feat: add L1PortalExecuteL2Call template for L2 actions through OptimismPortal

[0xiamflux]

Description

• Add L1→L2 portal execution template
  • src/improvements/template/L1PortalExecuteL2Call.sol
  • Uses full IOptimismPortal2 (depositTransaction) to dispatch an L2 call from an L1 Safe
  • Config-driven params via config.toml: portal, l2Target, l2Data, gasLimit (uint64), value (default 0), isCreation (default false)
  • Extends SimpleTaskBase for L1 multisig flows; safeAddressString() defaults to ProxyAdminOwner
  • Validation: asserts exactly one portal call with expected calldata/value; allowlists storage/balance changes for OptimismPortal
• Add full portal interface
  • src/improvements/interfaces/IOptimismPortal.sol (complete IOptimismPortal2)
• Scaffold nested rehearsal task
  • src/improvements/tasks/eth/rehearsals/2025-08-11-l1-to-l2-noop/
  • config.toml placeholders and signer README.md with simulate/validate/sign steps

Tests

• Template-level validation enforces encoded calldata and a single portal action
• Manual simulate run expected:
  • Tenderly diff: no unintended changes; shows portal call and event emission

[graphite-app]

The placeholder address 0x1234567890123456789012345678901234567890 should be replaced with the actual OptimismGovernor Proxy address on L2 before using this configuration for the rehearsal. Using a real address ensures that the simulation and validation steps will accurately reflect the intended behavior when executed on-chain.

Spotted by Diamond



Is this helpful? React 👍 or 👎 to let us know.

[graphite-app]

The placeholder address 0x00..1234 in the L2Data is not a valid implementation address for a production deployment. For a proper rehearsal, consider replacing this with either:

1. The current implementation address (for a true no-op upgrade)
2. A valid implementation contract address that exists on L2

This ensures the rehearsal accurately simulates a real governance action. The test example in 014-noop-call-optimismportal demonstrates this approach by using the current implementation address.

Spotted by Diamond



Is this helpful? React 👍 or 👎 to let us know.

[blmalone]

Why is this being put into the rehearsals directory?

[0xiamflux]

GM, our goal here was to add a rehearsal task for a no-op upgrade on the Optimism Governor Proxy on L2 using a newly added template. What would be the best place to do this?

[blmalone]

hm, this rehearsals directory contains templates and ceremonies related to onboarding Security Council members. I don't think this is what you want to do right?

[0xiamflux]

The task was to create a rehearsal upgrade ceremony for the Security Council to complete an end-to-end process of a no-op upgrade in a way that is repeatable.

Which would be a better suited place to put it?

[blmalone]

Is this simply to test this templates functionality? Or have you been in touch with the security council and agreed that this should be a new rehearsal for them to perform when onboarding a security council memeber?

If it's the former, you don't need to add this as a rehearsal. When you create a new template, you just need to follow this guide: https://github.com/ethereum-optimism/superchain-ops/blob/main/src/improvements/doc/NEW_TEMPLATE_GUIDE.md (1. make template 2. make Regression test 3. make example task

[0xiamflux]

We just removed the rehearsal docs in the rehearsal folder on this commit.

[blmalone]

Suggested change

[0xiamflux]

Addressed here.

[blmalone]

Suggested change

	function _validate(VmSafe.AccountAccess[] memory, Action[] memory _actions, address) internal override {
	function _validate(VmSafe.AccountAccess[] memory, Action[] memory _actions, address) internal view override {

[0xiamflux]

Addressed here.

[blmalone]

does this need to take a value? I'm curious as I don't think we've fully tested if the value actually gets transferred.

[0xiamflux]

For the particular use case we had in mind when adding the template it does not need the value, but I think for a general purpose solution is good to have it there. What would be the proper way to fully test and document this?

[blmalone]

Can you hardcode 0 for this first version?

When performing an upgrade action i.e. portal.depositTransaction, this function is executed inside a Multicall3 contract. The safe delegatecall's to the Multicall3 contract. Right now, this will fail because of the require check inside the Multicall3 contract: https://github.com/mds1/multicall3/blob/main/src/Multicall3.sol#L160 (see: stackexchange)

[0xiamflux]

Addressed in here.

[blmalone]

got it, do you want to close this PR in favor of #1231?

[graphite-app]

The _validate function is missing natspec documentation. According to the Solidity Guide, functions should use triple-slash natspec comment style with @notice tags instead of single-line comments. Replace the single-line comment with proper natspec documentation using /// @notice.

Spotted by Diamond (based on custom rule: Custom rules)



Is this helpful? React 👍 or 👎 to let us know.

[graphite-app]

The _getCodeExceptions function is missing natspec documentation. According to the Solidity Guide, functions should use triple-slash natspec comment style with @notice tags instead of single-line comments. Replace the single-line comment with proper natspec documentation using /// @notice.

Spotted by Diamond (based on custom rule: Custom rules)



Is this helpful? React 👍 or 👎 to let us know.

[mds1]

nit, can undo this diff since we don't touch the rehearsals dir anywhere else here

[mds1]

Instead of importing the interface, let's define the relevant interface in this file with interface IOptimismPortal2 { ... }. The reason for this is so that, in the future, the template can keep working for chains running older versions of the OP stack, even if the monorepo submodule version is bumped. In other words, we don't want templates to suddenly break when we bump the submodule version (i.e. if we change the portal interface in the future) because not all chains are necessarily on the latest version at all times, so we prefer to make sure templates continue to work

[mds1]

nit, just to be more precise, assuming this is correct

Suggested change

	bytes public l2Data; // Inner L2 calldata
	bytes public l2Data; // Inner L2 calldata, i.e. the calldata to execute on `l2Target`

[mds1]

The portal has this check so it's arguably unnecessary, but might be better UX to check and revert here if isCreation && l2Target != address(0). Up to you

[0xiamflux]

I do like this, makes sense to early revert before reaching the portal.

[mds1]

For the revshare use case, it might be better UX (fewer playbooks, fewer signatures) to have this template support doing a deposit transaction for many L2s in the same transaction. In that case, we would want to inherit from L2TaskBas instead and have the config inputs be arrays corresponding to the deposit. What do you think here?

[0xiamflux]

Do you think it makes sense to have 2 separate templates one for simpler use cases and the other for multi chain calls?

[0xiamflux]

As we continued working on the Rev Share use case, we have came to the conclusion it should have it’s own, separate template and we can keep this as a general purpose template for more simple cases. Wdyt?

[mds1]

Having a separate template is good with me!

[mds1]

Could just do _toml.readBytes here

[mds1]

nit, prefer abi.encodeCall

[mds1]

This task was recently changed to CANCELLED so we should be able to undo the diff in this task's dir

[graphite-app]

The comment // -------- Config inputs -------- should use triple-slash Solidity NatSpec format: /// -------- Config inputs -------- per the Solidity style guide requirements.

Suggested change

	// -------- Config inputs --------
	/// -------- Config inputs --------

Spotted by Diamond (based on custom rule: Custom rules)



Is this helpful? React 👍 or 👎 to let us know.

[0xiamflux]

Continue review in #1231, leaving this open for now for future reference.