Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AnchorStateRegistry Implementation to OPSM #11955

Merged
merged 24 commits into from
Sep 23, 2024
Merged

Add AnchorStateRegistry Implementation to OPSM #11955

merged 24 commits into from
Sep 23, 2024
+163 −24

Conversation

maurelian
Copy link
Contributor

@maurelian maurelian commented Sep 17, 2024
edited
Loading

TL;DR

Added support for starting anchor roots in the OPStackManager deployment process.

What changed?

  • Updated DeployOPChainInput to include startingAnchorRoots field
  • Modified OPStackManager to accept and use startingAnchorRoots in the deployment process
  • Updated DeployOPChain script to pass startingAnchorRoots to the OPStackManager
  • Added initialization for AnchorStateRegistry in the deployment process
  • Updated relevant tests to include startingAnchorRoots in their setup and assertions

@maurelian maurelian mentioned this pull request Sep 17, 2024
Merged
@maurelian Graphite App
Copy link
Contributor Author

maurelian commented Sep 17, 2024
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @maurelian and the rest of your teammates on Graphite Graphite

@maurelian maurelian mentioned this pull request Sep 17, 2024
Closed
@maurelian maurelian changed the title --wip-- Add AnchorStateRegistry Implementation to OPSM Sep 17, 2024
Base automatically changed from opsm/fpac-asr-proxy to develop September 17, 2024 21:25
@maurelian
feat: Return startingAnchorInputs as bytes
b187867 
The op-deployer tooling does not support structs, therefore we need to
return a more generic type for compatibility.
@semgrep-app semgrep-app
Copy link
Contributor

semgrep-app bot commented Sep 19, 2024

Semgrep found 1 no-direct-write-to-responsewriter finding:

  • op-challenger/game/fault/trace/prestates/multi_test.go

Detected directly writing or similar in 'http.ResponseWriter.write()'. This bypasses HTML escaping that prevents cross-site scripting vulnerabilities. Instead, use the 'html/template' package and render data using 'template.Execute()'.

Ignore this finding from no-direct-write-to-responsewriter.

Semgrep found 1 no-direct-write-to-responsewriter-taint finding:

  • op-challenger/game/fault/trace/prestates/multi_test.go

Untrusted input could be used to tamper with a web page rendering, which can lead to a Cross-site scripting (XSS) vulnerability. XSS vulnerabilities occur when untrusted input executes malicious JavaScript code, leading to issues such as account compromise and sensitive information leakage. To prevent this vulnerability, validate the user input, perform contextual output encoding or sanitize the input. For more information, see: Go XSS prevention.

View Dataflow Graph 
flowchart LR
    classDef invis fill:white, stroke: none
    classDef default fill:#e7f5ff, color:#1c7fd6, stroke: none

    subgraph File0["<b>op-challenger/game/fault/trace/prestates/multi_test.go</b>"]
        direction LR
        %% Source

        subgraph Source
            direction LR

            v0["<a href=https://github.com/ethereum-optimism/optimism/blob/98c5c10c332b7776bde230d992e8fea449a6dcb1/op-challenger/game/fault/trace/prestates/multi_test.go#L42 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 42] r.URL</a>"]
        end
        %% Intermediate

        %% Sink

        subgraph Sink
            direction LR

            v1["<a href=https://github.com/ethereum-optimism/optimism/blob/98c5c10c332b7776bde230d992e8fea449a6dcb1/op-challenger/game/fault/trace/prestates/multi_test.go#L42 target=_blank style='text-decoration:none; color:#1c7fd6'>[Line: 42] w.Write([]byte(r.URL.Path))</a>"]
        end
    end
    %% Class Assignment
    Source:::invis
    Sink:::invis

    File0:::invis

    %% Connections

    Source --> Sink
Loading
Ignore this finding from no-direct-write-to-responsewriter-taint.

@maurelian maurelian marked this pull request as ready for review September 19, 2024 16:29
@maurelian maurelian requested review from a team as code owners September 19, 2024 16:29
@semgrep-app semgrep-app
Copy link
Contributor

semgrep-app bot commented Sep 20, 2024

Semgrep found 13 sol-style-notice-over-dev-natspec findings:

Prefer @notice over @dev in natspec comments

Ignore this finding from sol-style-notice-over-dev-natspec.

@mds1 mds1 mentioned this pull request Sep 20, 2024
Closed
@mds1 mds1 enabled auto-merge September 23, 2024 13:31
@mds1 mds1 disabled auto-merge September 23, 2024 13:33
@mds1 mds1 enabled auto-merge September 23, 2024 13:33
@mds1 mds1 added this pull request to the merge queue Sep 23, 2024
Merged via the queue into develop with commit 2f2554a Sep 23, 2024
64 checks passed
@mds1 mds1 deleted the opsm/fpac-asr-imp branch September 23, 2024 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mslipper mslipper mslipper approved these changes

@Inphi Inphi Inphi approved these changes

@mds1 mds1 mds1 approved these changes

@semgrep-app semgrep-app semgrep-app left review comments

@geoknee geoknee Awaiting requested review from geoknee geoknee is a code owner automatically assigned from ethereum-optimism/op-stack

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@maurelian @mslipper @Inphi @mds1