From 4f1eb11ed90a4b0f92985cc28d9d2386102d31b1 Mon Sep 17 00:00:00 2001 From: "Riedl Kevin, Bsc" Date: Mon, 17 Jul 2023 16:31:22 +0200 Subject: [PATCH 1/6] teleportation audit impl (#1022) --- .../test/alt-l2/teleportation.spec.ts | 7 ++-- .../test/eth-l2/teleportation.spec.ts | 6 +-- .../contracts/contracts/Teleportation.sol | 42 +++++++++---------- .../test/endToEndTests/teleportation.spec.ts | 4 +- 4 files changed, 28 insertions(+), 31 deletions(-) diff --git a/integration-tests/test/alt-l2/teleportation.spec.ts b/integration-tests/test/alt-l2/teleportation.spec.ts index a8ac273916..001b4d1b0e 100644 --- a/integration-tests/test/alt-l2/teleportation.spec.ts +++ b/integration-tests/test/alt-l2/teleportation.spec.ts @@ -26,7 +26,6 @@ import { historyDataRepository, } from '@boba/teleportation/src/data-source' import { OptimismEnv } from './shared/env' -import { getContractFactory, predeploys } from '@eth-optimism/contracts' describe('teleportation', () => { let env: OptimismEnv @@ -704,7 +703,7 @@ describe('teleportation', () => { let disbursement = [] for (const event of events) { - const sourceChainId = chainIdBnb // event.args.sourceChainId.toNumber() -> (is correct, but we were mocking a fake chainId for testing) + const sourceChainId = chainIdBnb // event.args.sourceChainId -> (is correct, but we were mocking a fake chainId for testing) const depositId = event.args.depositId const amount = event.args.amount const token = event.args.token @@ -784,7 +783,7 @@ describe('teleportation', () => { let disbursement = [] for (const event of events) { - const sourceChainId = chainIdBnb // event.args.sourceChainId.toNumber() -> (is correct, but we were mocking a fake chainId for testing) + const sourceChainId = chainIdBnb // event.args.sourceChainId -> (is correct, but we were mocking a fake chainId for testing) const depositId = event.args.depositId const amount = event.args.amount const token = event.args.token @@ -866,7 +865,7 @@ describe('teleportation', () => { let disbursement = [] for (const event of events) { - const sourceChainId = event.args.sourceChainId.toNumber() + const sourceChainId = event.args.sourceChainId const depositId = await TeleportationBNB.totalDisbursements(chainId) // event.args.depositId --> correct, but we used a fake chainId to simulate Bnb so we need to correct depositId here const amount = event.args.amount const token = event.args.token diff --git a/integration-tests/test/eth-l2/teleportation.spec.ts b/integration-tests/test/eth-l2/teleportation.spec.ts index 0042c147a0..001b4d1b0e 100644 --- a/integration-tests/test/eth-l2/teleportation.spec.ts +++ b/integration-tests/test/eth-l2/teleportation.spec.ts @@ -703,7 +703,7 @@ describe('teleportation', () => { let disbursement = [] for (const event of events) { - const sourceChainId = chainIdBnb // event.args.sourceChainId.toNumber() -> (is correct, but we were mocking a fake chainId for testing) + const sourceChainId = chainIdBnb // event.args.sourceChainId -> (is correct, but we were mocking a fake chainId for testing) const depositId = event.args.depositId const amount = event.args.amount const token = event.args.token @@ -783,7 +783,7 @@ describe('teleportation', () => { let disbursement = [] for (const event of events) { - const sourceChainId = chainIdBnb // event.args.sourceChainId.toNumber() -> (is correct, but we were mocking a fake chainId for testing) + const sourceChainId = chainIdBnb // event.args.sourceChainId -> (is correct, but we were mocking a fake chainId for testing) const depositId = event.args.depositId const amount = event.args.amount const token = event.args.token @@ -865,7 +865,7 @@ describe('teleportation', () => { let disbursement = [] for (const event of events) { - const sourceChainId = event.args.sourceChainId.toNumber() + const sourceChainId = event.args.sourceChainId const depositId = await TeleportationBNB.totalDisbursements(chainId) // event.args.depositId --> correct, but we used a fake chainId to simulate Bnb so we need to correct depositId here const amount = event.args.amount const token = event.args.token diff --git a/packages/boba/contracts/contracts/Teleportation.sol b/packages/boba/contracts/contracts/Teleportation.sol index c25e67e924..6837b83a75 100644 --- a/packages/boba/contracts/contracts/Teleportation.sol +++ b/packages/boba/contracts/contracts/Teleportation.sol @@ -2,7 +2,6 @@ pragma solidity 0.8.9; /* External Imports */ -import '@openzeppelin/contracts/utils/math/SafeMath.sol'; import '@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol'; import "@openzeppelin/contracts-upgradeable/security/PausableUpgradeable.sol"; import "@openzeppelin/contracts-upgradeable/utils/MulticallUpgradeable.sol"; @@ -18,7 +17,6 @@ import '@openzeppelin/contracts/utils/Address.sol'; */ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { using Address for address; - using SafeMath for uint256; using SafeERC20 for IERC20; /************** @@ -28,7 +26,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { address token; uint256 amount; address addr; - uint256 sourceChainId; + uint32 sourceChainId; uint256 depositId; } @@ -63,7 +61,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { /// @dev Assets and networks to be supported. ZeroAddress for native asset /// {assetAddress} => {targetChainId} => {tokenConfig} - mapping(address => mapping(uint256 => SupportedToken)) public supportedTokens; + mapping(address => mapping(uint32 => SupportedToken)) public supportedTokens; /// @dev The total number of successful deposits received. mapping(uint256 => uint256) public totalDeposits; @@ -81,7 +79,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { event MinDepositAmountSet( /* @dev Zero Address = native asset **/ address token, - uint256 toChainId, + uint32 toChainId, uint256 previousAmount, uint256 newAmount ); @@ -89,14 +87,14 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { event MaxDepositAmountSet( /* @dev Zero Address = native asset **/ address token, - uint256 toChainId, + uint32 toChainId, uint256 previousAmount, uint256 newAmount ); event MaxTransferAmountPerDaySet( address token, - uint256 toChainId, + uint32 toChainId, uint256 previousAmount, uint256 newAmount ); @@ -110,8 +108,8 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { event AssetReceived( /** @dev Must be ZeroAddress for nativeAsset */ address token, - uint256 sourceChainId, - uint256 indexed toChainId, + uint32 sourceChainId, + uint32 indexed toChainId, uint256 indexed depositId, address indexed emitter, uint256 amount @@ -122,7 +120,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { address indexed to, address indexed token, uint256 amount, - uint256 sourceChainId + uint32 sourceChainId ); /** @dev only for native assets */ @@ -130,7 +128,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { uint256 indexed depositId, address indexed to, uint256 amount, - uint256 sourceChainId + uint32 sourceChainId ); /** @dev Only for native assets */ @@ -138,7 +136,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { uint256 indexed depositId, address indexed to, uint256 amount, - uint256 sourceChainId + uint32 sourceChainId ); event DisburserTransferred( @@ -151,7 +149,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { event TokenSupported( address indexed token, - uint256 indexed toChainId, + uint32 indexed toChainId, bool supported ); @@ -201,7 +199,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { * * @param _token Token address to support or ZeroAddress for native */ - function addSupportedToken(address _token, uint256 _toChainId, uint256 _minDepositAmount, uint256 _maxDepositAmount, uint256 _maxTransferAmountPerDay) public onlyOwner() onlyInitialized() { + function addSupportedToken(address _token, uint32 _toChainId, uint256 _minDepositAmount, uint256 _maxDepositAmount, uint256 _maxTransferAmountPerDay) public onlyOwner() onlyInitialized() { require(supportedTokens[_token][_toChainId].supported == false, "Already supported"); // Not added ERC165 as implemented for L1 ERC20 require(address(0) == _token || Address.isContract(_token), "Not contract or native"); @@ -224,7 +222,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { * * @param _token The token not to support. */ - function removeSupportedToken(address _token, uint256 _toChainId) external onlyOwner() onlyInitialized() { + function removeSupportedToken(address _token, uint32 _toChainId) external onlyOwner() onlyInitialized() { require(supportedTokens[_token][_toChainId].supported == true, "Already not supported"); delete supportedTokens[_token][_toChainId].supported; delete supportedTokens[_token][_toChainId].minDepositAmount; @@ -245,7 +243,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { * @param _amount The amount of token or native asset to deposit (must be the same as msg.value if native asset) * @param _toChainId The destination chain ID. */ - function teleportAsset(address _token, uint256 _amount, uint256 _toChainId) + function teleportAsset(address _token, uint256 _amount, uint32 _toChainId) external payable whenNotPaused() @@ -273,7 +271,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { IERC20(_token).safeTransferFrom(msg.sender, address(this), _amount); } - emit AssetReceived(_token, block.chainid, _toChainId, totalDeposits[_toChainId], msg.sender, _amount); + emit AssetReceived(_token, uint32(block.chainid), _toChainId, totalDeposits[_toChainId], msg.sender, _amount); totalDeposits[_toChainId] += 1; } @@ -303,7 +301,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { uint256 _amount = _disbursements[i].amount; address _addr = _disbursements[i].addr; - uint256 _sourceChainId = _disbursements[i].sourceChainId; + uint32 _sourceChainId = _disbursements[i].sourceChainId; uint256 _depositId = _disbursements[i].depositId; address _token = _disbursements[i].token; @@ -366,7 +364,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { require(failedDisbursement.failed, "DepositId not failed disbursement"); uint256 _amount = failedDisbursement.disbursement.amount; address _addr = failedDisbursement.disbursement.addr; - uint256 _sourceChainId = failedDisbursement.disbursement.sourceChainId; + uint32 _sourceChainId = failedDisbursement.disbursement.sourceChainId; // slither-disable-next-line calls-loop,reentrancy-events (bool success,) = _addr.call{gas: 3000, value: _amount}(""); @@ -454,7 +452,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { * @param _token configure for which token or ZeroAddress for native * @param _minDepositAmount The new minimum deposit amount. */ - function setMinAmount(address _token, uint256 _toChainId, uint256 _minDepositAmount) external onlyOwner() { + function setMinAmount(address _token, uint32 _toChainId, uint256 _minDepositAmount) external onlyOwner() { SupportedToken memory supToken = supportedTokens[_token][_toChainId]; require(supToken.supported, "Token or chain not supported"); require(_minDepositAmount > 0 && _minDepositAmount <= supToken.maxDepositAmount, "incorrect min deposit amount"); @@ -472,7 +470,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { * @param _toChainId target chain id to set configuration for * @param _maxDepositAmount The new maximum deposit amount. */ - function setMaxAmount(address _token, uint256 _toChainId, uint256 _maxDepositAmount) external onlyOwner() { + function setMaxAmount(address _token, uint32 _toChainId, uint256 _maxDepositAmount) external onlyOwner() { SupportedToken memory supToken = supportedTokens[_token][_toChainId]; require(supToken.supported, "Token or chain not supported"); require(_maxDepositAmount <= supToken.maxTransferAmountPerDay, "max deposit amount more than daily limit"); @@ -489,7 +487,7 @@ contract Teleportation is PausableUpgradeable, MulticallUpgradeable { * @param _token Token or native asset (ZeroAddr) to set value for * @param _maxTransferAmountPerDay The new maximum daily transfer amount. */ - function setMaxTransferAmountPerDay(address _token, uint256 _toChainId, uint256 _maxTransferAmountPerDay) external onlyOwner() { + function setMaxTransferAmountPerDay(address _token, uint32 _toChainId, uint256 _maxTransferAmountPerDay) external onlyOwner() { SupportedToken memory supToken = supportedTokens[_token][_toChainId]; require(supToken.supported, "Token or chain not supported"); diff --git a/packages/boba/contracts/test/endToEndTests/teleportation.spec.ts b/packages/boba/contracts/test/endToEndTests/teleportation.spec.ts index 1d9f29d605..c3be5fe566 100644 --- a/packages/boba/contracts/test/endToEndTests/teleportation.spec.ts +++ b/packages/boba/contracts/test/endToEndTests/teleportation.spec.ts @@ -14,8 +14,8 @@ let signer2: Signer let signerAddress: string let signer2Address: string -const chainId31337 = '31337' -const chainId4 = '4' +const chainId31337 = 31337 +const chainId4 = 4 const initialSupply = utils.parseEther('10000000000') const tokenName = 'BOBA' const tokenSymbol = 'BOBA' From 277bf75e9167fbabfbefb87e2a771639f8b71b85 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 20:24:28 +0200 Subject: [PATCH 2/6] Bump bcfg from 0.1.7 to 0.2.1 (#1028) Bumps [bcfg](https://github.com/bcoin-org/bcfg) from 0.1.7 to 0.2.1. - [Commits](https://github.com/bcoin-org/bcfg/compare/v0.1.7...v0.2.1) --- updated-dependencies: - dependency-name: bcfg dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/boba/bobalink/package.json | 2 +- packages/boba/gas-price-oracle/package.json | 2 +- packages/boba/teleportation/package.json | 2 +- packages/common-ts/package.json | 2 +- packages/data-transport-layer/package.json | 2 +- packages/message-relayer/package.json | 2 +- yarn.lock | 8 ++++---- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/packages/boba/bobalink/package.json b/packages/boba/bobalink/package.json index b5172fb7b4..e7440924fa 100644 --- a/packages/boba/bobalink/package.json +++ b/packages/boba/bobalink/package.json @@ -33,7 +33,7 @@ }, "dependencies": { "@eth-optimism/common-ts": "0.2.2", - "bcfg": "^0.1.6", + "bcfg": "^0.2.1", "dotenv": "^8.2.0", "ethers": "^5.5.4" } diff --git a/packages/boba/gas-price-oracle/package.json b/packages/boba/gas-price-oracle/package.json index 581a4d9050..9c26226b77 100644 --- a/packages/boba/gas-price-oracle/package.json +++ b/packages/boba/gas-price-oracle/package.json @@ -46,7 +46,7 @@ }, "dependencies": { "@eth-optimism/common-ts": "0.2.2", - "bcfg": "^0.1.6", + "bcfg": "^0.2.1", "dotenv": "^8.2.0", "ethers": "^5.5.4", "lodash": "^4.17.21" diff --git a/packages/boba/teleportation/package.json b/packages/boba/teleportation/package.json index 7766f27c44..a3ecbc8cb3 100644 --- a/packages/boba/teleportation/package.json +++ b/packages/boba/teleportation/package.json @@ -40,7 +40,7 @@ "@eth-optimism/contracts": "0.5.11", "@ethersproject/keccak256": "^5.7.0", "asn1.js": "^5.4.1", - "bcfg": "^0.1.6", + "bcfg": "^0.2.1", "bn.js": "^5.2.1", "dotenv": "^8.6.0", "ethereumjs-tx": "^2.1.2", diff --git a/packages/common-ts/package.json b/packages/common-ts/package.json index 8304514366..9540f6e467 100644 --- a/packages/common-ts/package.json +++ b/packages/common-ts/package.json @@ -35,7 +35,7 @@ "@eth-optimism/core-utils": "0.8.1", "@sentry/node": "^7.30.0", "@types/pino-std-serializers": "^4.0.0", - "bcfg": "^0.1.7", + "bcfg": "^0.2.1", "body-parser": "^1.20.0", "commander": "^9.0.0", "dotenv": "^16.0.0", diff --git a/packages/data-transport-layer/package.json b/packages/data-transport-layer/package.json index 9739522d7f..d44e685bad 100644 --- a/packages/data-transport-layer/package.json +++ b/packages/data-transport-layer/package.json @@ -46,7 +46,7 @@ "@sentry/tracing": "^7.30.0", "@types/express": "^4.17.12", "axios": "^0.21.1", - "bcfg": "^0.1.6", + "bcfg": "^0.2.1", "bfj": "^7.0.2", "browser-or-node": "^1.3.0", "cors": "^2.8.5", diff --git a/packages/message-relayer/package.json b/packages/message-relayer/package.json index b5058fa293..2c284f786c 100644 --- a/packages/message-relayer/package.json +++ b/packages/message-relayer/package.json @@ -36,7 +36,7 @@ "@eth-optimism/ynatm": "^0.2.2", "@eth-optimism/sdk": "1.0.1", "@sentry/node": "^7.30.0", - "bcfg": "^0.1.6", + "bcfg": "^0.2.1", "dotenv": "^10.0.0", "ethers": "^5.5.4", "node-fetch": "^2.6.1" diff --git a/yarn.lock b/yarn.lock index 950c83fb77..be13be67ea 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11439,10 +11439,10 @@ batch@0.6.1: resolved "https://registry.npmjs.org/batch/-/batch-0.6.1.tgz" integrity sha512-x+VAiMRL6UPkx+kudNvxTl6hB2XNNCG2r+7wixVfIYwu/2HKRXimwQyaumLjMveWvT2Hkd/cAJw+QBMfJ/EKVw== -bcfg@^0.1.6, bcfg@^0.1.7: - version "0.1.7" - resolved "https://registry.npmjs.org/bcfg/-/bcfg-0.1.7.tgz" - integrity sha512-+4beq5bXwfmxdcEoHYQsaXawh1qFzjLcRvPe5k5ww/NEWzZTm56Jk8LuPmfeGB7X584jZ8xGq6UgMaZnNDa5Ww== +bcfg@^0.2.1: + version "0.2.1" + resolved "https://registry.yarnpkg.com/bcfg/-/bcfg-0.2.1.tgz#d6ebd9827a99ff62bfad326edd349babc58d6e97" + integrity sha512-Q69DG2V9QJexdXvYoiXM4xfQ5m65tIOAzJCcW4USQdvbWEJJqBQ9MEDdyJb2ei5fadAJPVp8rUpLbFnkC37FZA== dependencies: bsert "~0.0.10" From 80361cfc43183486b121e89d9180709a7754098e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 20:25:36 +0200 Subject: [PATCH 3/6] Bump pino-pretty from 5.1.3 to 10.0.1 (#1027) Bumps [pino-pretty](https://github.com/pinojs/pino-pretty) from 5.1.3 to 10.0.1. - [Release notes](https://github.com/pinojs/pino-pretty/releases) - [Commits](https://github.com/pinojs/pino-pretty/compare/v5.1.3...v10.0.1) --- updated-dependencies: - dependency-name: pino-pretty dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/data-transport-layer/package.json | 2 +- yarn.lock | 109 ++++----------------- 2 files changed, 22 insertions(+), 89 deletions(-) diff --git a/packages/data-transport-layer/package.json b/packages/data-transport-layer/package.json index d44e685bad..7ae1c30c6c 100644 --- a/packages/data-transport-layer/package.json +++ b/packages/data-transport-layer/package.json @@ -86,7 +86,7 @@ "hardhat": "^2.12.5", "lint-staged": "11.0.0", "mocha": "^8.4.0", - "pino-pretty": "^5.0.0", + "pino-pretty": "^10.0.1", "prettier": "^2.3.1", "prom-client": "^14.2.0", "rimraf": "^3.0.2", diff --git a/yarn.lock b/yarn.lock index be13be67ea..5134dc2b82 100644 --- a/yarn.lock +++ b/yarn.lock @@ -3670,11 +3670,6 @@ resolved "https://registry.npmjs.org/@graphql-typed-document-node/core/-/core-3.1.1.tgz" integrity sha512-NQ17ii0rK1b34VZonlmT2QMJFI70m0TRwbknO/ihlbatXyaktDhN/98vBiUU6kNBPljqGqyIrl2T4nY2RpFANg== -"@hapi/bourne@^2.0.0": - version "2.1.0" - resolved "https://registry.npmjs.org/@hapi/bourne/-/bourne-2.1.0.tgz" - integrity sha512-i1BpaNDVLJdRBEKeJWkVO6tYX6DMFBuwMhSuWqLsY4ufeTKGVuV5rBsUhxPayXqnnWHgXUAmWK16H/ykO5Wj4Q== - "@humanwhocodes/config-array@^0.11.10": version "0.11.10" resolved "https://registry.yarnpkg.com/@humanwhocodes/config-array/-/config-array-0.11.10.tgz#5a3ffe32cc9306365fb3fd572596cd602d5e12d2" @@ -10272,16 +10267,6 @@ argparse@^2.0.1: resolved "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz" integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== -args@^5.0.1: - version "5.0.3" - resolved "https://registry.npmjs.org/args/-/args-5.0.3.tgz" - integrity sha512-h6k/zfFgusnv3i5TU08KQkVKuCPBtL/PWQbWkHUxvJrZ2nAyeaUupneemcrgn1xmqxPQsPIzwkUhOpoqPDRZuA== - dependencies: - camelcase "5.0.0" - chalk "2.4.2" - leven "2.1.0" - mri "1.1.4" - aria-query@^4.2.2: version "4.2.2" resolved "https://registry.npmjs.org/aria-query/-/aria-query-4.2.2.tgz" @@ -12245,11 +12230,6 @@ camelcase-keys@^6.2.2: map-obj "^4.0.0" quick-lru "^4.0.1" -camelcase@5.0.0: - version "5.0.0" - resolved "https://registry.npmjs.org/camelcase/-/camelcase-5.0.0.tgz" - integrity sha512-faqwZqnWxbxn+F1d399ygeamQNy3lPp/H9H6rNrqYh4FSVCtcY+3cub1MxA8o9mDd55mM8Aghuu/kuyYA6VTsA== - camelcase@^3.0.0: version "3.0.0" resolved "https://registry.npmjs.org/camelcase/-/camelcase-3.0.0.tgz" @@ -12377,15 +12357,6 @@ chalk@2.4.1: escape-string-regexp "^1.0.5" supports-color "^5.3.0" -chalk@2.4.2, chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0, chalk@^2.3.0, chalk@^2.3.2, chalk@^2.4.1, chalk@^2.4.2: - version "2.4.2" - resolved "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz" - integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== - dependencies: - ansi-styles "^3.2.1" - escape-string-regexp "^1.0.5" - supports-color "^5.3.0" - chalk@^1.1.3: version "1.1.3" resolved "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz" @@ -12397,6 +12368,15 @@ chalk@^1.1.3: strip-ansi "^3.0.0" supports-color "^2.0.0" +chalk@^2.0.0, chalk@^2.0.1, chalk@^2.1.0, chalk@^2.3.0, chalk@^2.3.2, chalk@^2.4.1, chalk@^2.4.2: + version "2.4.2" + resolved "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz" + integrity sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ== + dependencies: + ansi-styles "^3.2.1" + escape-string-regexp "^1.0.5" + supports-color "^5.3.0" + chalk@^3.0.0: version "3.0.0" resolved "https://registry.npmjs.org/chalk/-/chalk-3.0.0.tgz" @@ -12910,16 +12890,11 @@ colord@^2.9.1: resolved "https://registry.yarnpkg.com/colord/-/colord-2.9.3.tgz#4f8ce919de456f1d5c1c368c307fe20f3e59fb43" integrity sha512-jeC1axXpnb0/2nn/Y1LPuLdgXBLH7aDcHu4KEKfqw3CUhX7ZpfBSlPKyqXE6btIgEzfWtrX3/tyBCaCvXvMkOw== -colorette@^2.0.10, colorette@^2.0.19: +colorette@^2.0.10, colorette@^2.0.14, colorette@^2.0.16, colorette@^2.0.19, colorette@^2.0.7: version "2.0.20" resolved "https://registry.yarnpkg.com/colorette/-/colorette-2.0.20.tgz#9eb793e6833067f7235902fcd3b09917a000a95a" integrity sha512-IfEDxwoWIjkeXL1eXcDiow4UbKjhLdq6/EuSVR9GMN7KVH3r9gQ83e73hsz1Nd1T3ijd5xv1wcWRYO+D6kCI2w== -colorette@^2.0.14, colorette@^2.0.16, colorette@^2.0.7: - version "2.0.19" - resolved "https://registry.npmjs.org/colorette/-/colorette-2.0.19.tgz" - integrity sha512-3tlv/dIP7FWvj3BsbHrGLJ6l/oKh1O3TcgBqMn+yyCagOxc23fyzDS6HypQbgxWbkpDnf52p1LuR4eWDQ/K9WQ== - colors@1.0.3: version "1.0.3" resolved "https://registry.npmjs.org/colors/-/colors-1.0.3.tgz" @@ -13927,7 +13902,7 @@ dateformat@^3.0.0: resolved "https://registry.npmjs.org/dateformat/-/dateformat-3.0.3.tgz" integrity sha512-jyCETtSl3VMZMWeRo7iY1FL19ges1t55hMo5yaam4Jrsm5EPL89UQkoQRyiI+Yf4k8r2ZpdngkV8hr1lIdjb3Q== -dateformat@^4.5.1, dateformat@^4.6.3: +dateformat@^4.6.3: version "4.6.3" resolved "https://registry.npmjs.org/dateformat/-/dateformat-4.6.3.tgz" integrity sha512-2P0p0pFGzHS5EMnhdxQi7aJN+iMheud0UhG4dlE1DLAlvL8JHjJJTX/CSm4JXwV0Ka5nGk3zC5mcb5bUQUxxMA== @@ -16723,7 +16698,7 @@ fast-redact@^3.0.0: resolved "https://registry.npmjs.org/fast-redact/-/fast-redact-3.1.2.tgz" integrity sha512-+0em+Iya9fKGfEQGcd62Yv6onjBmmhV1uh86XVfOU8VwAe6kaFdQCWI9s0/Nnugx5Vd9tdbZ7e6gE2tR9dzXdw== -fast-safe-stringify@^2.0.6, fast-safe-stringify@^2.0.7, fast-safe-stringify@^2.0.8, fast-safe-stringify@^2.1.1: +fast-safe-stringify@^2.0.6, fast-safe-stringify@^2.0.8, fast-safe-stringify@^2.1.1: version "2.1.1" resolved "https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.1.1.tgz" integrity sha512-W+KJc2dmILlPplD/H4K9l9LcAHAfPtP6BY84uVLXQ6Evcz9Lcg33Y2z1IVblT6xdY54PXYVHEv+0Wpq8Io6zkA== @@ -20228,12 +20203,7 @@ jiti@^1.18.2: resolved "https://registry.yarnpkg.com/jiti/-/jiti-1.18.2.tgz#80c3ef3d486ebf2450d9335122b32d121f2a83cd" integrity sha512-QAdOptna2NYiSSpv0O/BwoHBSmz4YhpzJHyi+fnMRTXFjp7B8i/YG5Z8IfusxB1ufjcD2Sre1F3R+nX3fvy7gg== -jmespath@^0.15.0: - version "0.15.0" - resolved "https://registry.npmjs.org/jmespath/-/jmespath-0.15.0.tgz" - integrity sha512-+kHj8HXArPfpPEKGLZ+kB5ONRTCiGQXo8RQYL0hH8t6pWXUBBK5KkkQmTNOwKK4LEsd0yTsgtjJVm4UBSZea4w== - -joycon@^3.0.0, joycon@^3.1.1: +joycon@^3.1.1: version "3.1.1" resolved "https://registry.npmjs.org/joycon/-/joycon-3.1.1.tgz" integrity sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw== @@ -21160,11 +21130,6 @@ levelup@^5.1.1: level-supports "^2.0.1" queue-microtask "^1.2.3" -leven@2.1.0: - version "2.1.0" - resolved "https://registry.npmjs.org/leven/-/leven-2.1.0.tgz" - integrity sha512-nvVPLpIHUxCUoRLrFqTgSxXJ614d8AgQoWl7zPe/2VadE8+1dpU3LBhowRuBAcuwruWtOdD8oYC9jDNJjXDPyA== - leven@^3.1.0: version "3.1.0" resolved "https://registry.npmjs.org/leven/-/leven-3.1.0.tgz" @@ -22733,11 +22698,6 @@ morgan@^1.10.0: on-finished "~2.3.0" on-headers "~1.0.2" -mri@1.1.4: - version "1.1.4" - resolved "https://registry.npmjs.org/mri/-/mri-1.1.4.tgz" - integrity sha512-6y7IjGPm8AzlvoUrwAaw1tLnUBudaS3752vcd8JtrpGGQn+rXIe63LFVHm/YMwtqAuh+LJPCFdlLYPWM1nYn6w== - mri@^1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/mri/-/mri-1.2.0.tgz#6721480fec2a11a4889861115a48b6cbe7cc8f0b" @@ -24454,10 +24414,10 @@ pino-multi-stream@^5.3.0: dependencies: pino "^6.0.0" -pino-pretty@*: - version "9.1.1" - resolved "https://registry.npmjs.org/pino-pretty/-/pino-pretty-9.1.1.tgz" - integrity sha512-iJrnjgR4FWQIXZkUF48oNgoRI9BpyMhaEmihonHeCnZ6F50ZHAS4YGfGBT/ZVNsPmd+hzkIPGzjKdY08+/yAXw== +pino-pretty@*, pino-pretty@^10.0.1: + version "10.0.1" + resolved "https://registry.yarnpkg.com/pino-pretty/-/pino-pretty-10.0.1.tgz#54a11182068949ff3069f1f7857f297a14926e58" + integrity sha512-yrn00+jNpkvZX/NrPVCPIVHAfTDy3ahF0PND9tKqZk4j9s+loK8dpzrJj4dGb7i+WLuR50ussuTAiWoMWU+qeA== dependencies: colorette "^2.0.7" dateformat "^4.6.3" @@ -24474,24 +24434,6 @@ pino-pretty@*: sonic-boom "^3.0.0" strip-json-comments "^3.1.1" -pino-pretty@^5.0.0: - version "5.1.3" - resolved "https://registry.npmjs.org/pino-pretty/-/pino-pretty-5.1.3.tgz" - integrity sha512-Zj+0TVdYKkAAIx9EUCL5e4TttwgsaFvJh2ceIMQeFCY8ak9tseEZQGSgpvyjEj1/iIVGIh5tdhkGEQWSMILKHA== - dependencies: - "@hapi/bourne" "^2.0.0" - args "^5.0.1" - chalk "^4.0.0" - dateformat "^4.5.1" - fast-safe-stringify "^2.0.7" - jmespath "^0.15.0" - joycon "^3.0.0" - pump "^3.0.0" - readable-stream "^3.6.0" - rfdc "^1.3.0" - split2 "^3.1.1" - strip-json-comments "^3.1.1" - pino-sentry@^0.14.0: version "0.14.0" resolved "https://registry.npmjs.org/pino-sentry/-/pino-sentry-0.14.0.tgz" @@ -26291,10 +26233,10 @@ read@1, read@~1.0.1: dependencies: mute-stream "~0.0.4" -"readable-stream@2 || 3", readable-stream@3, readable-stream@^3.0.0, readable-stream@^3.0.2, readable-stream@^3.0.6, readable-stream@^3.1.0, readable-stream@^3.1.1, readable-stream@^3.4.0, readable-stream@^3.6.0: - version "3.6.0" - resolved "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.0.tgz" - integrity sha512-BViHy7LKeTz4oNnkcLJ+lVSL6vpiFeX6/d3oSH8zCW7UxP2onchk+vTGB143xuFjHS3deTgkKoXXymXqymiIdA== +"readable-stream@2 || 3", readable-stream@3, readable-stream@^3.0.0, readable-stream@^3.0.2, readable-stream@^3.0.6, readable-stream@^3.1.0, readable-stream@^3.1.1, readable-stream@^3.4.0, readable-stream@^3.5.0, readable-stream@^3.6.0: + version "3.6.2" + resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" + integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== dependencies: inherits "^2.0.3" string_decoder "^1.1.1" @@ -26323,15 +26265,6 @@ readable-stream@^1.0.26-4, readable-stream@^1.0.33: isarray "0.0.1" string_decoder "~0.10.x" -readable-stream@^3.5.0: - version "3.6.2" - resolved "https://registry.yarnpkg.com/readable-stream/-/readable-stream-3.6.2.tgz#56a9b36ea965c00c5a93ef31eb111a0f11056967" - integrity sha512-9u/sniCrY3D5WdsERHzHE4G2YCXqoG5FTHUiCC4SIbr6XcLZBY05ya9EKjYek9O5xOAwjGq+1JdGBAS7Q9ScoA== - dependencies: - inherits "^2.0.3" - string_decoder "^1.1.1" - util-deprecate "^1.0.1" - readable-stream@^4.0.0: version "4.3.0" resolved "https://registry.npmjs.org/readable-stream/-/readable-stream-4.3.0.tgz" From 77c883841b1bd0b233e278d01cae6fa82e458532 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jul 2023 20:44:47 +0200 Subject: [PATCH 4/6] Bump sinon from 14.0.2 to 15.2.0 (#1029) Bumps [sinon](https://github.com/sinonjs/sinon) from 14.0.2 to 15.2.0. - [Release notes](https://github.com/sinonjs/sinon/releases) - [Changelog](https://github.com/sinonjs/sinon/blob/main/docs/changelog.md) - [Commits](https://github.com/sinonjs/sinon/compare/v14.0.2...v15.2.0) --- updated-dependencies: - dependency-name: sinon dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- packages/boba/bundler/package.json | 2 +- yarn.lock | 56 +++++++++++++++--------------- 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/packages/boba/bundler/package.json b/packages/boba/bundler/package.json index 09e2b08302..3539451c93 100644 --- a/packages/boba/bundler/package.json +++ b/packages/boba/bundler/package.json @@ -56,7 +56,7 @@ "hardhat": "^2.12.5", "hardhat-deploy": "^0.11.12", "ow": "^0.28.1", - "sinon": "^14.0.0", + "sinon": "^15.2.0", "solidity-coverage": "^0.7.21", "solidity-string-utils": "^0.0.8-0", "ts-node": ">=8.0.0", diff --git a/yarn.lock b/yarn.lock index 5134dc2b82..083f10f840 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5958,12 +5958,19 @@ dependencies: type-detect "4.0.8" -"@sinonjs/fake-timers@^10.0.2": - version "10.0.2" - resolved "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.0.2.tgz" - integrity sha512-SwUDyjWnah1AaNl7kxsa7cfLhlTYoiyhDAIgyh+El30YvXs/o7OLXpYH88Zdhyx9JExKrmHDJ+10bwIcY80Jmw== +"@sinonjs/commons@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@sinonjs/commons/-/commons-3.0.0.tgz#beb434fe875d965265e04722ccfc21df7f755d72" + integrity sha512-jXBtWAF4vmdNmZgD5FoKsVLv3rPgDnLgPbU84LIJ3otV44vJlDRokVng5v8NFJdCf/da9legHcKaRuZs4L7faA== dependencies: - "@sinonjs/commons" "^2.0.0" + type-detect "4.0.8" + +"@sinonjs/fake-timers@^10.0.2", "@sinonjs/fake-timers@^10.3.0": + version "10.3.0" + resolved "https://registry.yarnpkg.com/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz#55fdff1ecab9f354019129daf4df0dd4d923ea66" + integrity sha512-V4BG07kuYSUkTCSBHG8G8TNhM+F19jXFWnQtzj+we8DrkpSBCee9Z3Ms8yiGer/dlmhe35/Xdgyo3/0rQKg7YA== + dependencies: + "@sinonjs/commons" "^3.0.0" "@sinonjs/fake-timers@^8.0.1": version "8.1.0" @@ -5972,17 +5979,10 @@ dependencies: "@sinonjs/commons" "^1.7.0" -"@sinonjs/fake-timers@^9.1.2": - version "9.1.2" - resolved "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz" - integrity sha512-BPS4ynJW/o92PUR4wgriz2Ud5gpST5vz6GQfMixEDK0Z8ZCUv2M7SkBLykH56T++Xs+8ln9zTGbOvNGIe02/jw== - dependencies: - "@sinonjs/commons" "^1.7.0" - -"@sinonjs/samsam@^7.0.1": - version "7.0.1" - resolved "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-7.0.1.tgz" - integrity sha512-zsAk2Jkiq89mhZovB2LLOdTCxJF4hqqTToGP0ASWlhp4I1hqOjcfmZGafXntCN7MDC6yySH0mFHrYtHceOeLmw== +"@sinonjs/samsam@^8.0.0": + version "8.0.0" + resolved "https://registry.yarnpkg.com/@sinonjs/samsam/-/samsam-8.0.0.tgz#0d488c91efb3fa1442e26abea81759dfc8b5ac60" + integrity sha512-Bp8KUVlLp8ibJZrnvq2foVhP0IVX2CIprMJPK0vqGqgrDa0OHVKeZyBykqskkrdxV6yKBPmGasO8LVjAKR3Gew== dependencies: "@sinonjs/commons" "^2.0.0" lodash.get "^4.4.2" @@ -14384,7 +14384,7 @@ diff@^4.0.1: resolved "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz" integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== -diff@^5.0.0: +diff@^5.0.0, diff@^5.1.0: version "5.1.0" resolved "https://registry.npmjs.org/diff/-/diff-5.1.0.tgz" integrity sha512-D+mk+qE8VC/PAUrlAU34N+VfXev0ghe5ywmpqrawphmVZc1bEfn56uo9qpyGp1p4xpzOHkSW4ztBd6L7Xx4ACw== @@ -22917,9 +22917,9 @@ nice-try@^1.0.4: resolved "https://registry.npmjs.org/nice-try/-/nice-try-1.0.5.tgz" integrity sha512-1nh45deeb5olNY7eX82BkPO7SSxR5SSYJiPTrTdFUVYwAl8CKMA5N9PjTYkHiRjisVcxcQ1HXdLhx2qxxJzLNQ== -nise@^5.1.2: +nise@^5.1.4: version "5.1.4" - resolved "https://registry.npmjs.org/nise/-/nise-5.1.4.tgz" + resolved "https://registry.yarnpkg.com/nise/-/nise-5.1.4.tgz#491ce7e7307d4ec546f5a659b2efe94a18b4bbc0" integrity sha512-8+Ib8rRJ4L0o3kfmyVCL7gzrohyDe0cMFTBa2d364yIrEGMEoetznKJx899YxjybU6bL9SQkYPSBBs1gyYs8Xg== dependencies: "@sinonjs/commons" "^2.0.0" @@ -27664,16 +27664,16 @@ simple-update-notifier@^1.0.0: dependencies: semver "~7.0.0" -sinon@^14.0.0: - version "14.0.2" - resolved "https://registry.npmjs.org/sinon/-/sinon-14.0.2.tgz" - integrity sha512-PDpV0ZI3ZCS3pEqx0vpNp6kzPhHrLx72wA0G+ZLaaJjLIYeE0n8INlgaohKuGy7hP0as5tbUd23QWu5U233t+w== +sinon@^15.2.0: + version "15.2.0" + resolved "https://registry.yarnpkg.com/sinon/-/sinon-15.2.0.tgz#5e44d4bc5a9b5d993871137fd3560bebfac27565" + integrity sha512-nPS85arNqwBXaIsFCkolHjGIkFo+Oxu9vbgmBJizLAhqe6P2o3Qmj3KCUoRkfhHtvgDhZdWD3risLHAUJ8npjw== dependencies: - "@sinonjs/commons" "^2.0.0" - "@sinonjs/fake-timers" "^9.1.2" - "@sinonjs/samsam" "^7.0.1" - diff "^5.0.0" - nise "^5.1.2" + "@sinonjs/commons" "^3.0.0" + "@sinonjs/fake-timers" "^10.3.0" + "@sinonjs/samsam" "^8.0.0" + diff "^5.1.0" + nise "^5.1.4" supports-color "^7.2.0" sisteransi@^1.0.5: From 66ddde4e317eae77d58216742ec2e709d452a49f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 19 Jul 2023 13:19:00 +0200 Subject: [PATCH 5/6] Bump word-wrap from 1.2.3 to 1.2.4 (#1036) --- yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/yarn.lock b/yarn.lock index 083f10f840..5e9c14a24a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -31799,9 +31799,9 @@ window-size@^0.2.0: integrity sha512-UD7d8HFA2+PZsbKyaOCEy8gMh1oDtHgJh1LfgjQ4zVXmYjAT/kvz3PueITKuqDiIXQe7yzpPnxX3lNc+AhQMyw== word-wrap@^1.2.3, word-wrap@~1.2.3: - version "1.2.3" - resolved "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz" - integrity sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ== + version "1.2.4" + resolved "https://registry.yarnpkg.com/word-wrap/-/word-wrap-1.2.4.tgz#cb4b50ec9aca570abd1f52f33cd45b6c61739a9f" + integrity sha512-2V81OA4ugVo5pRo46hAoD2ivUJx8jXmWXfUkY4KFNw0hEptvN0QfH3K4nHiwzGeKl5rFKedV48QVoqYavy4YpA== wordwrap@^1.0.0: version "1.0.0" From 613200a16d9175f09c6baf32881fce805ff57d41 Mon Sep 17 00:00:00 2001 From: Ino Murko Date: Thu, 20 Jul 2023 12:41:37 +0200 Subject: [PATCH 6/6] Require a positive balance for the fee token. (#1033) --- l2geth/core/state_transition.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/l2geth/core/state_transition.go b/l2geth/core/state_transition.go index 9948a10aaa..c8d8ce7627 100644 --- a/l2geth/core/state_transition.go +++ b/l2geth/core/state_transition.go @@ -48,8 +48,10 @@ The state transitioning model does all the necessary work to work out a valid ne 3) Create a new state object if the recipient is \0*32 4) Value transfer == If contract creation == - 4a) Attempt to run transaction data - 4b) If valid, use result as code for the new state object + + 4a) Attempt to run transaction data + 4b) If valid, use result as code for the new state object + == end == 5) Run Script section 6) Derive new state root @@ -277,7 +279,7 @@ func (st *StateTransition) buyGas() error { if !st.isEthereumL2 { bobaval = new(big.Int).Div(bobaval, st.bobaPriceRatioDivisor) } - if st.state.GetBobaBalance(st.msg.From()).Cmp(bobaval) < 0 { + if st.state.GetBobaBalance(st.msg.From()).Cmp(bobaval) <= 0 { if !st.isEthereumL2 { return errInsufficientL1NativeTokenBalanceForGas }