+        defeatFraudChallengeWithHeartbeatGasOffset = newDefeatFraudChallengeWithHeartbeatGasOffset;
+
+        emit GasOffsetParametersUpdated(
+            submitDepositSweepProofGasOffset,
+            submitRedemptionProofGasOffset,
+            submitMovingFundsCommitmentGasOffset,
+            resetMovingFundsTimeoutGasOffset,
+            submitMovingFundsProofGasOffset,
+            notifyMovingFundsBelowDustGasOffset,
+            submitMovedFundsSweepProofGasOffset,
+            requestNewWalletGasOffset,
+            notifyWalletCloseableGasOffset,
+            notifyWalletClosingPeriodElapsedGasOffset,
+            defeatFraudChallengeGasOffset,
+            defeatFraudChallengeWithHeartbeatGasOffset
+        );
+    }
+
+    /// @notice Gets an entire array of maintainer addresses.
+    function allMaintainers() external view returns (address[] memory) {
+        return maintainers;
+    }
+}

package/deploy/08_deploy_maintainer_proxy.ts

@@ -0,0 +1,30 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { deployments, getNamedAccounts } = hre
+  const { deploy } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const Bridge = await deployments.get("Bridge")
+  const ReimbursementPool = await deployments.get("ReimbursementPool")
+
+  const MaintainerProxy = await deploy("MaintainerProxy", {
+    contract: "MaintainerProxy",
+    from: deployer,
+    args: [Bridge.address, ReimbursementPool.address],
+    log: true,
+  })
+
+  if (hre.network.tags.tenderly) {
+    await hre.tenderly.verify({
+      name: "MaintainerProxy",
+      address: MaintainerProxy.address,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["MaintainerProxy"]
+func.dependencies = ["Bridge", "ReimbursementPool"]

package/deploy/14_transfer_maintainer_proxy_ownership.ts

@@ -0,0 +1,19 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+import { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { getNamedAccounts, helpers } = hre
+  const { deployer, governance } = await getNamedAccounts()
+
+  await helpers.ownable.transferOwnership(
+    "MaintainerProxy",
+    governance,
+    deployer
+  )
+}
+
+export default func
+
+func.tags = ["TransferMaintainerProxyOwnership"]
+func.dependencies = ["MaintainerProxy"]
+func.runAtTheEnd = true