Merge branch 'main' into feat/blacklisting-and-geoblocking

taikoxyz · May 13, 2024 · 720782d · 720782d
2 parents 69385f8 + 3c60735
commit 720782d
Show file tree

Hide file tree

Showing 8 changed files with 174 additions and 59 deletions.
diff --git a/packages/protocol/script/SetDcapParams.s.sol b/packages/protocol/script/SetDcapParams.s.sol
@@ -11,43 +11,50 @@ contract SetDcapParams is Script, AttestationBase {
     address public dcapAttestationAddress = vm.envAddress("ATTESTATION_ADDRESS");
     address public sgxVerifier = vm.envAddress("SGX_VERIFIER_ADDRESS");
     address public pemCertChainLibAddr = vm.envAddress("PEM_CERTCHAIN_ADDRESS");
-    // TASK_FLAG: [setMrEnclave,setMrSigner,configQE,configTCB,registerSgxInstanceWithQuote]
-    bool[] internal defaultTaskFlags = [true, true, true, true, true];
-    bool[] public taskFlags = vm.envOr("TASK_ENABLE", ",", defaultTaskFlags);
+    // TASK_FLAG:
+    // [setMrEnclave,setMrSigner,configQE,configTCB,enableMrCheck,registerSgxInstanceWithQuote]
+    uint256[] internal defaultTaskFlags = [1, 1, 1, 1, 1, 1];
+    uint256[] public taskFlags = vm.envOr("TASK_ENABLE", ",", defaultTaskFlags);
 
     function run() external {
         require(ownerPrivateKey != 0, "PRIVATE_KEY not set");
         require(dcapAttestationAddress != address(0), "ATTESTATION_ADDRESS not set");
 
         vm.startBroadcast(ownerPrivateKey);
-        if (taskFlags[0]) {
-            _setMrEnclave();
+        if (taskFlags[0] != 0) {
+            bool enable = (taskFlags[0] == 1);
+            _setMrEnclave(enable);
         }
-        if (taskFlags[1]) {
-            _setMrSigner();
+        if (taskFlags[1] != 0) {
+            bool enable = (taskFlags[1] == 1);
+            _setMrSigner(enable);
         }
-        if (taskFlags[2]) {
+        if (taskFlags[2] != 0) {
             _configureQeIdentityJson();
         }
-        if (taskFlags[3]) {
+        if (taskFlags[3] != 0) {
             _configureTcbInfoJson();
         }
-        if (taskFlags[4]) {
+        if (taskFlags[4] != 0) {
+            toggleCheckQuoteValidity(dcapAttestationAddress);
+        }
+        if (taskFlags[5] != 0) {
             _registerSgxInstanceWithQuoteBytes();
         }
 
         vm.stopBroadcast();
     }
 
-    function _setMrEnclave() internal {
+    function _setMrEnclave(bool enable) internal {
         mrEnclave = vm.envBytes32("MR_ENCLAVE");
-        setMrEnclave(dcapAttestationAddress, mrEnclave);
+        console2.log("_setMrEnclave set: ", uint256(mrEnclave));
+        setMrEnclave(dcapAttestationAddress, mrEnclave, enable);
         console2.log("MR_ENCLAVE set: ", uint256(mrEnclave));
     }
 
-    function _setMrSigner() internal {
+    function _setMrSigner(bool enable) internal {
         mrSigner = vm.envBytes32("MR_SIGNER");
-        setMrSigner(dcapAttestationAddress, mrSigner);
+        setMrSigner(dcapAttestationAddress, mrSigner, enable);
         console2.log("MR_SIGNER set: ", uint256(mrSigner));
     }
 

diff --git a/packages/protocol/script/config_dcap_sgx_verifier.sh b/packages/protocol/script/config_dcap_sgx_verifier.sh
@@ -7,6 +7,9 @@ usage() {
     --eq file_path: config qe
     --mrenclave hex_string: config mrenclave
     --mrsigner hex_string: config mrsigner
+    --toggle-mr-check: toggle mrenclave/mrsigner check
+    --unset-mrenclave hex_string: disable mrenclave
+    --unset-mrsigner hex_string: disable mrsigner
     --quote string: register sgx instance with quote"
 to configure the dcap verifier contract.
 
@@ -49,6 +52,7 @@ config_qe=0
 set_mrenclave=0
 set_mrsigner=0
 verify_quote=0
+toggle_check=0
 
 # helper function for trimming the file path to vm root
 vm_file_path() {
@@ -76,6 +80,26 @@ while [[ $# -gt 0 ]]; do
             shift
             shift
             ;;
+        --unset-mrenclave)
+            MR_ENCLAVE="$2"
+            echo "Unset MR_ENCLAVE: $MR_ENCLAVE"
+            set_mrenclave=2
+            shift
+            shift
+            ;;
+        --unset-mrsigner)
+            MR_SIGNER="$2"
+            echo "Unset MR_SIGNER: $MR_SIGNER"
+            set_mrsigner=2
+            shift
+            shift
+            ;;
+        --toggle-mr-check)
+            echo "toggle mr check"
+            toggle_check=1
+            shift
+            shift
+            ;;
         --qeid)
             QEID_PATH=$(vm_file_path "$2")
             echo "Config QE file: $QEID_PATH"
@@ -109,7 +133,7 @@ if [ -z $FORK_URL ]; then
 fi
 
 # TASK_FLAG: [setMrEnclave,setMrSigner,configQE,configTCB,registerSgxInstanceWithQuote]
-TASK_ENABLE_MASK="$set_mrenclave,$set_mrsigner,$config_qe,$config_tcb,$verify_quote"
+TASK_ENABLE_MASK=$set_mrenclave,$set_mrsigner,$config_qe,$config_tcb,$toggle_check,$verify_quote
 
 # config the contract
 TASK_ENABLE=$TASK_ENABLE_MASK \

diff --git a/packages/protocol/test/automata-attestation/AutomataDcapV3AttestationTest.t.sol b/packages/protocol/test/automata-attestation/AutomataDcapV3AttestationTest.t.sol
diff --git a/packages/protocol/test/automata-attestation/common/AttestationBase.t.sol b/packages/protocol/test/automata-attestation/common/AttestationBase.t.sol
@@ -65,8 +65,8 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils {
             })
         );
 
-        setMrEnclave(address(attestation), mrEnclave);
-        setMrSigner(address(attestation), mrSigner);
+        setMrEnclave(address(attestation), mrEnclave, true);
+        setMrSigner(address(attestation), mrSigner, true);
 
         string memory tcbInfoJson = vm.readFile(string.concat(vm.projectRoot(), tcbInfoPath));
         string memory enclaveIdJson = vm.readFile(string.concat(vm.projectRoot(), idPath));
@@ -81,12 +81,16 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils {
         vm.stopPrank();
     }
 
-    function setMrEnclave(address _attestationAddress, bytes32 _mrEnclave) internal {
-        AutomataDcapV3Attestation(_attestationAddress).setMrEnclave(_mrEnclave, true);
+    function setMrEnclave(address _attestationAddress, bytes32 _mrEnclave, bool enable) internal {
+        AutomataDcapV3Attestation(_attestationAddress).setMrEnclave(_mrEnclave, enable);
     }
 
-    function setMrSigner(address _attestationAddress, bytes32 _mrSigner) internal {
-        AutomataDcapV3Attestation(_attestationAddress).setMrSigner(_mrSigner, true);
+    function setMrSigner(address _attestationAddress, bytes32 _mrSigner, bool enable) internal {
+        AutomataDcapV3Attestation(_attestationAddress).setMrSigner(_mrSigner, enable);
+    }
+
+    function toggleCheckQuoteValidity(address _attestationAddress) internal {
+        AutomataDcapV3Attestation(_attestationAddress).toggleLocalReportCheck();
     }
 
     function configureQeIdentityJson(
@@ -114,13 +118,16 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils {
         console.log("tcbParsedSuccess: %s", tcbParsedSuccess);
     }
 
-    function parsedQuoteAttestation(bytes memory v3QuoteBytes)
+    function verifyParsedQuoteAttestation(
+        bytes memory v3QuoteBytes,
+        bool expected
+    )
         internal
         returns (V3Struct.ParsedV3QuoteStruct memory v3quote)
     {
         v3quote = ParseV3QuoteBytes(address(pemCertChainLib), v3QuoteBytes);
         (bool verified,) = attestation.verifyParsedQuote(v3quote);
-        assertTrue(verified);
+        assertEq(verified, expected);
     }
 
     function registerSgxInstanceWithQuoteBytes(

diff --git a/packages/supplementary-contracts/contracts/tokenUnlocking/TokenUnlocking.sol b/packages/supplementary-contracts/contracts/tokenUnlocking/TokenUnlocking.sol
@@ -66,7 +66,10 @@ contract TokenUnlocking is OwnableUpgradeable, ReentrancyGuardUpgradeable {
         external
         initializer
     {
-        if (_taikoToken == address(0) || _recipient == address(0) || _tgeTimestamp == 0) {
+        if (
+            _owner == _recipient || _owner == address(0) || _recipient == address(0)
+                || _taikoToken == address(0) || _tgeTimestamp == 0
+        ) {
             revert INVALID_PARAM();
         }
 

diff --git a/packages/supplementary-contracts/script/tokenVesting/Vest.data.json b/packages/supplementary-contracts/script/tokenVesting/Vest.data.json
@@ -1,18 +1,15 @@
 [
   {
-    "name": "Alice",
     "recipient": "0xa48dEBc18D5e63F1FB94DD513f643e412684f8a4",
     "proxy": "0x33A270541f383A4A48dB6C5f1f00A161b8F79e2a",
     "vestAmount": 35000
   },
   {
-    "name": "Bob",
     "recipient": "0xa48dEBc18D5e63F1FB94DD513f643e412684f8a4",
     "proxy": "0x33A270541f383A4A48dB6C5f1f00A161b8F79e2a",
     "vestAmount": 25000
   },
   {
-    "name": "Carol",
     "recipient": "0xa48dEBc18D5e63F1FB94DD513f643e412684f8a4",
     "proxy": "0x33A270541f383A4A48dB6C5f1f00A161b8F79e2a",
     "vestAmount": 15000

diff --git a/packages/supplementary-contracts/script/tokenVesting/Vest.s.sol b/packages/supplementary-contracts/script/tokenVesting/Vest.s.sol
@@ -6,22 +6,18 @@ import "forge-std/src/console2.sol";
 
 import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
 import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
-
 import "../../contracts/tokenUnlocking/TokenUnlocking.sol";
 
 contract VestTokenUnlocking is Script {
     using stdJson for string;
 
     struct VestingItem {
-        bytes32 name; // Conversion from json "string" to bytes32 will take place in foundry,
-            // cannot use string here, as json parser cannot interpret string from json, everything
-            // is bytes-chunks. It is more of informational to script executor anyways.
         address recipient;
         address proxy;
         uint256 vestAmount;
     }
 
-    ERC20 private tko = ERC20(vm.envAddress("TAIKO_TOKEN"));
+    ERC20 private tko = ERC20(0x10dea67478c5F8C5E2D90e5E9B26dBe60c54d800);
 
     function run() external {
         vm.startBroadcast();
@@ -32,23 +28,25 @@ contract VestTokenUnlocking is Script {
         );
 
         for (uint256 i; i < items.length; i++) {
-            address proxy = items[i].proxy;
-            console2.logBytes32(items[i].name);
-            console2.log("Grantee unlocking contract address:", proxy);
-            console2.log("Vest amount (TKO):", items[i].vestAmount);
+            if (items[i].vestAmount != 0) {
+                address proxy = items[i].proxy;
+                console2.log("Grantee unlocking contract address:", proxy);
+                console2.log("Vest amount (TKO):", items[i].vestAmount);
 
-            require(TokenUnlocking(proxy).owner() == msg.sender, "msg.sender not owner");
-            require(
-                TokenUnlocking(proxy).recipient() == items[i].recipient, "inconsistent recipient"
-            );
+                require(TokenUnlocking(proxy).owner() == msg.sender, "msg.sender not owner");
+                require(
+                    TokenUnlocking(proxy).recipient() == items[i].recipient,
+                    "inconsistent recipient"
+                );
 
-            uint128 vestAmount = uint128(items[i].vestAmount * 1e18);
-            require(tko.balanceOf(msg.sender) >= vestAmount, "insufficient TKO balance");
+                uint128 vestAmount = uint128(items[i].vestAmount * 1e18);
+                require(tko.balanceOf(msg.sender) >= vestAmount, "insufficient TKO balance");
 
-            tko.approve(proxy, vestAmount);
-            TokenUnlocking(proxy).vest(vestAmount);
+                tko.approve(proxy, vestAmount);
+                TokenUnlocking(proxy).vest(vestAmount);
 
-            console2.log("Vested!\n");
+                console2.log("Vested!\n");
+            }
         }
 
         vm.stopBroadcast();

diff --git a/packages/supplementary-contracts/script/tokenunlocking/Deploy.s.sol b/packages/supplementary-contracts/script/tokenunlocking/Deploy.s.sol
@@ -11,17 +11,14 @@ import "../../contracts/tokenUnlocking/TokenUnlocking.sol";
 contract DeployTokenUnlocking is Script {
     using stdJson for string;
 
-    uint256 public PRIVATE_KEY = vm.envUint("PRIVATE_KEY"); // deployer
-    address public OWNER = vm.envAddress("OWNER");
-    address public TAIKO_TOKEN = vm.envAddress("TAIKO_TOKEN");
-    uint256 public TGE = vm.envUint("TGE_TIMESTAMP");
-    address public IMPL = vm.envAddress("TOKEN_VESTING_IMPL");
+    address public OWNER = 0x9CBeE534B5D8a6280e01a14844Ee8aF350399C7F; // admin.taiko.eth
+    address public TAIKO_TOKEN = 0x10dea67478c5F8C5E2D90e5E9B26dBe60c54d800; // token.taiko.eth
+    uint64 public TGE = 1_716_767_999; // Date and time (GMT): Sunday, May 26, 2024 11:59:59 PM
+    address public IMPL = 0x244108e321FE03b0E33FE63Ef62285F05d191a62;
 
     function setUp() public { }
 
     function run() external {
-        address impl = IMPL == address(0) ? address(new TokenUnlocking()) : IMPL;
-
         string memory path = "/script/tokenUnlocking/Deploy.data.json";
         address[] memory recipients = abi.decode(
             vm.parseJson(vm.readFile(string.concat(vm.projectRoot(), path))), (address[])
@@ -30,12 +27,10 @@ contract DeployTokenUnlocking is Script {
         for (uint256 i; i < recipients.length; i++) {
             console2.log("Grantee:", recipients[i]);
 
-            vm.startBroadcast(PRIVATE_KEY);
+            vm.startBroadcast();
             deployProxy({
-                impl: impl,
-                data: abi.encodeCall(
-                    TokenUnlocking.init, (OWNER, TAIKO_TOKEN, recipients[i], uint64(TGE))
-                    )
+                impl: IMPL,
+                data: abi.encodeCall(TokenUnlocking.init, (OWNER, TAIKO_TOKEN, recipients[i], TGE))
             });
             vm.stopBroadcast();
             console2.log("Deployed!\n");