Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Better governance protection (audit) #822

Merged
merged 16 commits into from
Sep 26, 2024

Conversation

StanislavBreadless
Copy link
Collaborator

What ❔

Why ❔

Checklist

  • PR title corresponds to the body of PR (we generate changelog entries from PRs).
  • Tests for the changes have been added / updated.
  • Documentation comments have been added / updated.

Copy link

Changes to gas cost

Generated at commit: 65d196ee7aedb773af92d6547e6fbc0888e7dd6d, compared to commit: ef318e21bc38841d3905b090bc558662b57eacab

🧾 Summary (100% most significant diffs)

Contract Method Avg (+/-) %
PermanentRestriction allowAdminImplementation
setAllowedData
setSelectorIsValidated
validateCall
-21,551 ✅
-22,018 ✅
-21,360 ✅
-3,037 ✅
-45.14%
-44.74%
-44.86%
-10.75%
L1NativeTokenVault bridgeMint
bridgeRecoverFailedTransfer
-10,714 ✅
-11,111 ✅
-26.65%
-36.58%
L1AssetRouter bridgeRecoverFailedTransfer
finalizeDeposit
finalizeWithdrawal
-11,111 ✅
-10,714 ✅
-6,579 ✅
-24.45%
-18.27%
-7.33%
L1Nullifier bridgeRecoverFailedTransfer
claimFailedDeposit
finalizeDeposit
-12,500 ✅
-6,250 ✅
-7,143 ✅
-17.23%
-9.42%
-9.18%
TransparentUpgradeableProxy bridgeRecoverFailedTransfer
claimFailedDeposit
finalizeDeposit
finalizeWithdrawal
-12,500 ✅
-6,250 ✅
-12,500 ✅
-6,579 ✅
-12.47%
-6.90%
-8.90%
-5.64%
DummyBridgehubSetter createNewChain
requestL2TransactionDirect
requestL2TransactionTwoBridges
setCTM
setZKChain
-2,127 ✅
+1,034 ❌
+107 ❌
-1 ✅
-1 ✅
-2.00%
+1.15%
+0.08%
-0.00%
-0.00%
ChainAdmin setUpgradeTimestamp +158 ❌ +0.35%
DiamondProxy finalizeEthWithdrawal +93 ❌ +0.12%
TestnetERC20Token approve
transfer
0 ➖
+4 ❌
0.00%
+0.01%
L1ERC20Bridge deposit(address,address,uint256,uint256,uint256) -2 ✅ -0.00%
DummyChainTypeManagerWBH setZKChain +1 ❌ +0.00%

Full diff report 👇
Contract Deployment Cost (+/-) Method Min (+/-) % Avg (+/-) % Median (+/-) % Max (+/-) % # Calls (+/-)
PermanentRestriction 1,998,755 (+851,050) allowAdminImplementation
setAllowedData
setSelectorIsValidated
tryCompareAdminOfAChain
validateCall
26,196 (-21,298)
26,762 (-21,471)
26,253 (-21,330)
453 (0)
722 (-25,199)
-44.84%
-44.52%
-44.83%
0.00%
-97.21%
26,196 (-21,551)
27,198 (-22,018)
26,253 (-21,360)
16,668 (-2,449)
25,217 (-3,037)
-45.14%
-44.74%
-44.86%
-12.81%
-10.75%
26,196 (-21,670)
27,033 (-21,815)
26,253 (-21,378)
24,579 (+409)
30,170 (+1,619)
-45.27%
-44.66%
-44.88%
+1.69%
+5.67%
26,196 (-21,670)
27,846 (-23,183)
26,253 (-21,378)
24,579 (+409)
31,793 (+1,840)
-45.27%
-45.43%
-44.88%
+1.69%
+6.14%
258 (0)
257 (0)
258 (0)
13 (+2)
10 (+3)
L1NativeTokenVault 3,828,533 (0) bridgeBurn
bridgeMint
bridgeRecoverFailedTransfer
12,557 (0)
10,518 (0)
5,239 (0)
0.00%
0.00%
0.00%
68,963 (+8)
29,493 (-10,714)
19,261 (-11,111)
+0.01%
-26.65%
-36.58%
79,756 (0)
31,005 (-3,583)
22,363 (-7,172)
0.00%
-10.36%
-24.28%
79,756 (0)
34,588 (-17,834)
29,535 (-17,937)
0.00%
-34.02%
-37.78%
1,297 (0)
14 (0)
9 (0)
L1AssetRouter 4,128,300 (0) bridgeRecoverFailedTransfer
finalizeDeposit
finalizeWithdrawal
16,546 (0)
25,679 (0)
25,801 (0)
0.00%
0.00%
0.00%
34,335 (-11,111)
47,940 (-10,714)
83,116 (-6,579)
-24.45%
-18.27%
-7.33%
36,544 (-7,172)
49,999 (-3,583)
101,439 (-9,656)
-16.41%
-6.69%
-8.69%
43,716 (-24,328)
53,582 (-17,834)
111,105 (-17,834)
-35.75%
-24.97%
-13.83%
9 (0)
14 (0)
19 (0)
L1Nullifier 3,308,795 (0) bridgeRecoverFailedTransfer
claimFailedDeposit
finalizeDeposit
14,025 (0)
16,783 (0)
9,950 (0)
0.00%
0.00%
0.00%
60,055 (-12,500)
60,068 (-6,250)
70,674 (-7,143)
-17.23%
-9.42%
-9.18%
72,697 (-12,500)
68,220 (-3,586)
87,578 (-7,166)
-14.67%
-4.99%
-7.56%
80,804 (-25,000)
84,400 (-17,828)
108,111 (-18,272)
-23.63%
-17.44%
-14.46%
4 (0)
8 (0)
21 (0)
TransparentUpgradeableProxy 787,868 (0) bridgeRecoverFailedTransfer
claimFailedDeposit
finalizeDeposit
finalizeWithdrawal
45,531 (0)
47,236 (0)
124,356 (-7,102)
56,436 (0)
0.00%
0.00%
-5.40%
0.00%
87,759 (-12,500)
84,374 (-6,250)
127,907 (-12,500)
109,992 (-6,579)
-12.47%
-6.90%
-8.90%
-5.64%
98,007 (-12,500)
92,471 (-3,700)
127,907 (-12,500)
125,762 (-9,348)
-11.31%
-3.85%
-8.90%
-6.92%
109,492 (-25,000)
102,677 (-17,600)
131,458 (-17,898)
135,120 (-17,834)
-18.59%
-14.63%
-11.98%
-11.66%
4 (0)
8 (0)
2 (0)
19 (0)
ChainTypeManager 4,547,000 (0) createNewChain
initialize
1,053 (0)
22,745 (0)
0.00%
0.00%
3,301,999 (+145,006)
113,572 (+472)
+4.59%
+0.42%
3,575,898 (0)
22,745 (0)
0.00%
0.00%
3,575,898 (0)
207,071 (0)
0.00%
0.00%
26 (+9)
69 (+18)
DummyBridgehubSetter 5,364,532 (0) addChainTypeManager
admin
createNewChain
proveL1ToL2TransactionStatus
proveL2LogInclusion
proveL2MessageInclusion
removeChainTypeManager
requestL2TransactionDirect
requestL2TransactionTwoBridges
setAddresses
setCTM
setPendingAdmin
setZKChain
23,865 (0)
411 (0)
29,855 (-1,752)
0 (0)
0 (0)
0 (0)
23,802 (0)
32,938 (-57)
30,863 (-12)
24,270 (0)
44,193 (0)
25,880 (0)
111,315 (0)
0.00%
0.00%
-5.54%
+∞%
+∞%
+∞%
0.00%
-0.17%
-0.04%
0.00%
0.00%
0.00%
0.00%
44,090 (+1)
1,524 (+2)
104,332 (-2,127)
1,364 (-2)
1,477 (+18)
1,557 (+4)
25,420 (+7)
91,157 (+1,034)
134,147 (+107)
65,930 (-50)
44,230 (-1)
47,601 (+13)
111,352 (-1)
+0.00%
+0.13%
-2.00%
-0.15%
+1.23%
+0.26%
+0.03%
+1.15%
+0.08%
-0.08%
-0.00%
+0.03%
-0.00%
47,558 (0)
2,411 (0)
36,337 (-6)
961 (+3)
1,066 (+6)
1,141 (0)
25,774 (0)
76,494 (+1,626)
58,441 (+11,815)
71,130 (0)
44,241 (-12)
49,745 (0)
111,363 (-12)
0.00%
0.00%
-0.02%
+0.31%
+0.57%
0.00%
0.00%
+2.17%
+25.34%
0.00%
-0.03%
0.00%
-0.01%
47,558 (0)
2,411 (0)
863,791 (-2,365)
3,578 (-7)
3,792 (+7)
3,948 (-21)
26,190 (0)
202,924 (+2,312)
359,797 (-24)
91,270 (0)
44,253 (0)
49,757 (0)
111,375 (0)
0.00%
0.00%
-0.27%
-0.20%
+0.18%
-0.53%
0.00%
+1.15%
-0.01%
0.00%
0.00%
0.00%
0.00%
6,656 (0)
2,300 (-3)
2,560 (0)
512 (0)
512 (0)
512 (0)
2,048 (0)
1,024 (0)
1,535 (-1)
3,328 (0)
2,816 (0)
4,860 (-3)
2,816 (0)
DiamondInit 625,076 (0) initialize 22,569 (0) 0.00% 397,306 (+1,646) +0.42% 400,257 (0) 0.00% 420,157 (0) 0.00% 134 (+9)
ChainAdmin 909,847 (0) setUpgradeTimestamp 45,273 (+19,912) +78.51% 45,403 (+158) +0.35% 45,339 (-6) -0.01% 45,645 (0) 0.00% 256 (0)
MailboxFacet 3,287,412 (+12) finalizeEthWithdrawal 8,101 (0) 0.00% 49,205 (+123) +0.25% 49,490 (0) 0.00% 49,490 (0) 0.00% 257 (0)
DiamondProxy 2,475,597 (0) executeUpgrade
finalizeEthWithdrawal
requestL2Transaction
util_setChainId
31,709 (0)
37,590 (0)
33,146 (0)
28,906 (0)
0.00%
0.00%
0.00%
0.00%
286,696 (+2)
76,484 (+93)
128,883 (+2)
33,753 (+10)
+0.00%
+0.12%
+0.00%
+0.03%
432,481 (0)
76,707 (-48)
166,308 (0)
33,718 (0)
0.00%
-0.06%
0.00%
0.00%
432,531 (0)
77,007 (0)
188,247 (0)
34,090 (0)
0.00%
0.00%
0.00%
0.00%
5 (0)
257 (0)
771 (0)
519 (0)
Bridgehub 5,327,424 (0) getZKChain 758 (0) 0.00% 2,922 (+2) +0.07% 2,758 (0) 0.00% 5,039 (0) 0.00% 55 (+15)
MerkleTest 520,004 (0) calculateRoot(bytes32[],uint256,bytes32) 565 (0) 0.00% 2,929 (-2) -0.07% 2,982 (0) 0.00% 3,037 (0) 0.00% 265 (0)
AccessControlRestriction 1,759,691 (-12) grantRole
setRequiredRoleForCall
setRequiredRoleForFallback
51,036 (0)
48,605 (0)
47,940 (0)
0.00%
0.00%
0.00%
51,274 (+1)
49,415 (-9)
48,852 (+12)
+0.00%
-0.02%
+0.02%
51,408 (0)
48,977 (0)
48,312 (0)
0.00%
0.00%
0.00%
51,408 (0)
51,877 (0)
51,658 (0)
0.00%
0.00%
0.00%
1,024 (0)
1,280 (0)
1,280 (0)
TestnetERC20Token 800,383 (0) approve
transfer
24,247 (0)
46,273 (0)
0.00%
0.00%
46,233 (0)
46,623 (+4)
0.00%
+0.01%
46,195 (-12)
46,585 (+12)
-0.03%
+0.03%
46,543 (0)
46,873 (0)
0.00%
0.00%
1,512 (0)
257 (0)
MerkleTreeNoSort 583,114 (0) getProof 2,608 (0) 0.00% 32,753 (+2) +0.01% 33,207 (0) 0.00% 33,229 (0) 0.00% 277 (0)
L1ERC20Bridge 1,380,420 (-12) deposit(address,address,uint256,uint256,uint256) 27,793 (0) 0.00% 62,871 (-2) -0.00% 77,227 (0) 0.00% 94,335 (-12) -0.01% 12 (0)
DummyChainTypeManagerWBH 4,576,779 (0) setZKChain 44,085 (0) 0.00% 44,122 (+1) +0.00% 44,145 (+24) +0.05% 44,145 (0) 0.00% 256 (0)
DummyChainTypeManager 4,575,019 (-12)
FullMerkleTest 851,754 (-12)
IncrementalMerkleTest 365,393 (+12)
PriorityQueueTest 328,656 (-12)
ValidatorTimelock 987,801 (+12)
GettersFacet 1,152,461 (-12)
GettersFacetWrapper 2,192,875 (+12)

@StanislavBreadless StanislavBreadless changed the title Better governance protection Better governance protection (audit) Sep 26, 2024
Copy link

Coverage after merging sb-better-governance-protection-oz into oz-audit-sep-head will be

86.02%

Coverage Report
FileStmtsBranchesFuncsLinesUncovered Lines
../da-contracts/contracts
   RollupL1DAValidator.sol64.94%37.50%83.33%70.91%145, 148, 148, 148, 150, 183–184, 187–188, 27, 27–28, 30, 30–31, 34, 36–37, 41–42, 65, 67, 67, 67–68, 70
contracts/bridge
   BridgeHelper.sol93.33%50%100%100%22
   BridgedStandardERC20.sol73.33%25%92.31%75.93%107–108, 113–114, 126–127, 151–152, 193, 193, 200, 200, 207, 207, 218, 54–55, 81–82
   L1ERC20Bridge.sol93.18%80%100%93.75%188–189, 264
   L1Nullifier.sol75.23%56%75.86%82.01%111–112, 127, 127–128, 135, 135–136, 143, 143–144, 173–174, 197, 217, 224–225, 227–228, 237–238, 246–247, 249, 415, 417–418, 418, 418, 420–421, 421, 421, 432–433, 446–447, 468–469, 508, 602, 688, 690, 692, 705, 719, 724
contracts/bridge/asset-router
   AssetRouterBase.sol83.78%40%100%88%138–139, 57–58, 85–86
   L1AssetRouter.sol90.20%72%92%94.17%204–205, 241, 250, 252, 255, 57, 576, 58, 73–74, 81–82
contracts/bridge/ntv
   L1NativeTokenVault.sol95.74%95%92.31%96.72%215, 215–216
   NativeTokenVault.sol87.76%68.18%90.48%91.35%192, 194, 212–213, 220–221, 254–255, 380, 382, 394–395, 447, 452, 64–65
contracts/bridgehub
   Bridgehub.sol80%48.48%93.33%86.61%111, 111–112, 118–119, 126–127, 133–134, 140, 140–141, 175–176, 222–223, 223, 223–224, 231–232, 234–235, 238–239, 249–250, 264–265, 314–315, 317–318, 375–376, 391–392, 422–423, 506–507, 588, 687, 690–691, 695–696, 729–730, 743, 786–787, 789–790, 792–793, 827–828, 831–832, 834–835, 870, 875
   CTMDeploymentTracker.sol79.07%50%90%94.74%115, 119, 34, 41, 64, 91, 94, 96
   MessageRoot.sol91.07%63.64%100%96.97%116–117, 148, 69, 87
contracts/common
   ReentrancyGuard.sol90%66.67%100%92.86%78–79
contracts/common/libraries
   DataEncoding.sol71.43%37.50%100%75%108, 112, 119, 129, 129–131, 134, 75, 83
   DynamicIncrementalMerkle.sol74.42%100%80%72.22%67–70, 72–74, 76–78
   FullMerkle.sol100%100%100%100%
   L2ContractHelper.sol44.44%0%50%52%100, 100–101, 109, 139, 143, 56, 68–69, 74–75, 78–79, 93, 95, 95–96
   Merkle.sol96.61%90.91%100%97.67%80–81
   MessageHashing.sol100%100%100%100%
   SemVer.sol100%100%100%100%
   SystemContractsCaller.sol0%0%0%0%114, 122–125, 135–138, 138–139, 141, 141–142, 33, 33–34, 37, 45, 47, 49, 51, 53, 66, 66, 66, 69, 72, 75, 78, 89, 91, 93, 96, 98
   UncheckedMath.sol100%100%100%100%
   UnsafeBytes.sol84.21%100%83.33%84.62%35–36
contracts/governance
   AccessControlRestriction.sol100%100%100%100%
   ChainAdmin.sol95.12%80%100%96.15%27–28
   Governance.sol98.15%94.74%100%98.55%45–46
   PermanentRestriction.sol89.43%82.61%100%89.41%110, 110–111, 138, 201, 201–202, 205, 207, 207–208, 248–249
contracts/state-transition
   ChainTypeManager.sol67.28%33.33%60%77.67%108, 135–136, 138–139, 141–142, 144–145, 200–201, 245, 252, 270, 276, 283, 295, 302, 309, 317, 324, 332, 339, 357, 359, 424, 443, 443, 443, 446, 446, 446, 448, 461, 466, 491, 74, 87–88
   TestnetVerifier.sol77.78%66.67%100%75%16, 28
   ValidatorTimelock.sol95.08%83.33%100%95.24%200, 82–83
   Verifier.sol89.90%40%96.30%90.93%1674–1675, 287–302, 305–308, 311–318, 321–328, 331–332, 335–336, 339, 383–384, 394–395, 405–406, 416–417, 427–428, 443–444, 453, 453–454, 905–906
contracts/state-transition/chain-deps
   DiamondInit.sol78%45.45%100%86.49%39–40, 42–43, 45–46, 48–49, 51–52, 77
   DiamondProxy.sol92.31%75%100%100%16, 27
contracts/state-transition/chain-deps/facets
   Admin.sol72.69%36.21%90.91%85.29%104–105, 115–116, 130, 130–131, 133–134, 157, 157, 157–158, 158, 158, 160, 239, 241, 254–255, 261, 263, 266, 266, 266, 284, 295–296, 301, 313, 313, 315, 315, 315, 321, 321, 321–322, 322, 322–324, 324, 324–325, 325, 325–327, 354, 356, 360, 369, 379, 383, 40, 40
   Executor.sol76.13%57.14%92%81.25%120–121, 173, 178, 183, 188, 193, 198, 202–203, 208, 208–209, 209–210, 212, 212–213, 223, 227, 227–228, 246–247, 268,

@vladbochok vladbochok merged commit 8208402 into oz-audit-sep-head Sep 26, 2024
26 checks passed
@vladbochok vladbochok deleted the sb-better-governance-protection-oz branch September 26, 2024 08:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants