From 77471df923c6eed641b6d036bf722a7130dff9bd Mon Sep 17 00:00:00 2001 From: Timepunk <45543880+0xTimepunk@users.noreply.github.com> Date: Tue, 6 Feb 2024 10:18:14 +0000 Subject: [PATCH 1/2] chore: revoke eoas --- script/Abstract.RevokeEOA.s.sol | 41 +++++++++++++++++ script/Mainnet.RevokeEOA.s.sol | 27 ++++++++++++ script/utils/run_script_mainnet_revokeEOAs.sh | 35 +++++++++++++++ test/mainnet/SmokeTest.t.sol | 44 +++++++++---------- 4 files changed, 124 insertions(+), 23 deletions(-) create mode 100644 script/Abstract.RevokeEOA.s.sol create mode 100644 script/Mainnet.RevokeEOA.s.sol create mode 100755 script/utils/run_script_mainnet_revokeEOAs.sh diff --git a/script/Abstract.RevokeEOA.s.sol b/script/Abstract.RevokeEOA.s.sol new file mode 100644 index 000000000..7daa4bfce --- /dev/null +++ b/script/Abstract.RevokeEOA.s.sol @@ -0,0 +1,41 @@ +// SPDX-License-Identifier: BUSL-1.1 +pragma solidity ^0.8.23; + +import "./Abstract.Deploy.Single.s.sol"; + +struct UpdateVars { + uint64 chainId; + uint64 dstChainId; + uint256 dstTrueIndex; + address paymentHelper; + address superRegistry; + SuperRegistry superRegistryC; +} + +abstract contract AbstractRevokeEOA is AbstractDeploySingle { + /// @dev Revoke roles + function _revokeEOAs( + uint256 i, + uint256 trueIndex, + Cycle cycle, + uint64[] memory s_superFormChainIds + ) + internal + setEnvDeploy(cycle) + { + SetupVars memory vars; + + vars.chainId = s_superFormChainIds[i]; + + cycle == Cycle.Dev ? vm.startBroadcast(deployerPrivateKey) : vm.startBroadcast(); + + SuperRBAC srbac = SuperRBAC(payable(_readContract(chainNames[trueIndex], vars.chainId, "SuperRBAC"))); + bytes32 protocolAdminRole = srbac.PROTOCOL_ADMIN_ROLE(); + bytes32 emergencyAdminRole = srbac.EMERGENCY_ADMIN_ROLE(); + + srbac.revokeRole(emergencyAdminRole, ownerAddress); + srbac.revokeRole(protocolAdminRole, ownerAddress); + + vm.stopBroadcast(); + } +} diff --git a/script/Mainnet.RevokeEOA.s.sol b/script/Mainnet.RevokeEOA.s.sol new file mode 100644 index 000000000..cfda455f8 --- /dev/null +++ b/script/Mainnet.RevokeEOA.s.sol @@ -0,0 +1,27 @@ +// SPDX-License-Identifier: BUSL-1.1 +pragma solidity ^0.8.23; + +import { AbstractRevokeEOA } from "./Abstract.RevokeEOA.s.sol"; + +contract RevokeEOAs is AbstractRevokeEOA { + /*////////////////////////////////////////////////////////////// + SELECT CHAIN IDS TO DEPLOY HERE + //////////////////////////////////////////////////////////////*/ + uint64[] TARGET_DEPLOYMENT_CHAINS = [ETH, BSC, AVAX, POLY, ARBI, OP, BASE]; + + ///@dev ORIGINAL SALT + bytes32 constant salt = "SunNeverSetsOnSuperformRealm"; + + /// @dev stage 3 must be called only after stage 1 is complete for all chains! + function revokeEOA(uint256 selectedChainIndex) external { + uint256 trueIndex; + for (uint256 i = 0; i < chainIds.length; i++) { + if (TARGET_DEPLOYMENT_CHAINS[selectedChainIndex] == chainIds[i]) { + trueIndex = i; + break; + } + } + + _revokeEOAs(selectedChainIndex, trueIndex, Cycle.Prod, TARGET_DEPLOYMENT_CHAINS); + } +} diff --git a/script/utils/run_script_mainnet_revokeEOAs.sh b/script/utils/run_script_mainnet_revokeEOAs.sh new file mode 100755 index 000000000..c363c9bdd --- /dev/null +++ b/script/utils/run_script_mainnet_revokeEOAs.sh @@ -0,0 +1,35 @@ +#!/usr/bin/env bash +# Note: How to set defaultKey - https://www.youtube.com/watch?v=VQe7cIpaE54 + +# Read the RPC URL +source .env + +# Run the script +echo Revoking EOAs: ... +FOUNDRY_PROFILE=default forge script script/Mainnet.RevokeEOA.s.sol:RevokeEOAs --sig "revokeEOA(uint256)" 0 --rpc-url $ETHEREUM_RPC_URL --broadcast --slow --account defaultKey --sender 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92 + +wait + +FOUNDRY_PROFILE=default forge script script/Mainnet.RevokeEOA.s.sol:RevokeEOAs --sig "revokeEOA(uint256)" 1 --rpc-url $BSC_RPC_URL --broadcast --slow --account defaultKey --sender 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92 + +wait + +FOUNDRY_PROFILE=default forge script script/Mainnet.RevokeEOA.s.sol:RevokeEOAs --sig "revokeEOA(uint256)" 2 --rpc-url $AVALANCHE_RPC_URL --broadcast --slow --account defaultKey --sender 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92 + +wait + +FOUNDRY_PROFILE=default forge script script/Mainnet.RevokeEOA.s.sol:RevokeEOAs --sig "revokeEOA(uint256)" 3 --rpc-url $POLYGON_RPC_URL --broadcast --slow --account defaultKey --sender 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92 + +wait + +FOUNDRY_PROFILE=default forge script script/Mainnet.RevokeEOA.s.sol:RevokeEOAs --sig "revokeEOA(uint256)" 4 --rpc-url $ARBITRUM_RPC_URL --broadcast --slow --account defaultKey --sender 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92 + +wait + +FOUNDRY_PROFILE=default forge script script/Mainnet.RevokeEOA.s.sol:RevokeEOAs --sig "revokeEOA(uint256)" 5 --rpc-url $OPTIMISM_RPC_URL --broadcast --slow --account defaultKey --sender 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92 + +wait + +FOUNDRY_PROFILE=default forge script script/Mainnet.RevokeEOA.s.sol:RevokeEOAs --sig "revokeEOA(uint256)" 6 --rpc-url $BASE_RPC_URL --broadcast --slow --account defaultKey --sender 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92 + +wait diff --git a/test/mainnet/SmokeTest.t.sol b/test/mainnet/SmokeTest.t.sol index c0b1a0b2f..bd8c3b64f 100644 --- a/test/mainnet/SmokeTest.t.sol +++ b/test/mainnet/SmokeTest.t.sol @@ -119,34 +119,30 @@ contract SmokeTest is MainnetBaseSetup { function test_roles() public { SuperRBAC srbac; - uint256 len = 11; + uint256 len = 9; bytes32[] memory ids = new bytes32[](len); - ids[0] = keccak256("PROTOCOL_ADMIN_ROLE"); - ids[1] = keccak256("EMERGENCY_ADMIN_ROLE"); - ids[2] = keccak256("PAYMENT_ADMIN_ROLE"); - ids[3] = keccak256("CORE_STATE_REGISTRY_PROCESSOR_ROLE"); - ids[4] = keccak256("TIMELOCK_STATE_REGISTRY_PROCESSOR_ROLE"); - ids[5] = keccak256("BROADCAST_STATE_REGISTRY_PROCESSOR_ROLE"); - ids[6] = keccak256("CORE_STATE_REGISTRY_UPDATER_ROLE"); - ids[7] = keccak256("DST_SWAPPER_ROLE"); - ids[8] = keccak256("CORE_STATE_REGISTRY_RESCUER_ROLE"); - ids[9] = keccak256("CORE_STATE_REGISTRY_DISPUTER_ROLE"); - ids[10] = keccak256("WORMHOLE_VAA_RELAYER_ROLE"); + ids[0] = keccak256("PAYMENT_ADMIN_ROLE"); + ids[1] = keccak256("CORE_STATE_REGISTRY_PROCESSOR_ROLE"); + ids[2] = keccak256("TIMELOCK_STATE_REGISTRY_PROCESSOR_ROLE"); + ids[3] = keccak256("BROADCAST_STATE_REGISTRY_PROCESSOR_ROLE"); + ids[4] = keccak256("CORE_STATE_REGISTRY_UPDATER_ROLE"); + ids[5] = keccak256("DST_SWAPPER_ROLE"); + ids[6] = keccak256("CORE_STATE_REGISTRY_RESCUER_ROLE"); + ids[7] = keccak256("CORE_STATE_REGISTRY_DISPUTER_ROLE"); + ids[8] = keccak256("WORMHOLE_VAA_RELAYER_ROLE"); address[] memory newAddresses = new address[](len); - newAddresses[0] = 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92; - newAddresses[1] = 0x48aB8AdF869Ba9902Ad483FB1Ca2eFDAb6eabe92; - newAddresses[2] = 0xD911673eAF0D3e15fe662D58De15511c5509bAbB; - newAddresses[3] = 0x23c658FE050B4eAeB9401768bF5911D11621629c; - newAddresses[4] = EMERGENCY_ADMIN; - newAddresses[5] = EMERGENCY_ADMIN; - newAddresses[6] = 0xaEbb4b9f7e16BEE2a0963569a5E33eE10E478a5f; - newAddresses[7] = 0x1666660D2F506e754CB5c8E21BDedC7DdEc6Be1C; - newAddresses[8] = 0x90ed07A867bDb6a73565D7abBc7434Dd810Fafc5; - newAddresses[9] = 0x7c9c8C0A9aA5D8a2c2e6C746641117Cc9591296a; - newAddresses[10] = EMERGENCY_ADMIN; + newAddresses[0] = 0xD911673eAF0D3e15fe662D58De15511c5509bAbB; + newAddresses[1] = 0x23c658FE050B4eAeB9401768bF5911D11621629c; + newAddresses[2] = EMERGENCY_ADMIN; + newAddresses[3] = EMERGENCY_ADMIN; + newAddresses[4] = 0xaEbb4b9f7e16BEE2a0963569a5E33eE10E478a5f; + newAddresses[5] = 0x1666660D2F506e754CB5c8E21BDedC7DdEc6Be1C; + newAddresses[6] = 0x90ed07A867bDb6a73565D7abBc7434Dd810Fafc5; + newAddresses[7] = 0x7c9c8C0A9aA5D8a2c2e6C746641117Cc9591296a; + newAddresses[8] = EMERGENCY_ADMIN; for (uint256 i = 0; i < TARGET_DEPLOYMENT_CHAINS.length; ++i) { vm.selectFork(FORKS[TARGET_DEPLOYMENT_CHAINS[i]]); @@ -157,6 +153,8 @@ contract SmokeTest is MainnetBaseSetup { } assert(srbac.hasRole(keccak256("PROTOCOL_ADMIN_ROLE"), PROTOCOL_ADMINS[i])); assert(srbac.hasRole(keccak256("EMERGENCY_ADMIN_ROLE"), EMERGENCY_ADMIN)); + assertEq(srbac.getRoleMemberCount(keccak256("PROTOCOL_ADMIN_ROLE")), 1); + assertEq(srbac.getRoleMemberCount(keccak256("EMERGENCY_ADMIN_ROLE")), 1); } } From 0e68faee043897ae13ed1b0a07da453f92a22682 Mon Sep 17 00:00:00 2001 From: Timepunk <45543880+0xTimepunk@users.noreply.github.com> Date: Thu, 8 Feb 2024 15:57:17 +0000 Subject: [PATCH 2/2] fix: nit --- script/Mainnet.RevokeEOA.s.sol | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/script/Mainnet.RevokeEOA.s.sol b/script/Mainnet.RevokeEOA.s.sol index cfda455f8..b6e2563ca 100644 --- a/script/Mainnet.RevokeEOA.s.sol +++ b/script/Mainnet.RevokeEOA.s.sol @@ -5,14 +5,13 @@ import { AbstractRevokeEOA } from "./Abstract.RevokeEOA.s.sol"; contract RevokeEOAs is AbstractRevokeEOA { /*////////////////////////////////////////////////////////////// - SELECT CHAIN IDS TO DEPLOY HERE + SELECT CHAIN IDS TO REVOKE HERE //////////////////////////////////////////////////////////////*/ uint64[] TARGET_DEPLOYMENT_CHAINS = [ETH, BSC, AVAX, POLY, ARBI, OP, BASE]; ///@dev ORIGINAL SALT bytes32 constant salt = "SunNeverSetsOnSuperformRealm"; - /// @dev stage 3 must be called only after stage 1 is complete for all chains! function revokeEOA(uint256 selectedChainIndex) external { uint256 trueIndex; for (uint256 i = 0; i < chainIds.length; i++) {