Add more comments and asserts (#2058)

# What ❔

<!-- What are the changes this PR brings about? -->
<!-- Example: This PR adds a PR template to the repo. -->
<!-- (For bigger PRs adding more context is appreciated) -->

## Why ❔

<!-- Why are these changes done? What goal do they contribute to? What
are the principles behind them? -->
<!-- Example: PR templates ensure PR reviewers, observers, and future
iterators are in context about the evolution of repos. -->

## Checklist

<!-- Check your PR fulfills the following items. -->
<!-- For draft PRs check the boxes as you complete them. -->

- [ ] PR title corresponds to the body of PR (we generate changelog
entries from PRs).
- [ ] Tests for the changes have been added / updated.
- [ ] Documentation comments have been added / updated.

---------

Co-authored-by: zksync[bot] <zksync[bot]@users.noreply.github.com>

Author: StanislavBreadless

AllContractsHashes.json

@@ -352,6 +352,9 @@ contract GWAssetTracker is AssetTrackerBase, IGWAssetTracker {
                 }
             }
         }
+        if (msgCount != _processLogsInputs.messages.length) {
+            revert InvalidMessage();
+        }
         reconstructedLogsTree.extendUntilEnd();
         bytes32 localLogsRootHash = reconstructedLogsTree.root();
 

l1-contracts/contracts/bridge/asset-tracker/GWAssetTracker.sol

@@ -250,6 +250,8 @@ error MockVerifierNotSupported();
 error MsgValueMismatch(uint256 expectedMsgValue, uint256 providedMsgValue);
 // 0xb385a3da
 error MsgValueTooLow(uint256 required, uint256 provided);
+// 0xedd74330
+error MustBeEraChain();
 // 0x8b7e144a
 error NewDeadlineExceedsMaxDeadline();
 // 0x6eef58d1

l1-contracts/contracts/common/L1ContractErrors.sol

@@ -132,6 +132,11 @@ contract L1Bridgehub is BridgehubBase, IL1Bridgehub {
             _initData: _initData,
             _factoryDeps: _factoryDeps
         });
+        // It is an additional protection against a malicious chain type manager
+        if (chainAddress == address(0)) {
+            revert ZeroAddress();
+        }
+
         _registerNewZKChain(_chainId, chainAddress, true);
         messageRoot.addNewChain(_chainId, 0);
 

l1-contracts/contracts/core/bridgehub/L1Bridgehub.sol

@@ -123,6 +123,9 @@ contract ChainRegistrationSender is
     /// @return the L2 transaction calldata
     function _getL2TxCalldata(uint256 chainToBeRegistered) internal view returns (bytes memory) {
         bytes32 baseTokenAssetId = BRIDGE_HUB.baseTokenAssetId(chainToBeRegistered);
+        if (baseTokenAssetId == bytes32(0)) {
+            revert ZKChainNotRegistered();
+        }
         return abi.encodeCall(IL2Bridgehub.registerChainForInterop, (chainToBeRegistered, baseTokenAssetId));
     }
 

l1-contracts/contracts/core/chain-registration/ChainRegistrationSender.sol

@@ -435,7 +435,7 @@ contract AdminFacet is ZKChainBase, IAdmin {
     }
 
     /// @inheritdoc IAdmin
-    function allowEvmEmulation() external onlyAdmin onlyL1 returns (bytes32 canonicalTxHash) {
+    function allowEvmEmulation() external onlyAdmin onlyL1 notPriorityMode onlyEra returns (bytes32 canonicalTxHash) {
         canonicalTxHash = IMailbox(address(this)).requestL2ServiceTransaction(
             L2_DEPLOYER_SYSTEM_CONTRACT_ADDR,
             abi.encodeCall(IL2ContractDeployer.setAllowedBytecodeTypesToDeploy, AllowedBytecodeTypes.EraVmAndEVM)

l1-contracts/contracts/state-transition/chain-deps/facets/Admin.sol

@@ -12,7 +12,8 @@ import {
     BaseTokenGasPriceDenominatorNotSet,
     Unauthorized,
     OnlyNormalMode,
-    OnlyPriorityMode
+    OnlyPriorityMode,
+    MustBeEraChain
 } from "../../../common/L1ContractErrors.sol";
 import {GW_ASSET_TRACKER_ADDR, L2_INTEROP_CENTER_ADDR} from "../../../common/l2-helpers/L2ContractAddresses.sol";
 import {IL1Bridgehub} from "../../../core/bridgehub/IL1Bridgehub.sol";
@@ -70,6 +71,12 @@ contract ZKChainBase is ReentrancyGuard {
         _;
     }
 
+    /// @notice Ensures that the chain uses EraVM
+    modifier onlyEra() {
+        require(!s.zksyncOS, MustBeEraChain());
+        _;
+    }
+
     /// @notice Allows whitelisted validators, or the `PermissionlessValidator` when Priority Mode is active.
     /// @dev Reverts with {Unauthorized} if `msg.sender` is not authorized for the current mode.
     modifier onlyValidatorOrPriorityMode() {

l1-contracts/contracts/state-transition/chain-deps/facets/ZKChainBase.sol

@@ -10,6 +10,12 @@ import {L2DACommitmentScheme} from "../../common/Config.sol";
 /// @custom:security-contact security@matterlabs.dev
 /// @notice Responsible for determining which DA configurations (DAPairs) are allowed to be used
 /// for permanent rollups.
+/// @dev IMPORTANT: Rollup DA Manager must contain only compatible versions for a single protocol version.
+/// I.e. a separate `RollupDAManager` needs to be deployed per protocol version / chain type (ZKsync OS vs Era)
+/// as otherwise a malicious chain admin could switch the DA configuration to an incompatible one, causing the rollup to be unable to verify blocks and thus halt.
+/// This is an issue for stage1 since it may disable `PermissionlessValidator` from settling new batches.
+/// It is okay if two protocol versions have the same rollup DA manager if they have *exactly same* set of compatible
+/// DA validator pairs.
 contract RollupDAManager is Ownable2Step {
     /// @dev Mapping to track the status (enabled/disabled) of each DAPair.
     mapping(address l1DAValidator => mapping(L2DACommitmentScheme l2DACommitmentScheme => bool))

l1-contracts/contracts/state-transition/data-availability/RollupDAManager.sol

@@ -257,6 +257,8 @@ AdminFacet
 |----------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | L1DAValidatorAddressIsZero()                                                                        | 0x2e89f517                                                         |
 |----------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------|
+| Error    | MustBeEraChain()                                                                                    | 0xedd74330                                                         |
+|----------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | NoFunctionsForDiamondCut()                                                                          | 0xa6fef710                                                         |
 |----------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | NonEmptyCalldata()                                                                                  | 0xc21b1ab7                                                         |
@@ -445,6 +447,8 @@ AdminFacetTest
 |----------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | L1DAValidatorAddressIsZero()                                                                        | 0x2e89f517                                                         |
 |----------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------|
+| Error    | MustBeEraChain()                                                                                    | 0xedd74330                                                         |
+|----------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | NoFunctionsForDiamondCut()                                                                          | 0xa6fef710                                                         |
 |----------+-----------------------------------------------------------------------------------------------------+--------------------------------------------------------------------|
 | Error    | NonEmptyCalldata()                                                                                  | 0xc21b1ab7                                                         |

l1-contracts/selectors

@@ -2,7 +2,7 @@ force_deployments_data = "0x00"
 gateway_chain_id = 506
 gateway_settlement_fee = 0
 is_zk_sync_os = true
-owner_address = "0xFf5024F86550361E72667aa4070FC1F0850E758e"
+owner_address = "0x2Ae2CC9d9344Fd83d4Ca8D0011E17407449c702a"
 refund_recipient = "0x000000000000000000000000000000000000bEEF"
 support_l2_legacy_shared_bridge_test = false
 testnet_verifier = true