Skip to content
Merged
Show file tree
Hide file tree
Changes from 11 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/tasks/sep/035-base-sep-fusaka-prestate/.env
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
TENDERLY_GAS=16000000
241 changes: 241 additions & 0 deletions src/tasks/sep/035-base-sep-fusaka-prestate/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,241 @@
# 035-base-sep-fusaka-prestate

Status: [DRAFT, NOT READY TO SIGN]

## Objective

This task uses `op-contract/v4.1.0` OPContractsManager to update the prestate of Base Sepolia to the Fusaka compatible prestate.

The [VALIDATION.md](./VALIDATION.md) file contains the calldata and various hashes for this task.
Comment thread
Wazabie marked this conversation as resolved.
Outdated

## Simulation, Signing & Execution

Below you can find the steps to complete the execution of this transaction. Base has a doubly-nested safe architecture which is supported by superchain-ops.
You **MUST** ensure the hashes you generate from running the commands below match the documented hashes. If you notice *any* mismatches, please alert your facilitator **immediately**.

```bash
#
# ┌─────────────────────────────────────────────┐ ┌─────────────────────────────────────────────┐ ┌─────────────────────────────────────────────┐
# │ Base Council │ │ Base Operations │ │ Base Operations │
# │ (3 of 14) │ │ (1 of 14) │ │ (1 of 14) │
# │ 0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f │ │ 0x6AF0674791925f767060Dd52f7fB20984E8639d8 │ │ 0x6AF0674791925f767060Dd52f7fB20984E8639d8 │
# └─────────────────────┬───────────────────────┘ └─────────────────────┬───────────────────────┘ └─────────────────────┬───────────────────────┘
# │ │ │
# └─────────────────┬───────────────────────────────────┘ │
# ▼ │
# ┌─────────────────────────────────────────────┐ │
# │ Base Nested │ │
# │ 0x646132A1667ca7aD00d36616AFBA1A28116C770A │ │
# └─────────────────────┬───────────────────────┘ │
# │ │
# └─────────────────┬────────────────────────────────────────────────────────────────┘
# ▼
# ┌─────────────────────────────────────────────┐
# │ ProxyAdminOwner │
# │ 0x0fe884546476dDd290eC46318785046ef68a0BA9 │
# └─────────────────────────────────────────────┘
```

### Step 1 (Role: Signer) - Base Nested Simulation and Signing

In this section, through a sequence of commands, we will successfully sign this task’s upgrade transaction from the 'base-nested' (`0x646132A1667ca7aD00d36616AFBA1A28116C770A`) safe.

```bash
cd src/tasks/sep/035-base-sep-fusaka-prestate

# Base Council: 0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f
# ┌────────────────────┐
# │ Child Safe Depth 2 │
# │ 'base-council' │
# └────────────────────┘
# │
# └─────────────────┬
# ▼
# ┌────────────────────┐
# │ Child Safe Depth 1 │
# │ 'base-nested' │
# └────────────────────┘
# │
# └──────────┬
# ▼
# ┌─────────────────┐
# │ ProxyAdminOwner │
# └─────────────────┘
SIMULATE_WITHOUT_LEDGER=1 SKIP_DECODE_AND_PRINT=1 just --dotenv-path $(pwd)/.env simulate base-nested base-council
# Expected Hashes
# Domain Hash: 0x0127bbb910536860a0757a9c0ffcdf9e4452220f566ed83af1f27f9e833f0e23
# Message Hash: 0x9442df5eb9142f3cafa0d0229a66e9da653dad5bb9b2969189b619acdb1c8671
# Normalized Hash: 0xccb1531128009f116e4e8608f300128064ddc1585987f9e6441554260f159d8b

# Base Operations: 0x6AF0674791925f767060Dd52f7fB20984E8639d8
# ┌────────────────────┐
# │ Child Safe Depth 2 │
# │ 'base-operations' │
# └────────────────────┘
# │
# └─────────────────┬
# ▼
# ┌────────────────────┐
# │ Child Safe Depth 1 │
# │ 'base-nested' │
# └────────────────────┘
# │
# └──────────┬
# ▼
# ┌─────────────────┐
# │ ProxyAdminOwner │
# └─────────────────┘
SIMULATE_WITHOUT_LEDGER=1 SKIP_DECODE_AND_PRINT=1 just --dotenv-path $(pwd)/.env simulate base-nested base-operations
# Expected Hashes
# Domain Hash: 0x6f25427e79742a1eb82c103e2bf43c85fc59509274ec258ad6ed841c4a0048aa
# Message Hash: 0x6aed739b0f14aeaa148bab6f705a859224f7938c51585d96f1f67b16bb99dd80
# Normalized Hash: 0xccb1531128009f116e4e8608f300128064ddc1585987f9e6441554260f159d8b
```

Now, perform the signing for both safes that are owners of 'base-nested':
```bash
cd src/tasks/sep/035-base-sep-fusaka-prestate

SKIP_DECODE_AND_PRINT=1 just --dotenv-path $(pwd)/.env sign base-nested base-council
# Expected Hashes
# Domain Hash: 0x0127bbb910536860a0757a9c0ffcdf9e4452220f566ed83af1f27f9e833f0e23
# Message Hash: 0x9442df5eb9142f3cafa0d0229a66e9da653dad5bb9b2969189b619acdb1c8671
# Normalized Hash: 0xccb1531128009f116e4e8608f300128064ddc1585987f9e6441554260f159d8b

SKIP_DECODE_AND_PRINT=1 just --dotenv-path $(pwd)/.env sign base-nested base-operations
# Expected Hashes
# Domain Hash: 0x6f25427e79742a1eb82c103e2bf43c85fc59509274ec258ad6ed841c4a0048aa
# Message Hash: 0x6aed739b0f14aeaa148bab6f705a859224f7938c51585d96f1f67b16bb99dd80
# Normalized Hash: 0xccb1531128009f116e4e8608f300128064ddc1585987f9e6441554260f159d8b
```

> **⚠️ Attention Signers:**
> Once you've signed, please send your signatures to the designated ceremony facilitator.

> **⚠️ Attention Base Operations Signers (`0x6AF0674791925f767060Dd52f7fB20984E8639d8`):**
> **ONLY Base Operations signers MUST continue to Step 1a**. You must provide another signature because the base-operations safe is used twice in Base’s Sepolia safe architecture.

### Step 1a (Role: Base Operations Signer) - Base Operations Simulation and Signing

The Base Operations Safe (`0x6AF0674791925f767060Dd52f7fB20984E8639d8`) executes two 'approveHash' transactions in this ceremony. Therefore, to pre-commit to the correct hashes, we need to increment the nonce of the Base Operations Safe in the [config.toml](./config.toml) file.

Your [config.toml](./config.toml) file **MUST** match the data below:
```toml
[stateOverrides]
# Base Sepolia ProxyAdminOwner
0x0fe884546476dDd290eC46318785046ef68a0BA9 = [
{key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 25}
]
# Base Nested Safe
0x646132A1667ca7aD00d36616AFBA1A28116C770A = [
{key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 8}
]
# Base Council Safe
0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f = [
{key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 5}
]
# Base Operations Safe
0x6AF0674791925f767060Dd52f7fB20984E8639d8 = [
{key = "0x0000000000000000000000000000000000000000000000000000000000000005", value = 13} # <--- THIS IS THE ONLY CHANGE
]
```

Once you've updated the nonce for the base-operations safe, you can now safely simulate and sign:

```bash
# Base Operations: 0x6AF0674791925f767060Dd52f7fB20984E8639d8
# ┌────────────────────┐
# │ Child Safe Depth 1 │
# │ 'base-operations' │
# └────────────────────┘
# │
# └──────────┬
# ▼
# ┌─────────────────┐
# │ ProxyAdminOwner │
# └─────────────────┘
SIMULATE_WITHOUT_LEDGER=1 SKIP_DECODE_AND_PRINT=1 just --dotenv-path $(pwd)/.env simulate base-operations
# Expected Hashes
# Domain Hash: 0x6f25427e79742a1eb82c103e2bf43c85fc59509274ec258ad6ed841c4a0048aa
# Message Hash: 0xfe147ec075ed8c65577532418953e3840f9fb26662e7dbb2576a2e778c3387a7
# Normalized Hash: 0xccb1531128009f116e4e8608f300128064ddc1585987f9e6441554260f159d8b

SKIP_DECODE_AND_PRINT=1 just --dotenv-path $(pwd)/.env sign base-operations
# Expected Hashes
# Domain Hash: 0x6f25427e79742a1eb82c103e2bf43c85fc59509274ec258ad6ed841c4a0048aa
# Message Hash: 0xfe147ec075ed8c65577532418953e3840f9fb26662e7dbb2576a2e778c3387a7
# Normalized Hash: 0xccb1531128009f116e4e8608f300128064ddc1585987f9e6441554260f159d8b
```

### Step 2 (Role: Facilitator) - Base Nested Approval

After receiving each signer’s signatures from Step 1, you must use them to make the necessary 'approveHash' calls. In this section, there are a total of 3 'approveHash' calls.
```bash

# .------------. .-----------.
# |base-council| |base-nested|
# '------------' '-----------'
# | |
# |Execute approveHash(bytes32)|
# |--------------------------->|
# .------------. .-----------.
# |base-council| |base-nested|
# '------------' '-----------'
# You can read this command as, call approveHash on 'base-nested' from 'base-council'.
# For the 'base-council' to successfully execute the approveHash transaction, it needs a quorum of signatures from signers.
SIGNATURES=0x<concatenated-sigs-from-base-council-members> just approve base-nested base-council

# .---------------. .-----------.
# |base-operations| |base-nested|
# '---------------' '-----------'
# | |
# |Execute approveHash(bytes32)|
# |--------------------------->|
# .---------------. .-----------.
# |base-operations| |base-nested|
# '---------------' '-----------'
# You can read this command as, call approveHash on 'base-nested' from 'base-operations'.
# For the 'base-operations' to successfully execute the approveHash transaction, it needs a quorum of signatures from signers.
# The signatures below MUST be from 'Step 1' NOT 'Step 1a'.
SIGNATURES=0x<concatenated-sigs-from-base-operations-members-step1> just approve base-nested base-operations

# .-----------. .-----------------.
# |base-nested| |proxy-admin-owner|
# '-----------' '-----------------'
# | |
# |Execute approveHash(bytes32)|
# |--------------------------->|
# .-----------. .-----------------.
# |base-nested| |proxy-admin-owner|
# '-----------' '-----------------'
# You can read this command as, call approveHash on ProxyAdminOwner from 'base-nested'.
# We don't need to pass through 'SIGNATURES' here because this transaction was pre-approved in the previous two steps.
just approve base-nested
```

### Step 3 (Role: Facilitator) - Base Operations Approval

This is the final 'approveHash' call from the base-operations safe.

```bash
# .---------------. .-----------------.
# |base-operations| |proxy-admin-owner|
# '---------------' '-----------------'
# | |
# |Execute approveHash(bytes32)|
# |--------------------------->|
# .---------------. .-----------------.
# |base-operations| |proxy-admin-owner|
# '---------------' '-----------------'
# You can read this command as, call approveHash on ProxyAdminOwner from 'base-operations'.
# The signatures below MUST be from 'Step 1a' NOT 'Step 1'.
SIGNATURES=0x<concatenated-sigs-from-base-operations-members-step1a> just approve base-operations
```

### Step 4 (Role: Facilitator) - Execute Transaction on L1 ProxyAdminOwner `0x0fe884546476dDd290eC46318785046ef68a0BA9`

Execute command:
```bash
cd src/tasks/sep/035-base-sep-fusaka-prestate
just --dotenv-path $(pwd)/.env execute
```
48 changes: 48 additions & 0 deletions src/tasks/sep/035-base-sep-fusaka-prestate/VALIDATION.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
# Validation

This document can be used to validate the inputs and result of the execution of the upgrade transaction which you are
signing.

The steps are:

1. [Validate the Domain and Message Hashes](#expected-domain-and-message-hashes)
2. [Verifying the state changes via the normalized state diff hash](#normalized-state-diff-hash-attestation)
3. [Verifying the transaction input](#understanding-task-calldata)
4. [Verifying the state changes](#task-state-changes)

## Expected Domain and Message Hashes

First, we need to validate the domain and message hashes. These values should match both the values on your ledger and
the values printed to the terminal when you run the task.

> [!CAUTION]
>
> Before signing, ensure the below hashes match what is on your ledger.
>
> ### Base Operations (`0x6AF0674791925f767060Dd52f7fB20984E8639d8`)
>
> - Domain Hash: `0x6f25427e79742a1eb82c103e2bf43c85fc59509274ec258ad6ed841c4a0048aa`
> - Message Hash: `0x6aed739b0f14aeaa148bab6f705a859224f7938c51585d96f1f67b16bb99dd80`
>
> ### Base Council (`0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f`)
>
> - Domain Hash: `0x0127bbb910536860a0757a9c0ffcdf9e4452220f566ed83af1f27f9e833f0e23`
> - Message Hash: `0x9442df5eb9142f3cafa0d0229a66e9da653dad5bb9b2969189b619acdb1c8671`
>
> ### Base Operations (`0x6AF0674791925f767060Dd52f7fB20984E8639d8`) - Second Approve Hash Transaction
>
> - Domain Hash: `0x6f25427e79742a1eb82c103e2bf43c85fc59509274ec258ad6ed841c4a0048aa`
> - Message Hash: `0xfe147ec075ed8c65577532418953e3840f9fb26662e7dbb2576a2e778c3387a7`

## Normalized State Diff Hash Attestation

The normalized state diff hash **MUST** match the hash produced by the state changes attested to in the state diff audit report. As a signer, you are responsible for verifying that this hash is correct. Please compare the hash below with the one in the audit report. If no audit report is available for this task, you must still ensure that the normalized state diff hash matches the output in your terminal.

**Normalized hash:** `0xccb1531128009f116e4e8608f300128064ddc1585987f9e6441554260f159d8b`

## Task Calldata

Calldata:
```
0x82ad56cb0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000200000000000000000000000003bb6437aba031afbf9cb3538fa064161e2bf2d780000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000a49a72745b00000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000001000000000000000000000000f272670eb55e895584501d564afeb048bed261940000000000000000000000000389e59aa0a41e4a413ae70f0008e76caa34b1f30339db503776757491b9f3038bf6f1d37b7988a2f75e823fe2656c1352ef2f9100000000000000000000000000000000000000000000000000000000
```
Loading