feat: semgrep rule preventing initialize without owned check#19002
Merged
smartcontracts merged 3 commits intodevelopfrom Jan 30, 2026
Merged
feat: semgrep rule preventing initialize without owned check#19002smartcontracts merged 3 commits intodevelopfrom
smartcontracts merged 3 commits intodevelopfrom
Conversation
Introduces a new semgrep rule that prevents initialize functions on the L1 side that aren't tagged with the assertOnlyProxyAdminOrProxyAdminOwner assertion.
maurelian
approved these changes
Jan 30, 2026
Contributor
|
LGTM |
0xiamflux
added a commit
to defi-wonderland/optimism
that referenced
this pull request
Feb 2, 2026
* feat: add historical proof support for devstack (ethereum-optimism#18853) * historical proof support for devstack * refactored to use `DEVSTACK_L2EL_KIND` and `L2ELOption` * removed op-reth-with-proof from `DEVSTACK_L2EL_KIND` * added todo issue link --------- Co-authored-by: Arun Dhyani <dhyaniarun7@gmail.com> * feat(ci): refactor circleci configs (ethereum-optimism#18956) * op-acceptance: Make super dispute games only support super node (ethereum-optimism#18977) * feat(ci): add op-rbuilder and kona-node to docker-bake (ethereum-optimism#18966) * feat(ci): add op-rbuilder and kona-node to docker-bake Add docker-bake.hcl targets for the Rust-based images: - op-rbuilder: uses existing Dockerfile in op-rbuilder/ - kona-node: uses kona's generic app dockerfile Update branches.yaml workflow to build these images in the matrix. Add separate cross-platform check for Rust images since they use ENTRYPOINT instead of CMD. * fix: correct dockerfile path for op-rbuilder target * feat(contracts): add OPCMV2 batch upgrade invariant test (ethereum-optimism#18954) * feat(contracts): add OPCMV2 batch upgrade invariant test Implements test to enforce the invariant that approximately 5 upgrade operations can be executed within a single transaction. - Add BatchUpgrader helper contract for batching 5 sequential upgrades - Add test_batchUpgrade_multipleChains_succeeds() test that: - Deploys 5 separate chains using opcmV2.deploy() - Prepares upgrade inputs for each chain - Executes all 5 upgrades in a single transaction via BatchUpgrader - Verifies all chains upgraded successfully (version and impl checks) This validates that OPCMV2's upgrade mechanism is efficient enough for batch operations across multiple chains. * test(contracts): increase batch test to 15 * fix: correct natspec comment * test(contracts): skip batch upgrade test in coverage mode * Add LibString import and enhance batch upgrade error handling * fix: forge fmt * refactor(test): move batch upgrade test to non-forked test contract The test_batchUpgrade_multipleChains_succeeds test deploys fresh chains and doesn't require forked network state. Moved it to a new test contract OPContractsManagerV2_BatchUpgrade_Test that inherits from OPContractsManagerV2_TestInit instead of the fork-only OPContractsManagerV2_Upgrade_TestInit. Changes: - Created OPContractsManagerV2_BatchUpgrade_Test contract - Moved test from OPContractsManagerV2_Upgrade_Test - Replaced disputeGameFactory queries with makeAddr() calls - Test now runs without FORK_TEST=true requirement * feat: allow Feat* prefix in test validation and rename batch upgrade test Updates test validation to accept middle parts starting with `Feat*` as valid test contract patterns. This allows feature test contracts that don't require corresponding source functions. Also renames OPContractsManagerV2_BatchUpgrade_Test to OPContractsManagerV2_FeatBatchUpgrade_Test to follow the new pattern. * fix: bump retries for opcm registry (ethereum-optimism#18983) Bumps the number of retries for OPCM registry queries to get rid of CI flakes. * feat(txmgr): make blob tip cap mechanism configurable (ethereum-optimism#18981) Add configuration flags to the txmgr to make the blob tip cap mechanism configurable: - `txmgr.blob-tip-cap-dynamic`: Enable/disable using the dynamic blob tip oracle (vs static tip cap) for blob transactions only (default: false) - `txmgr.blob-tip-cap-percentile`: Configure the percentile to use when calculating the suggested blob tip cap (default: 60, range: 1-100) - `txmgr.blob-tip-cap-range`: Configure the number of recent blocks to analyze for the distribution (default: 20) These flags only affect blob transactions. Regular (non-blob) transactions continue to use the standard `txmgr.min-tip-cap` / `txmgr.max-tip-cap` settings. The `txmgr.max-tip-cap` setting is still enforced even when using dynamic blob tip cap. Also adds RPC methods (Get/SetBlobTipCapDynamic) to toggle the setting at runtime. Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> * feat: have ASR only use IDisputeGame (ethereum-optimism#18945) * feat: have ASR only use IDisputeGame * fix: remove old test * op-acceptance-test: Support creating honest trace accessor for super games. (ethereum-optimism#18978) * Kona: add `reproducible-prestate` target and remove asterisc support (ethereum-optimism#18879) * kona: add reproducible-prestate justfile target * kona: build docker images from local context and remove asterisc support * kona: Remove version.json and simplify justfile * make reproducible-prestate in main Makefile builds kona also * kona: just clean should not remove bin dir * Improve output of main reproducible-prestate make target * Fix kona prestate loading in acceptance tests * kona: build in docker instead of pulling from upstream * Fix location of kona prestate * Update build-prestates.sh * Refactor build-prestates.sh to build both prestate types on all tags * Remove legacy kona versions that aren't in standard-prestates.toml * Remove additional mise install of just * Hardcode rust version for kona reproducible build * build-prestates.sh: only build prestates that match each tag * devstack: Ensure Supernode is exposed in the sysgo system (ethereum-optimism#18986) * devstack: Ensure Supernode is exposed in the sysgo system * review comments * ensure TestCLAdvanceMultiple passes * bump WS read limit to 10MB (ethereum-optimism#19024) * Fix unbound variable error in build-prestates.sh (ethereum-optimism#19026) * feat: semgrep rule preventing initialize without owned check (ethereum-optimism#19002) * feat: semgrep rule preventing initialize without owned check Introduces a new semgrep rule that prevents initialize functions on the L1 side that aren't tagged with the assertOnlyProxyAdminOrProxyAdminOwner assertion. * fix: remove test because semgrep is bad * fix: more semgrep issues * feat: have graphite review storage layout (ethereum-optimism#19004) * feat: have graphite review storage layout Updates the graphite rules so that the robot will review any changes to the storage layout and try to warn developers for unsafe changes. * fix: handle contract deletions or movements * maint: better comments for migration function (ethereum-optimism#19006) Adds a few expanded comments on aspects about the migration function. * test: make sure OPCMv2 can upgrade while paused (ethereum-optimism#19019) Adds a test to confirm that OPCMv2 is able to execute upgrades even while paused. * fix: add code lenght check for ReadSuperchainDeployment and tests (ethereum-optimism#19021) * fix: add code lenght check for ReadSuperchainDeployment and tests * test: fix populate superchain v2 error string * fix: generic revert error in upgrade scripts (ethereum-optimism#19005) * fix: generic revert error in UpgradeOPChain script * fix: generic revert error in UpgradeSuperchainConfig script * fix: get delayedweth from opcm implementations and remove proxy fetch (ethereum-optimism#19003) * Supernode: Interop Acceptance Testing (ethereum-optimism#18970) * Supernode: Interop Acceptance Testing * merge devstack setups * cleanup * Rework Tests * use system provided supernode client ; lint * Update test name * lint ; address ai comment * fix test requires * use superRoot for more tests ; assert pre/post activation more directly * feat: Improve Game Args interface (ethereum-optimism#18952) * feat: Game Args struct instead of raw bytes (#813) * feat: allows a more structured json for gameArgs in upgrade config instead of requiring raw bytes * chore: reorganize structs declarations, move structs out of the EncodedUpgradeInputV2 func * chore: add edge case check for encoded config length * test: add expected encoding values * chore: remove comment * test: update tests * fix: tests (#823) * fix: add revert case for invalid game type (#825) * fix: add revert case for invalid game type * refactor: better error msg --------- Co-authored-by: niha <205694301+0xniha@users.noreply.github.com> --------- Co-authored-by: jagroot <4516586+itschaindev@users.noreply.github.com> Co-authored-by: Arun Dhyani <dhyaniarun7@gmail.com> Co-authored-by: theo <80177219+theochap@users.noreply.github.com> Co-authored-by: Adrian Sutton <adrian@oplabs.co> Co-authored-by: Federico <14293929+falcorocks@users.noreply.github.com> Co-authored-by: Maurelian <john@oplabs.co> Co-authored-by: smartcontracts <14298799+smartcontracts@users.noreply.github.com> Co-authored-by: Sebastian Stammler <seb@oplabs.co> Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com> Co-authored-by: Paul Dowman <paul@pauldowman.com> Co-authored-by: Inphi <mlaw2501@gmail.com> Co-authored-by: Haardik <haardik.haardik@coinbase.com> Co-authored-by: niha <205694301+0xniha@users.noreply.github.com> Co-authored-by: Axel Kingsley <axel.kingsley@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduces a new semgrep rule that prevents initialize functions on the L1 side that aren't tagged with the
assertOnlyProxyAdminOrProxyAdminOwner assertion.