Feat/mcp: implement post check script

.circleci/config.yml

@@ -109,6 +109,7 @@ jobs:
       - run:
           name: just simulate 006-MCP-L1
           command: |
+            go install github.com/mikefarah/yq/v4@latest
             just install
             forge clean
             forge build

.gitmodules

@@ -20,3 +20,6 @@
 [submodule "lib/solady"]
 	path = lib/solady
 	url = https://github.com/Vectorized/solady
+[submodule "lib/superchain-registry"]
+	path = lib/superchain-registry
+	url = https://github.com/ethereum-optimism/superchain-registry

README.md

@@ -70,6 +70,15 @@ We’ll use the [eip712sign](https://github.com/base-org/eip712sign) utility dev
 You should see a message something like this:
   ` One (and only one) of --private-key, --ledger, --mnemonic must be set`
 
+### Installing `mikefarah/yq`
+
+We’ll use `mikefarah/yq` to parse `.yaml` files:
+
+1. From the command prompt run:
+  `go install github.com/mikefarah/yq/v4@latest`
+2. Verify the installation by typing `$(go env GOPATH)/bin/yq --version`
+3. You should see the version number printed. This repo has been tested with version `4.43.1`.
+
 ### Installing foundry
 
 We’ll use foundry to simulate the transaction we’re approving:

foundry.toml

@@ -7,14 +7,17 @@ optimizer_runs = 999999
 solc_version = "0.8.15"
 via_ir = true
 broadcast = 'records'
-fs_permissions = [ {access = "read-write", path = "./"} ]
+fs_permissions = [{ access = "read-write", path = "./" }]
+# Enable FFI for reading lib/superchain-registry files in scripts SignFromJson.s.sol, NestedSignFromJson.s.sol within tasks
+ffi = true
 
 remappings = [
   '@openzeppelin/contracts-upgradeable/=lib/optimism/packages/contracts-bedrock/lib/openzeppelin-contracts-upgradeable/contracts/',
   '@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts',
   '@base-contracts/=lib/base-contracts/',
   '@eth-optimism-bedrock/=lib/optimism/packages/contracts-bedrock/',
   '@rari-capital/solmate/=lib/solmate',
+  '@eth-optimism-superchain-registry/=lib/superchain-registry/',
   'forge-std/=lib/forge-std/src/',
 ]
 

nested.just

@@ -18,6 +18,12 @@ export randomPersonEoa := "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
 simulate whichSafe hdPath='0':
   #!/usr/bin/env bash
   bundlePath=${taskPath}/${bundleName}.json
+  script=NestedSignFromJson
+  if [ -f "${taskPath}/NestedSignFromJson.s.sol" ]; then
+    script="${taskPath}/NestedSignFromJson.s.sol"
+    echo "Running script with assertions"
+  fi
+  echo "Using script ${script}"
   echo "getting signer address for {{whichSafe}}..."
 
   if [ "{{whichSafe}}" == "foundation" ]; then
@@ -38,7 +44,7 @@ simulate whichSafe hdPath='0':
       echo "Simulating without ledger using the first owner account: ${signer}"
   fi
   echo ""
-  forge script NestedSignFromJson \
+  forge script ${script} \
     --rpc-url ${rpcUrl} \
     --sender ${signer} \
     --sig "signJson(string,address)" \
@@ -48,6 +54,12 @@ simulate whichSafe hdPath='0':
 sign whichSafe hdPath='0':
   #!/usr/bin/env bash
   bundlePath=${taskPath}/${bundleName}.json
+  script=NestedSignFromJson
+  if [ -f "${taskPath}/NestedSignFromJson.s.sol" ]; then
+    script="${taskPath}/NestedSignFromJson.s.sol"
+    echo "Running script with assertions"
+  fi
+  echo "Using script ${script}"
   if [ "{{whichSafe}}" == "foundation" ]; then
     safe="{{foundationSafe}}"
     echo "Using foundation safe at ${safe}"
@@ -61,7 +73,7 @@ sign whichSafe hdPath='0':
   echo "Signing with: ${signer}"
   echo ""
   $(git rev-parse --show-toplevel)/bin/eip712sign --ledger --hd-paths "m/44'/60'/{{hdPath}}'/0/0" -- \
-  forge script NestedSignFromJson \
+  forge script ${script} \
     --rpc-url ${rpcUrl} \
     --sig "signJson(string,address)" \
     ${bundlePath} \
@@ -70,6 +82,12 @@ sign whichSafe hdPath='0':
 approve whichSafe hdPath='0':
   #!/usr/bin/env bash
   bundlePath=${taskPath}/${bundleName}.json
+  script=NestedSignFromJson
+  if [ -f "${taskPath}/NestedSignFromJson.s.sol" ]; then
+    script="${taskPath}/NestedSignFromJson.s.sol"
+    echo "Running script with assertions"
+  fi
+  echo "Using script ${script}"
   if [ "{{whichSafe}}" == "foundation" ]; then
     safe="{{foundationSafe}}"
     echo "Using foundation safe at ${safe}"
@@ -79,7 +97,7 @@ approve whichSafe hdPath='0':
     echo "Using council safe at ${safe}"
   fi
   sender=$(cast wallet address --ledger --mnemonic-derivation-path "m/44'/60'/{{hdPath}}'/0/0")
-  forge script NestedSignFromJson \
+  forge script ${script} \
     --fork-url ${rpcUrl} \
     --ledger --hd-paths "m/44'/60'/{{hdPath}}'/0/0" \
     --broadcast \
@@ -92,8 +110,14 @@ approve whichSafe hdPath='0':
 execute hdPath='0':
   #!/usr/bin/env bash
   bundlePath=${taskPath}/${bundleName}.json
+  script=NestedSignFromJson
+  if [ -f "${taskPath}/NestedSignFromJson.s.sol" ]; then
+    script="${taskPath}/NestedSignFromJson.s.sol"
+    echo "Running script with assertions"
+  fi
+  echo "Using script ${script}"
   sender=$(cast wallet address --ledger --mnemonic-derivation-path "m/44'/60'/{{hdPath}}'/0/0")
-  forge script NestedSignFromJson \
+  forge script ${script} \
     --fork-url ${rpcUrl} \
     --ledger --hd-paths "m/44'/60'/{{hdPath}}'/0/0" \
     --broadcast \
@@ -104,7 +128,13 @@ execute hdPath='0':
 simulated-run hdPath='0':
   #!/usr/bin/env bash
   bundlePath=${taskPath}/${bundleName}.json
-  forge script NestedSignFromJson \
+  script=NestedSignFromJson
+  if [ -f "${taskPath}/NestedSignFromJson.s.sol" ]; then
+    script="${taskPath}/NestedSignFromJson.s.sol"
+    echo "Running script with assertions"
+  fi
+  echo "Using script ${script}"
+  forge script ${script} \
     --fork-url ${rpcUrl} \
     --sender ${randomPersonEoa} \
     --sig "runJson(string)" \

script/DeployRehearsalContracts.s.sol

@@ -2,6 +2,7 @@
 pragma solidity ^0.8.0;
 
 import {Deployer} from "@eth-optimism-bedrock/scripts/Deployer.sol";
+import {Config} from "@eth-optimism-bedrock/scripts/Config.sol";
 import {GnosisSafe} from "safe-contracts/GnosisSafe.sol";
 import {ProxyAdmin} from "@eth-optimism-bedrock/src/universal/ProxyAdmin.sol";
 import {Proxy} from "@eth-optimism-bedrock/src/universal/Proxy.sol";
@@ -31,8 +32,8 @@ contract DeployRehearsalContracts is Deployer {
 
         require(owner_safe.isOwner(address(council_safe)));
 
-        console.log("Deploying from %s", deployScript);
-        console.log("Deployment context: %s", deploymentContext);
+        console.log("Deploying from %s", name());
+        console.log("Deployment context: %s", Config.deploymentContext());
     }
 
     function run() public {

script/NestedSignFromJson.s.sol

@@ -8,22 +8,30 @@ import {stdJson} from "forge-std/StdJson.sol";
 import {console} from "forge-std/console.sol";
 
 contract NestedSignFromJson is NestedMultisigBuilder, JsonTxBuilderBase {
+    address globalSignerSafe; // Hack to avoid passing signerSafe as an input to many functions.
+
     /// @dev Signs the approveHash transaction from the Nested Safe to the System Owner Safe.
     function signJson(string memory _path, address _signerSafe) public {
         _loadJson(_path);
         sign(_signerSafe);
+        globalSignerSafe = _signerSafe;
+        _postCheckWithSim();
     }
 
     /// @dev Submits signatures to call approveHash on the System Owner Safe.
     function approveJson(string memory _path, address _signerSafe, bytes memory _signatures) public {
         _loadJson(_path);
         approve(_signerSafe, _signatures);
+        globalSignerSafe = _signerSafe;
+        _postCheckWithSim();
     }
 
     /// @dev Executes the transaction from the System Owner Safe.
     function runJson(string memory _path) public {
         _loadJson(_path);
         run();
+        // globalSignerSafe = _signerSafe; // TODO how to handle this one?
+        // _postCheckWithSim();
     }
 
     function _buildCalls() internal view override returns (IMulticall3.Call3[] memory) {
@@ -34,5 +42,10 @@ contract NestedSignFromJson is NestedMultisigBuilder, JsonTxBuilderBase {
         return vm.envAddress("OWNER_SAFE");
     }
 
-    function _postCheck() internal view override {}
+    function _postCheck() internal view virtual override {}
+
+    // A thorough postCheck would apply the needed state overrides and run the simulation, then
+    // execute those assertions against the resulting state. Using `vm.store` changes state therefore
+    // the postCheck methods cannot be `view`, which is why we have this alternate version.
+    function _postCheckWithSim() internal virtual {}
 }

script/SignFromJson.s.sol

@@ -11,11 +11,13 @@ contract SignFromJson is MultisigBuilder, JsonTxBuilderBase {
     function signJson(string memory _path) public {
         _loadJson(_path);
         sign();
+        _postCheck();
     }
 
     function runJson(string memory _path, bytes memory _signatures) public {
         _loadJson(_path);
         run(_signatures);
+        _postCheck();
     }
 
     function _buildCalls() internal view override returns (IMulticall3.Call3[] memory) {
@@ -27,5 +29,5 @@ contract SignFromJson is MultisigBuilder, JsonTxBuilderBase {
         return vm.envAddress("OWNER_SAFE");
     }
 
-    function _postCheck() internal view override {}
+    function _postCheck() internal view virtual override {}
 }

single.just

@@ -12,6 +12,11 @@ export foundationOwner0 := "0x42d27eEA1AD6e22Af6284F609847CB3Cd56B9c64"
 simulate hdPath='0':
   #!/usr/bin/env bash
   bundlePath=${taskPath}/${bundleName}.json
+  script=SignFromJson
+  if [ -f "${taskPath}/SignFromJson.s.sol" ]; then
+    script="${taskPath}/SignFromJson.s.sol"
+  fi
+  echo "Using script ${script}"
   echo "getting signer address..."
   if [ ! -z "$SIMULATE_WITHOUT_LEDGER" ]
   then
@@ -22,31 +27,41 @@ simulate hdPath='0':
   echo "Simulating with: ${signer}"
   echo ""
   forge build
-  forge script SignFromJson \
+  forge script ${script} \
     --rpc-url ${rpcUrl} \
     --sig "signJson(string)" ${bundlePath} \
     --sender ${signer}
 
 sign hdPath='0':
   #!/usr/bin/env bash
   bundlePath=${taskPath}/${bundleName}.json
+  script=SignFromJson
+  if [ -f "${taskPath}/SignFromJson.s.sol" ]; then
+    script="${taskPath}/SignFromJson.s.sol"
+  fi
+  echo "Using script ${script}"
   echo "getting signer address..."
   signer=$(cast wallet address --ledger --mnemonic-derivation-path "m/44'/60'/{{hdPath}}'/0/0")
   echo "Signing with: ${signer}"
   echo ""
   forge build
   $(git rev-parse --show-toplevel)/bin/eip712sign --ledger --hd-paths "m/44'/60'/{{hdPath}}'/0/0" -- \
-  forge script SignFromJson \
+  forge script ${script} \
     --rpc-url ${rpcUrl} \
     --sig "signJson(string)" \
     ${bundlePath}
 
 execute hdPath='0':
   #!/usr/bin/env bash
   bundlePath=${taskPath}/${bundleName}.json
+  script=SignFromJson
+  if [ -f "${taskPath}/SignFromJson.s.sol" ]; then
+    script="${taskPath}/SignFromJson.s.sol"
+  fi
+  echo "Using script ${script}"
   sender=$(cast wallet address --ledger --mnemonic-derivation-path "m/44'/60'/{{hdPath}}'/0/0")
   forge build
-  forge script --fork-url ${ETH_RPC_URL} SignFromJson \
+  forge script --fork-url ${ETH_RPC_URL} ${script} \
     --sig "runJson(string,bytes)" ${bundlePath} ${SIGNATURES} \
     --ledger --hd-paths "m/44'/60'/{{hdPath}}'/0/0" --broadcast \
     --sender ${sender}