Stage v29 patch scripts (#1605)

Co-authored-by: 0xValera <[email protected]>

Author: zkzoomer

AllContractsHashes.json

@@ -14,7 +14,7 @@ import {IZKChain} from "../state-transition/chain-interfaces/IZKChain.sol";
 
 import {L1_SETTLEMENT_LAYER_VIRTUAL_ADDRESS} from "../common/Config.sol";
 import {IMessageRoot} from "./IMessageRoot.sol";
-import {HyperchainNotRegistered, IncorrectChainAssetId, IncorrectSender, NotAssetRouter, NotL1} from "./L1BridgehubErrors.sol";
+import {HyperchainNotRegistered, IncorrectChainAssetId, IncorrectSender, NotAssetRouter, NotL1, SLHasDifferentCTM} from "./L1BridgehubErrors.sol";
 import {ChainIdNotRegistered, MigrationPaused} from "../common/L1ContractErrors.sol";
 
 import {AssetHandlerModifiers} from "../bridge/interfaces/AssetHandlerModifiers.sol";
@@ -146,6 +146,11 @@ contract ChainAssetHandler is
                 bridgehubBurnData.chainId,
                 bridgehubBurnData.ctmData
             );
+
+            // For security reasons, chain migration is temporarily restricted to settlement layers with the same CTM
+            if (_settlementChainId != L1_CHAIN_ID && BRIDGEHUB.chainTypeManager(_settlementChainId) != ctm) {
+                revert SLHasDifferentCTM();
+            }
         }
         bytes memory chainMintData = IZKChain(zkChain).forwardedBridgeBurn(
             _settlementChainId == L1_CHAIN_ID

l1-contracts/contracts/bridgehub/ChainAssetHandler.sol

@@ -32,6 +32,8 @@ error NotCurrentSL(uint256 settlementLayerChainId, uint256 blockChainId);
 error NotInGatewayMode();
 // 0xecb34449
 error NotL1(uint256 l1ChainId, uint256 blockChainId);
+// 0x8eb4fc01
+error NotL2();
 // 0x23295f0e
 error NotOwner(address sender, address owner);
 // 0x693cd3dc
@@ -44,11 +46,11 @@ error OnlyBridgehub(address msgSender, address bridgehub);
 error OnlyBridgehubOrChainAssetHandler(address sender, address bridgehub, address chainAssetHandler);
 // 0x73fe6c1b
 error OnlyChain(address msgSender, address zkChainAddress);
-// 0xa7a05e40
-error OnlyL2();
 // 0xb78dbaa7
 error SecondBridgeAddressTooLow(address secondBridgeAddress, address minSecondBridgeAddress);
 // 0x90c7cbf1
 error SLNotWhitelisted();
+// 0x36917565
+error SLHasDifferentCTM();
 // 0x92626457
 error WrongCounterPart(address addressOnCounterPart, address l2BridgehubAddress);

l1-contracts/contracts/bridgehub/L1BridgehubErrors.sol

@@ -7,7 +7,7 @@ import {Initializable} from "@openzeppelin/contracts-v4/proxy/utils/Initializabl
 import {DynamicIncrementalMerkle} from "../common/libraries/DynamicIncrementalMerkle.sol";
 import {IBridgehub} from "./IBridgehub.sol";
 import {IMessageRoot} from "./IMessageRoot.sol";
-import {ChainExists, MessageRootNotRegistered, OnlyBridgehubOrChainAssetHandler, OnlyChain, OnlyL2} from "./L1BridgehubErrors.sol";
+import {ChainExists, MessageRootNotRegistered, OnlyBridgehubOrChainAssetHandler, OnlyChain, NotL2} from "./L1BridgehubErrors.sol";
 import {FullMerkle} from "../common/libraries/FullMerkle.sol";
 
 import {MessageHashing} from "../common/libraries/MessageHashing.sol";
@@ -105,9 +105,9 @@ contract MessageRoot is IMessageRoot, Initializable {
     }
 
     /// @notice Checks that the Chain ID is not L1 when adding chain batch root.
-    modifier onlyL2Chain() {
+    modifier onlyL2() {
         if (block.chainid == L1_CHAIN_ID) {
-            revert OnlyL2();
+            revert NotL2();
         }
         _;
     }
@@ -150,7 +150,7 @@ contract MessageRoot is IMessageRoot, Initializable {
         uint256 _chainId,
         uint256 _batchNumber,
         bytes32 _chainBatchRoot
-    ) external onlyChain(_chainId) onlyL2Chain {
+    ) external onlyChain(_chainId) onlyL2 {
         // Make sure that chain is registered.
         if (!chainRegistered(_chainId)) {
             revert MessageRootNotRegistered();

l1-contracts/contracts/bridgehub/MessageRoot.sol

@@ -60,6 +60,8 @@ error MismatchNumberOfLayer1Txs(uint256 numberOfLayer1Txs, uint256 expectedLengt
 error NotAllBatchesExecuted();
 // 0xf05c64c6
 error NotChainAdmin(address prevMsgSender, address admin);
+// 0x8fd63d21
+error NotEraChain();
 // 0xa7050bf6
 error NotHistoricalRoot(bytes32);
 // 0x32ddf9a2

l1-contracts/contracts/state-transition/L1StateTransitionErrors.sol

@@ -9,14 +9,17 @@ import {MAX_GAS_PER_TRANSACTION, ZKChainCommitment} from "../../../common/Config
 import {FeeParams, PubdataPricingMode} from "../ZKChainStorage.sol";
 import {PriorityTree} from "../../../state-transition/libraries/PriorityTree.sol";
 import {PriorityQueue} from "../../../state-transition/libraries/PriorityQueue.sol";
+import {IZKChain} from "../../../state-transition/chain-interfaces/IZKChain.sol";
+import {IBridgehub} from "../../../bridgehub/IBridgehub.sol";
 import {ZKChainBase} from "./ZKChainBase.sol";
 import {IChainTypeManager} from "../../IChainTypeManager.sol";
 import {IL1GenesisUpgrade} from "../../../upgrades/IL1GenesisUpgrade.sol";
-import {AlreadyPermanentRollup, DenominatorIsZero, DiamondAlreadyFrozen, DiamondNotFrozen, HashMismatch, InvalidDAForPermanentRollup, InvalidPubdataPricingMode, PriorityTxPubdataExceedsMaxPubDataPerBatch, ProtocolIdMismatch, ProtocolIdNotGreater, TooMuchGas, Unauthorized} from "../../../common/L1ContractErrors.sol";
-import {AlreadyMigrated, ContractNotDeployed, ExecutedIsNotConsistentWithVerified, InvalidNumberOfBatchHashes, L1DAValidatorAddressIsZero, L2DAValidatorAddressIsZero, NotAllBatchesExecuted, NotChainAdmin, NotHistoricalRoot, NotL1, NotMigrated, OutdatedProtocolVersion, ProtocolVersionNotUpToDate, VerifiedIsNotConsistentWithCommitted} from "../../L1StateTransitionErrors.sol";
+import {AlreadyPermanentRollup, DenominatorIsZero, DiamondAlreadyFrozen, DiamondNotFrozen, HashMismatch, InvalidDAForPermanentRollup, InvalidPubdataPricingMode, NotAZKChain, PriorityTxPubdataExceedsMaxPubDataPerBatch, ProtocolIdMismatch, ProtocolIdNotGreater, TooMuchGas, Unauthorized} from "../../../common/L1ContractErrors.sol";
+import {AlreadyMigrated, ContractNotDeployed, ExecutedIsNotConsistentWithVerified, InvalidNumberOfBatchHashes, L1DAValidatorAddressIsZero, L2DAValidatorAddressIsZero, NotAllBatchesExecuted, NotChainAdmin, NotEraChain, NotHistoricalRoot, NotL1, NotMigrated, OutdatedProtocolVersion, ProtocolVersionNotUpToDate, VerifiedIsNotConsistentWithCommitted} from "../../L1StateTransitionErrors.sol";
 import {RollupDAManager} from "../../data-availability/RollupDAManager.sol";
 import {L2_DEPLOYER_SYSTEM_CONTRACT_ADDR} from "../../../common/l2-helpers/L2ContractAddresses.sol";
 import {AllowedBytecodeTypes, IL2ContractDeployer} from "../../../common/interfaces/IL2ContractDeployer.sol";
+import {L1_SETTLEMENT_LAYER_VIRTUAL_ADDRESS} from "../../../common/Config.sol";
 
 // While formally the following import is not used, it is needed to inherit documentation from it
 import {IZKChainBase} from "../../chain-interfaces/IZKChainBase.sol";
@@ -299,6 +302,20 @@ contract AdminFacet is ZKChainBase, IAdmin {
         if (_originalCaller != s.admin) {
             revert NotChainAdmin(_originalCaller, s.admin);
         }
+
+        // We want to trust interop messages coming from Era chains which implies they can use only trusted settlement layers,
+        // ie, controlled by the governance, which is currently Era Gateways and Ethereum.
+        // Otherwise a malicious settlement layer could forge an interop message from an Era chain.
+        if (_settlementLayer != L1_SETTLEMENT_LAYER_VIRTUAL_ADDRESS) {
+            uint256 chainId = IZKChain(_settlementLayer).getChainId();
+            if (_settlementLayer != IBridgehub(s.bridgehub).getZKChain(chainId)) {
+                revert NotAZKChain(_settlementLayer);
+            }
+            if (s.chainTypeManager != IBridgehub(s.bridgehub).chainTypeManager(chainId)) {
+                revert NotEraChain();
+            }
+        }
+
         // As of now all we need in this function is the chainId so we encode it and pass it down in the _chainData field
         uint256 protocolVersion = abi.decode(_data, (uint256));
 

l1-contracts/contracts/state-transition/chain-deps/facets/Admin.sol

@@ -6,7 +6,6 @@ import {Math} from "@openzeppelin/contracts-v4/utils/math/Math.sol";
 
 import {IMailbox} from "../../chain-interfaces/IMailbox.sol";
 import {IMailboxImpl} from "../../chain-interfaces/IMailboxImpl.sol";
-import {IChainTypeManager} from "../../IChainTypeManager.sol";
 import {IBridgehub} from "../../../bridgehub/IBridgehub.sol";
 
 import {ITransactionFilterer} from "../../chain-interfaces/ITransactionFilterer.sol";
@@ -317,7 +316,7 @@ contract MailboxFacet is ZKChainBase, IMailboxImpl, MessageVerification {
         if (!IBridgehub(s.bridgehub).whitelistedSettlementLayers(s.chainId)) {
             revert NotSettlementLayer();
         }
-        if (IChainTypeManager(s.chainTypeManager).getZKChain(_chainId) != msg.sender) {
+        if (IBridgehub(s.bridgehub).getZKChain(_chainId) != msg.sender) {
             revert NotHyperchain();
         }
 

l1-contracts/contracts/state-transition/chain-deps/facets/Mailbox.sol

@@ -121,7 +121,6 @@ contract DefaultEcosystemUpgrade is Script, DeployL1Script {
         address ecosystemAdminAddress;
         uint256 governanceUpgradeTimerInitialDelay;
         uint256 oldProtocolVersion;
-        uint256 v28ProtocolVersion;
         address oldValidatorTimelock;
         uint256 priorityTxsL2GasLimit;
         uint256 maxExpectedL1GasPrice;
@@ -530,7 +529,6 @@ contract DefaultEcosystemUpgrade is Script, DeployL1Script {
         newConfig.governanceUpgradeTimerInitialDelay = toml.readUint("$.governance_upgrade_timer_initial_delay");
 
         newConfig.oldProtocolVersion = toml.readUint("$.old_protocol_version");
-        newConfig.v28ProtocolVersion = toml.readUint("$.v28_protocol_version");
 
         newConfig.priorityTxsL2GasLimit = toml.readUint("$.priority_txs_l2_gas_limit");
         newConfig.maxExpectedL1GasPrice = toml.readUint("$.max_expected_l1_gas_price");

l1-contracts/deploy-scripts/upgrade/DefaultEcosystemUpgrade.s.sol

@@ -101,6 +101,7 @@ contract EcosystemUpgrade_v29 is Script, DefaultEcosystemUpgrade {
     address[] internal oldValidatorTimelocks;
     address[] internal oldGatewayValidatorTimelocks;
     address protocolUpgradeHandlerImplementationAddress;
+    uint256 v28ProtocolVersion;
 
     /// @notice E2e upgrade generation
     function run() public virtual override {
@@ -116,6 +117,8 @@ contract EcosystemUpgrade_v29 is Script, DefaultEcosystemUpgrade {
         super.initializeConfig(newConfigPath);
         string memory toml = vm.readFile(newConfigPath);
 
+        v28ProtocolVersion = toml.readUint("$.v28_protocol_version");
+
         bytes memory encodedOldValidatorTimelocks = toml.readBytes("$.V29.encoded_old_validator_timelocks");
         oldValidatorTimelocks = abi.decode(encodedOldValidatorTimelocks, (address[]));
 
@@ -308,7 +311,7 @@ contract EcosystemUpgrade_v29 is Script, DefaultEcosystemUpgrade {
         uint256 l2GasLimit,
         uint256 l1GasPrice
     ) public virtual returns (Call[] memory calls) {
-        uint256 oldProtocolVersion = newConfig.v28ProtocolVersion;
+        uint256 oldProtocolVersion = v28ProtocolVersion;
         Diamond.DiamondCutData memory upgradeCut = abi.decode(gatewayConfig.upgradeCutData, (Diamond.DiamondCutData));
 
         bytes memory l2Calldata = abi.encodeCall(
@@ -351,7 +354,7 @@ contract EcosystemUpgrade_v29 is Script, DefaultEcosystemUpgrade {
     function prepareSetUpgradeDiamondCutOnL1Call() public virtual returns (Call[] memory calls) {
         calls = new Call[](1);
 
-        uint256 oldProtocolVersion = newConfig.v28ProtocolVersion;
+        uint256 oldProtocolVersion = v28ProtocolVersion;
         Diamond.DiamondCutData memory upgradeCut = abi.decode(
             newlyGeneratedData.upgradeCutData,
             (Diamond.DiamondCutData)