chore: add audited nitro-contracts 9d44f2d

Author: gzeoneth

contracts/src/bridge/Bridge.sol

@@ -0,0 +1,283 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+pragma solidity ^0.8.4;
+
+import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+import "@openzeppelin/contracts-upgradeable/utils/AddressUpgradeable.sol";
+
+import {
+    NotContract,
+    NotRollupOrOwner,
+    NotDelayedInbox,
+    NotSequencerInbox,
+    NotOutbox,
+    InvalidOutboxSet,
+    BadSequencerMessageNumber
+} from "../libraries/Error.sol";
+import "./IBridge.sol";
+import "./Messages.sol";
+import "../libraries/DelegateCallAware.sol";
+
+import {L1MessageType_batchPostingReport} from "../libraries/MessageTypes.sol";
+
+/**
+ * @title Staging ground for incoming and outgoing messages
+ * @notice Holds the inbox accumulator for sequenced and delayed messages.
+ * It is also the ETH escrow for value sent with these messages.
+ * Since the escrow is held here, this contract also contains a list of allowed
+ * outboxes that can make calls from here and withdraw this escrow.
+ */
+contract Bridge is Initializable, DelegateCallAware, IBridge {
+    using AddressUpgradeable for address;
+
+    struct InOutInfo {
+        uint256 index;
+        bool allowed;
+    }
+
+    mapping(address => InOutInfo) private allowedDelayedInboxesMap;
+    mapping(address => InOutInfo) private allowedOutboxesMap;
+
+    address[] public allowedDelayedInboxList;
+    address[] public allowedOutboxList;
+
+    address internal _activeOutbox;
+
+    /// @inheritdoc IBridge
+    bytes32[] public delayedInboxAccs;
+
+    /// @inheritdoc IBridge
+    bytes32[] public sequencerInboxAccs;
+
+    IOwnable public rollup;
+    address public sequencerInbox;
+
+    uint256 public override sequencerReportedSubMessageCount;
+
+    address internal constant EMPTY_ACTIVEOUTBOX = address(type(uint160).max);
+
+    function initialize(IOwnable rollup_) external initializer onlyDelegated {
+        _activeOutbox = EMPTY_ACTIVEOUTBOX;
+        rollup = rollup_;
+    }
+
+    modifier onlyRollupOrOwner() {
+        if (msg.sender != address(rollup)) {
+            address rollupOwner = rollup.owner();
+            if (msg.sender != rollupOwner) {
+                revert NotRollupOrOwner(msg.sender, address(rollup), rollupOwner);
+            }
+        }
+        _;
+    }
+
+    /// @dev returns the address of current active Outbox, or zero if no outbox is active
+    function activeOutbox() public view returns (address) {
+        address outbox = _activeOutbox;
+        // address zero is returned if no outbox is set, but the value used in storage
+        // is non-zero to save users some gas (as storage refunds are usually maxed out)
+        // EIP-1153 would help here.
+        // we don't return `EMPTY_ACTIVEOUTBOX` to avoid a breaking change on the current api
+        if (outbox == EMPTY_ACTIVEOUTBOX) return address(0);
+        return outbox;
+    }
+
+    function allowedDelayedInboxes(address inbox) external view returns (bool) {
+        return allowedDelayedInboxesMap[inbox].allowed;
+    }
+
+    function allowedOutboxes(address outbox) external view returns (bool) {
+        return allowedOutboxesMap[outbox].allowed;
+    }
+
+    modifier onlySequencerInbox() {
+        if (msg.sender != sequencerInbox) revert NotSequencerInbox(msg.sender);
+        _;
+    }
+
+    function enqueueSequencerMessage(
+        bytes32 dataHash,
+        uint256 afterDelayedMessagesRead,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
+    )
+        external
+        onlySequencerInbox
+        returns (
+            uint256 seqMessageIndex,
+            bytes32 beforeAcc,
+            bytes32 delayedAcc,
+            bytes32 acc
+        )
+    {
+        if (
+            sequencerReportedSubMessageCount != prevMessageCount &&
+            prevMessageCount != 0 &&
+            sequencerReportedSubMessageCount != 0
+        ) {
+            revert BadSequencerMessageNumber(sequencerReportedSubMessageCount, prevMessageCount);
+        }
+        sequencerReportedSubMessageCount = newMessageCount;
+        seqMessageIndex = sequencerInboxAccs.length;
+        if (sequencerInboxAccs.length > 0) {
+            beforeAcc = sequencerInboxAccs[sequencerInboxAccs.length - 1];
+        }
+        if (afterDelayedMessagesRead > 0) {
+            delayedAcc = delayedInboxAccs[afterDelayedMessagesRead - 1];
+        }
+        acc = keccak256(abi.encodePacked(beforeAcc, dataHash, delayedAcc));
+        sequencerInboxAccs.push(acc);
+    }
+
+    /// @inheritdoc IBridge
+    function submitBatchSpendingReport(address sender, bytes32 messageDataHash)
+        external
+        onlySequencerInbox
+        returns (uint256)
+    {
+        return
+            addMessageToDelayedAccumulator(
+                L1MessageType_batchPostingReport,
+                sender,
+                uint64(block.number),
+                uint64(block.timestamp), // solhint-disable-line not-rely-on-time,
+                block.basefee,
+                messageDataHash
+            );
+    }
+
+    /// @inheritdoc IBridge
+    function enqueueDelayedMessage(
+        uint8 kind,
+        address sender,
+        bytes32 messageDataHash
+    ) external payable returns (uint256) {
+        if (!allowedDelayedInboxesMap[msg.sender].allowed) revert NotDelayedInbox(msg.sender);
+        return
+            addMessageToDelayedAccumulator(
+                kind,
+                sender,
+                uint64(block.number),
+                uint64(block.timestamp), // solhint-disable-line not-rely-on-time
+                block.basefee,
+                messageDataHash
+            );
+    }
+
+    function addMessageToDelayedAccumulator(
+        uint8 kind,
+        address sender,
+        uint64 blockNumber,
+        uint64 blockTimestamp,
+        uint256 baseFeeL1,
+        bytes32 messageDataHash
+    ) internal returns (uint256) {
+        uint256 count = delayedInboxAccs.length;
+        bytes32 messageHash = Messages.messageHash(
+            kind,
+            sender,
+            blockNumber,
+            blockTimestamp,
+            count,
+            baseFeeL1,
+            messageDataHash
+        );
+        bytes32 prevAcc = 0;
+        if (count > 0) {
+            prevAcc = delayedInboxAccs[count - 1];
+        }
+        delayedInboxAccs.push(Messages.accumulateInboxMessage(prevAcc, messageHash));
+        emit MessageDelivered(
+            count,
+            prevAcc,
+            msg.sender,
+            kind,
+            sender,
+            messageDataHash,
+            baseFeeL1,
+            blockTimestamp
+        );
+        return count;
+    }
+
+    function executeCall(
+        address to,
+        uint256 value,
+        bytes calldata data
+    ) external returns (bool success, bytes memory returnData) {
+        if (!allowedOutboxesMap[msg.sender].allowed) revert NotOutbox(msg.sender);
+        if (data.length > 0 && !to.isContract()) revert NotContract(to);
+        address prevOutbox = _activeOutbox;
+        _activeOutbox = msg.sender;
+        // We set and reset active outbox around external call so activeOutbox remains valid during call
+
+        // We use a low level call here since we want to bubble up whether it succeeded or failed to the caller
+        // rather than reverting on failure as well as allow contract and non-contract calls
+        // solhint-disable-next-line avoid-low-level-calls
+        (success, returnData) = to.call{value: value}(data);
+        _activeOutbox = prevOutbox;
+        emit BridgeCallTriggered(msg.sender, to, value, data);
+    }
+
+    function setSequencerInbox(address _sequencerInbox) external onlyRollupOrOwner {
+        sequencerInbox = _sequencerInbox;
+        emit SequencerInboxUpdated(_sequencerInbox);
+    }
+
+    function setDelayedInbox(address inbox, bool enabled) external onlyRollupOrOwner {
+        InOutInfo storage info = allowedDelayedInboxesMap[inbox];
+        bool alreadyEnabled = info.allowed;
+        emit InboxToggle(inbox, enabled);
+        if (alreadyEnabled == enabled) {
+            return;
+        }
+        if (enabled) {
+            allowedDelayedInboxesMap[inbox] = InOutInfo(allowedDelayedInboxList.length, true);
+            allowedDelayedInboxList.push(inbox);
+        } else {
+            allowedDelayedInboxList[info.index] = allowedDelayedInboxList[
+                allowedDelayedInboxList.length - 1
+            ];
+            allowedDelayedInboxesMap[allowedDelayedInboxList[info.index]].index = info.index;
+            allowedDelayedInboxList.pop();
+            delete allowedDelayedInboxesMap[inbox];
+        }
+    }
+
+    function setOutbox(address outbox, bool enabled) external onlyRollupOrOwner {
+        if (outbox == EMPTY_ACTIVEOUTBOX) revert InvalidOutboxSet(outbox);
+
+        InOutInfo storage info = allowedOutboxesMap[outbox];
+        bool alreadyEnabled = info.allowed;
+        emit OutboxToggle(outbox, enabled);
+        if (alreadyEnabled == enabled) {
+            return;
+        }
+        if (enabled) {
+            allowedOutboxesMap[outbox] = InOutInfo(allowedOutboxList.length, true);
+            allowedOutboxList.push(outbox);
+        } else {
+            allowedOutboxList[info.index] = allowedOutboxList[allowedOutboxList.length - 1];
+            allowedOutboxesMap[allowedOutboxList[info.index]].index = info.index;
+            allowedOutboxList.pop();
+            delete allowedOutboxesMap[outbox];
+        }
+    }
+
+    function setSequencerReportedSubMessageCount(uint256 newMsgCount) external onlyRollupOrOwner {
+        sequencerReportedSubMessageCount = newMsgCount;
+    }
+
+    function delayedMessageCount() external view override returns (uint256) {
+        return delayedInboxAccs.length;
+    }
+
+    function sequencerMessageCount() external view returns (uint256) {
+        return sequencerInboxAccs.length;
+    }
+
+    /// @dev For the classic -> nitro migration. TODO: remove post-migration.
+    function acceptFundsFromOldBridge() external payable {}
+}

contracts/src/bridge/IBridge.sol

@@ -0,0 +1,115 @@
+// Copyright 2021-2022, Offchain Labs, Inc.
+// For license information, see https://github.com/nitro/blob/master/LICENSE
+// SPDX-License-Identifier: BUSL-1.1
+
+// solhint-disable-next-line compiler-version
+pragma solidity >=0.6.9 <0.9.0;
+
+import "./IOwnable.sol";
+
+interface IBridge {
+    event MessageDelivered(
+        uint256 indexed messageIndex,
+        bytes32 indexed beforeInboxAcc,
+        address inbox,
+        uint8 kind,
+        address sender,
+        bytes32 messageDataHash,
+        uint256 baseFeeL1,
+        uint64 timestamp
+    );
+
+    event BridgeCallTriggered(
+        address indexed outbox,
+        address indexed to,
+        uint256 value,
+        bytes data
+    );
+
+    event InboxToggle(address indexed inbox, bool enabled);
+
+    event OutboxToggle(address indexed outbox, bool enabled);
+
+    event SequencerInboxUpdated(address newSequencerInbox);
+
+    function allowedDelayedInboxList(uint256) external returns (address);
+
+    function allowedOutboxList(uint256) external returns (address);
+
+    /// @dev Accumulator for delayed inbox messages; tail represents hash of the current state; each element represents the inclusion of a new message.
+    function delayedInboxAccs(uint256) external view returns (bytes32);
+
+    /// @dev Accumulator for sequencer inbox messages; tail represents hash of the current state; each element represents the inclusion of a new message.
+    function sequencerInboxAccs(uint256) external view returns (bytes32);
+
+    function rollup() external view returns (IOwnable);
+
+    function sequencerInbox() external view returns (address);
+
+    function activeOutbox() external view returns (address);
+
+    function allowedDelayedInboxes(address inbox) external view returns (bool);
+
+    function allowedOutboxes(address outbox) external view returns (bool);
+
+    function sequencerReportedSubMessageCount() external view returns (uint256);
+
+    /**
+     * @dev Enqueue a message in the delayed inbox accumulator.
+     *      These messages are later sequenced in the SequencerInbox, either
+     *      by the sequencer as part of a normal batch, or by force inclusion.
+     */
+    function enqueueDelayedMessage(
+        uint8 kind,
+        address sender,
+        bytes32 messageDataHash
+    ) external payable returns (uint256);
+
+    function executeCall(
+        address to,
+        uint256 value,
+        bytes calldata data
+    ) external returns (bool success, bytes memory returnData);
+
+    function delayedMessageCount() external view returns (uint256);
+
+    function sequencerMessageCount() external view returns (uint256);
+
+    // ---------- onlySequencerInbox functions ----------
+
+    function enqueueSequencerMessage(
+        bytes32 dataHash,
+        uint256 afterDelayedMessagesRead,
+        uint256 prevMessageCount,
+        uint256 newMessageCount
+    )
+        external
+        returns (
+            uint256 seqMessageIndex,
+            bytes32 beforeAcc,
+            bytes32 delayedAcc,
+            bytes32 acc
+        );
+
+    /**
+     * @dev Allows the sequencer inbox to submit a delayed message of the batchPostingReport type
+     *      This is done through a separate function entrypoint instead of allowing the sequencer inbox
+     *      to call `enqueueDelayedMessage` to avoid the gas overhead of an extra SLOAD in either
+     *      every delayed inbox or every sequencer inbox call.
+     */
+    function submitBatchSpendingReport(address batchPoster, bytes32 dataHash)
+        external
+        returns (uint256 msgNum);
+
+    // ---------- onlyRollupOrOwner functions ----------
+
+    function setSequencerInbox(address _sequencerInbox) external;
+
+    function setDelayedInbox(address inbox, bool enabled) external;
+
+    function setOutbox(address inbox, bool enabled) external;
+
+    // ---------- initializer ----------
+
+    function initialize(IOwnable rollup_) external;
+}