From 2449a24e9d36754618ae31840c65addf95953360 Mon Sep 17 00:00:00 2001 From: Roman Hiden Date: Wed, 12 Mar 2025 22:05:44 +0200 Subject: [PATCH 1/7] restring contract deployment L1 -> L2 --- package.json | 3 ++- yarn.lock | 7 ------- 2 files changed, 2 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 5aeef0ff25..bd54ef9f71 100644 --- a/package.json +++ b/package.json @@ -39,5 +39,6 @@ "l2": "yarn workspace l2-contracts", "sc": "yarn workspace system-contracts", "gas-bound-caller": "yarn workspace gas-bound-caller" - } + }, + "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" } diff --git a/yarn.lock b/yarn.lock index 66cd67b1a2..6ab96b4273 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7931,10 +7931,3 @@ zksync-ethers@^5.9.0: integrity sha512-Y2Mx6ovvxO6UdC2dePLguVzvNToOY8iLWeq5ne+jgGSJxAi/f4He/NF6FNsf6x1aWX0o8dy4Df8RcOQXAkj5qw== dependencies: ethers "~5.7.0" - -zksync-web3@^0.15.4: - version "0.15.5" - resolved "https://registry.yarnpkg.com/zksync-web3/-/zksync-web3-0.15.5.tgz#aabe379464963ab573e15948660a709f409b5316" - integrity sha512-97gB7OKJL4spegl8fGO54g6cvTd/75G6yFWZWEa2J09zhjTrfqabbwE/GwiUJkFQ5BbzoH4JaTlVz1hoYZI+DQ== - dependencies: - ethers "~5.7.0" From 8fd04fb7ecd13ac97c97e7c9efea6b801d109442 Mon Sep 17 00:00:00 2001 From: Roman Hiden Date: Wed, 12 Mar 2025 22:10:46 +0200 Subject: [PATCH 2/7] original yarn.lock and package.json --- package.json | 3 +-- yarn.lock | 7 +++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index bd54ef9f71..5aeef0ff25 100644 --- a/package.json +++ b/package.json @@ -39,6 +39,5 @@ "l2": "yarn workspace l2-contracts", "sc": "yarn workspace system-contracts", "gas-bound-caller": "yarn workspace gas-bound-caller" - }, - "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e" + } } diff --git a/yarn.lock b/yarn.lock index 6ab96b4273..66cd67b1a2 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7931,3 +7931,10 @@ zksync-ethers@^5.9.0: integrity sha512-Y2Mx6ovvxO6UdC2dePLguVzvNToOY8iLWeq5ne+jgGSJxAi/f4He/NF6FNsf6x1aWX0o8dy4Df8RcOQXAkj5qw== dependencies: ethers "~5.7.0" + +zksync-web3@^0.15.4: + version "0.15.5" + resolved "https://registry.yarnpkg.com/zksync-web3/-/zksync-web3-0.15.5.tgz#aabe379464963ab573e15948660a709f409b5316" + integrity sha512-97gB7OKJL4spegl8fGO54g6cvTd/75G6yFWZWEa2J09zhjTrfqabbwE/GwiUJkFQ5BbzoH4JaTlVz1hoYZI+DQ== + dependencies: + ethers "~5.7.0" From 668084651d425ac112ddeb386bd5871e1316f0e2 Mon Sep 17 00:00:00 2001 From: Roman Hiden Date: Wed, 12 Mar 2025 22:11:34 +0200 Subject: [PATCH 3/7] restring contract deployment L1 -> L2 --- .../state-transition/TransactionFilterer.sol | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 l1-contracts/contracts/state-transition/TransactionFilterer.sol diff --git a/l1-contracts/contracts/state-transition/TransactionFilterer.sol b/l1-contracts/contracts/state-transition/TransactionFilterer.sol new file mode 100644 index 0000000000..5933ead052 --- /dev/null +++ b/l1-contracts/contracts/state-transition/TransactionFilterer.sol @@ -0,0 +1,33 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.21; + +import {ITransactionFilterer} from "./chain-interfaces/ITransactionFilterer.sol"; + +/** + * @title Minimal Transaction Filterer using AccessControl + * @notice All calls to CONTRACT_DEPLOYER will be blocked + */ +contract TransactionFilterer is ITransactionFilterer { + // Whitelist role for L2 contracts + bytes32 public constant WHITELISTED_ROLE = keccak256("WHITELISTED_ROLE"); + address public constant CONTRACT_DEPLOYER_ADDRESS = 0x0000000000000000000000000000000000008006; + + /** + * @notice Check if the transaction is allowed. + * @dev This minimal implementation verifies that we aren't calling ContracDeployer + */ + function isTransactionAllowed( + address /* sender */, + address contractL2, + uint256 /* mintValue */, + uint256 /* l2Value */, + bytes memory /* l2Calldata */, + address /* refundRecipient */ + ) external view override returns (bool) { + // Allow all transactions that are NOT contract deployments + if (contractL2 != CONTRACT_DEPLOYER_ADDRESS) { + return true; + } + return false; + } +} From 1ac6ccb81fca031e5f1277062eb6c8db889f0edf Mon Sep 17 00:00:00 2001 From: Roman Hiden Date: Tue, 1 Apr 2025 22:11:35 +0300 Subject: [PATCH 4/7] reworked solution; renamed to AccessControlledTransactionFilterer --- .../AccessControlledTransactionFilterer.sol | 40 +++++++++++++++++++ .../state-transition/TransactionFilterer.sol | 33 --------------- 2 files changed, 40 insertions(+), 33 deletions(-) create mode 100644 l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol delete mode 100644 l1-contracts/contracts/state-transition/TransactionFilterer.sol diff --git a/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol b/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol new file mode 100644 index 0000000000..4f0669788c --- /dev/null +++ b/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol @@ -0,0 +1,40 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.21; + +import "@openzeppelin/contracts-v4/access/AccessControl.sol"; +import {ITransactionFilterer} from "./chain-interfaces/ITransactionFilterer.sol"; + +/** + * @title Permissioned Transaction Filterer + * @notice All calls to the Contract Deployer are blocked. + * Other addresses must have the WHITELISTED_ROLE to be allowed. + */ +contract AccessControlledTransactionFilterer is ITransactionFilterer, AccessControl { + // Whitelist role for L2 contracts + bytes32 public constant WHITELISTED_ROLE = keccak256("WHITELISTED_ROLE"); + + /** + * @dev Grant the DEFAULT_ADMIN_ROLE to the deployer so they can manage roles. + */ + constructor() { + _grantRole(DEFAULT_ADMIN_ROLE, msg.sender); + } + + /** + * @notice Check if the transaction is allowed. + * @dev The transaction is allowed only if: + * 1) contractL2 is not the special Contract Deployer address, AND + * 2) contractL2 has the WHITELISTED_ROLE. + */ + function isTransactionAllowed( + address /* sender */, + address contractL2, + uint256 /* mintValue */, + uint256 /* l2Value */, + bytes memory /* l2Calldata */, + address /* refundRecipient */ + ) external view override returns (bool) { + // Only allow calls if contractL2 has been explicitly granted WHITELISTED_ROLE + return hasRole(WHITELISTED_ROLE, contractL2); + } +} diff --git a/l1-contracts/contracts/state-transition/TransactionFilterer.sol b/l1-contracts/contracts/state-transition/TransactionFilterer.sol deleted file mode 100644 index 5933ead052..0000000000 --- a/l1-contracts/contracts/state-transition/TransactionFilterer.sol +++ /dev/null @@ -1,33 +0,0 @@ -// SPDX-License-Identifier: MIT -pragma solidity ^0.8.21; - -import {ITransactionFilterer} from "./chain-interfaces/ITransactionFilterer.sol"; - -/** - * @title Minimal Transaction Filterer using AccessControl - * @notice All calls to CONTRACT_DEPLOYER will be blocked - */ -contract TransactionFilterer is ITransactionFilterer { - // Whitelist role for L2 contracts - bytes32 public constant WHITELISTED_ROLE = keccak256("WHITELISTED_ROLE"); - address public constant CONTRACT_DEPLOYER_ADDRESS = 0x0000000000000000000000000000000000008006; - - /** - * @notice Check if the transaction is allowed. - * @dev This minimal implementation verifies that we aren't calling ContracDeployer - */ - function isTransactionAllowed( - address /* sender */, - address contractL2, - uint256 /* mintValue */, - uint256 /* l2Value */, - bytes memory /* l2Calldata */, - address /* refundRecipient */ - ) external view override returns (bool) { - // Allow all transactions that are NOT contract deployments - if (contractL2 != CONTRACT_DEPLOYER_ADDRESS) { - return true; - } - return false; - } -} From 8e6c3e14dfcead047725ed6efec3899d7ce12bf8 Mon Sep 17 00:00:00 2001 From: Roman Hiden Date: Wed, 2 Apr 2025 14:24:22 +0300 Subject: [PATCH 5/7] small doc fix --- .../state-transition/AccessControlledTransactionFilterer.sol | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol b/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol index 4f0669788c..01b79f00df 100644 --- a/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol +++ b/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol @@ -6,8 +6,7 @@ import {ITransactionFilterer} from "./chain-interfaces/ITransactionFilterer.sol" /** * @title Permissioned Transaction Filterer - * @notice All calls to the Contract Deployer are blocked. - * Other addresses must have the WHITELISTED_ROLE to be allowed. + * @notice All calls to the are blocked unless addresses have the WHITELISTED_ROLE to be allowed. */ contract AccessControlledTransactionFilterer is ITransactionFilterer, AccessControl { // Whitelist role for L2 contracts From ba80f0d4fd72dac6725094b9874501a10ef778db Mon Sep 17 00:00:00 2001 From: Roman Hiden Date: Wed, 2 Apr 2025 14:24:51 +0300 Subject: [PATCH 6/7] small doc fix --- .../state-transition/AccessControlledTransactionFilterer.sol | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol b/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol index 01b79f00df..33b19b1ca5 100644 --- a/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol +++ b/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol @@ -22,8 +22,7 @@ contract AccessControlledTransactionFilterer is ITransactionFilterer, AccessCont /** * @notice Check if the transaction is allowed. * @dev The transaction is allowed only if: - * 1) contractL2 is not the special Contract Deployer address, AND - * 2) contractL2 has the WHITELISTED_ROLE. + * contractL2 has the WHITELISTED_ROLE. */ function isTransactionAllowed( address /* sender */, From 2d08205823ba0860ca46fe0d0ee587890f2d3218 Mon Sep 17 00:00:00 2001 From: Roman Hiden Date: Thu, 3 Apr 2025 18:19:26 +0300 Subject: [PATCH 7/7] added superuser role, that can buypass all restrictions --- .../AccessControlledTransactionFilterer.sol | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol b/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol index 33b19b1ca5..a356ab7985 100644 --- a/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol +++ b/l1-contracts/contracts/state-transition/AccessControlledTransactionFilterer.sol @@ -6,11 +6,14 @@ import {ITransactionFilterer} from "./chain-interfaces/ITransactionFilterer.sol" /** * @title Permissioned Transaction Filterer - * @notice All calls to the are blocked unless addresses have the WHITELISTED_ROLE to be allowed. + * @notice All calls are blocked unless the target contract has the WHITELISTED_ROLE, + * or the sender has the SUPERUSER_ROLE. */ contract AccessControlledTransactionFilterer is ITransactionFilterer, AccessControl { - // Whitelist role for L2 contracts + /// @notice Role for contracts allowed to receive L2 transactions bytes32 public constant WHITELISTED_ROLE = keccak256("WHITELISTED_ROLE"); + /// @notice Role for privileged senders who can bypass whitelist checks + bytes32 public constant SUPERUSER_ROLE = keccak256("SUPERUSER_ROLE"); /** * @dev Grant the DEFAULT_ADMIN_ROLE to the deployer so they can manage roles. @@ -21,18 +24,18 @@ contract AccessControlledTransactionFilterer is ITransactionFilterer, AccessCont /** * @notice Check if the transaction is allowed. - * @dev The transaction is allowed only if: - * contractL2 has the WHITELISTED_ROLE. + * @dev Allowed if: + * - `contractL2` has WHITELISTED_ROLE, or + * - `sender` has SUPERUSER_ROLE. */ function isTransactionAllowed( - address /* sender */, + address sender, address contractL2, uint256 /* mintValue */, uint256 /* l2Value */, bytes memory /* l2Calldata */, address /* refundRecipient */ ) external view override returns (bool) { - // Only allow calls if contractL2 has been explicitly granted WHITELISTED_ROLE - return hasRole(WHITELISTED_ROLE, contractL2); + return hasRole(WHITELISTED_ROLE, contractL2) || hasRole(SUPERUSER_ROLE, sender); } }