base · jackchuma · Apr 16, 2025 · Apr 14, 2025 · Apr 15, 2025 · Apr 16, 2025
diff --git a/sepolia/2025-04-14-upgrade-fault-proofs/.env b/sepolia/2025-04-14-upgrade-fault-proofs/.env
@@ -0,0 +1,10 @@
+OP_COMMIT=6f68dc35e103278e366d2b8ba178ca87bbaacb0c
+BASE_CONTRACTS_COMMIT=c17a305379423f022c54a3c240ef4120590109ae
+
+ABSOLUTE_PRESTATE=0x03682932cec7ce0a3874b19675a6bbc923054a7b321efc7d3835187b172494b6
+
+SYSTEM_CONFIG=0xf272670eb55e895584501d564AfEB048bEd26194
+OWNER_SAFE=0x0fe884546476dDd290eC46318785046ef68a0BA9
+COORDINATOR_SAFE_ADDR=0x646132a1667ca7ad00d36616afba1a28116c770a
+SAFE_A=0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f
+SAFE_B=0x6af0674791925f767060dd52f7fb20984e8639d8
diff --git a/sepolia/2025-04-14-upgrade-fault-proofs/Makefile b/sepolia/2025-04-14-upgrade-fault-proofs/Makefile
@@ -0,0 +1,59 @@
+include ../../Makefile
+include ../.env
+include .env
+
+ifndef LEDGER_ACCOUNT
+override LEDGER_ACCOUNT = 1
+endif
+
+.PHONY: deploy
+deploy:
+	forge script --rpc-url $(L1_RPC_URL) DeployDisputeGames \
+	--account testnet-admin --broadcast -vvvv
+
+.PHONY: sign-b
+sign-b:
+	$(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \
+	forge script --rpc-url $(L1_RPC_URL) UpgradeDGF \
+	--sig "sign(address)" $(SAFE_B)
+
+.PHONY: approve-b
+approve-b:
+	forge script --rpc-url $(L1_RPC_URL) UpgradeDGF \
+	--sig "approve(address,bytes)" $(SAFE_B) $(SIGNATURES) \
+	--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast
+
+.PHONY: execute
+execute:
+	forge script --rpc-url $(L1_RPC_URL) UpgradeDGF \
+	--sig "run()" --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast
+
+.PHONY: sign
+sign:
+	$(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \
+	forge script --rpc-url $(L1_RPC_URL) UpgradeDGF \
+	--sig "sign(address,address)" $(SAFE_A) $(COORDINATOR_SAFE_ADDR)
+
+.PHONY: sign-nested-b
+sign-nested-b:
+	$(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \
+	forge script --rpc-url $(L1_RPC_URL) UpgradeDGF \
+	--sig "sign(address,address)" $(SAFE_B) $(COORDINATOR_SAFE_ADDR)
+
+.PHONY: approve
+approve:
+	forge script --rpc-url $(L1_RPC_URL) UpgradeDGF \
+	--sig "approveOnBehalfOfSignerSafe(address,address,bytes)" $(SAFE_A) $(COORDINATOR_SAFE_ADDR) $(SIGNATURES) \
+	--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv
+
+.PHONY: approve-nested-b
+approve-nested-b:
+	forge script --rpc-url $(L1_RPC_URL) UpgradeDGF \
+	--sig "approveOnBehalfOfSignerSafe(address,address,bytes)" $(SAFE_B) $(COORDINATOR_SAFE_ADDR) $(SIGNATURES) \
+	--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv
+
+.PHONY: approve-coordinator
+approve-coordinator:
+	forge script --rpc-url $(L1_RPC_URL) UpgradeDGF \
+	--sig "approveOnBehalfOfIntermediateSafe(address)" $(COORDINATOR_SAFE_ADDR) \
+	--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv
diff --git a/sepolia/2025-04-14-upgrade-fault-proofs/README.md b/sepolia/2025-04-14-upgrade-fault-proofs/README.md
@@ -0,0 +1,182 @@
+# Upgrade Fault Proofs
+
+Status: READY TO SIGN
+
+## Description
+
+This task contains two scripts for our required onchain updates for the OP Stack's [Upgrade 15](https://docs.optimism.io/notices/upgrade-15). One for deploying new versions of the `FaultDisputeGame` and `PermissionedDisputeGame` contracts, and one for updating the `DisputeGameFactory` contract to reference the new dispute game contracts.
+
+## Procedure
+
+### 1. Update repo:
+
+```bash
+cd contract-deployments
+git pull
+cd sepolia/2025-04-14-upgrade-fault-proofs
+make deps
+```
+
+### 2. Setup Ledger
+
+Your Ledger needs to be connected and unlocked. The Ethereum
+application needs to be opened on Ledger with the message "Application
+is ready".
+
+### 3. Run relevant script(s)
+
+#### 3.1 Deploy new Dispute Game Implementations
+
+```bash
+make deploy
+```
+
+This will output the new addresses of the `FaultDisputeGame` and `PermissionedDisputeGame` contracts to an `addresses.json` file. You will need to commit this file to the repo before signers can sign.
+
+#### 3.2 Sign the transaction
+
+```bash
+make sign
+```
+
+You will see a "Simulation link" from the output.
+
+Paste this URL in your browser. A prompt may ask you to choose a
+project, any project will do. You can create one if necessary.
+
+Click "Simulate Transaction".
+
+We will be performing 3 validations and extract the domain hash and message hash to approve on your Ledger:
+
+1. Validate integrity of the simulation.
+2. Validate correctness of the state diff.
+3. Validate and extract domain hash and message hash to approve.
+
+##### 3.2.1 Validate integrity of the simulation.
+
+Make sure you are on the "Overview" tab of the tenderly simulation, to
+validate integrity of the simulation, we need to check the following:
+
+1. "Network": Check the network is Sepolia.
+2. "Timestamp": Check the simulation is performed on a block with a
+   recent timestamp (i.e. close to when you run the script).
+3. "Sender": Check the address shown is your signer account. If not see the derivation path Note above.
+
+##### 3.2.2. Validate correctness of the state diff.
+
+Now click on the "State" tab, and refer to the [State Validations](./validations/SafeA.md) instructions for the transaction you are signing.
+Once complete return to this document to complete the signing.
+
+##### 3.2.3. Extract the domain hash and the message hash to approve.
+
+Now that we have verified the transaction performs the right
+operation, we need to extract the domain hash and the message hash to
+approve.
+
+Go back to the "Overview" tab, and find the
+`GnosisSafe.checkSignatures` call. This call's `data` parameter
+contains both the domain hash and the message hash that will show up
+in your Ledger.
+
+It will be a concatenation of `0x1901`, the domain hash, and the
+message hash: `0x1901[domain hash][message hash]`.
+
+Note down this value. You will need to compare it with the ones
+displayed on the Ledger screen at signing.
+
+Once the validations are done, it's time to actually sign the
+transaction.
+
+> [!WARNING]
+> This is the most security critical part of the playbook: make sure the
+> domain hash and message hash in the following two places match:
+>
+> 1. On your Ledger screen.
+> 2. In the Tenderly simulation. You should use the same Tenderly
+>    simulation as the one you used to verify the state diffs, instead
+>    of opening the new one printed in the console.
+>
+> There is no need to verify anything printed in the console. There is
+> no need to open the new Tenderly simulation link either.
+
+After verification, sign the transaction. You will see the `Data`,
+`Signer` and `Signature` printed in the console. Format should be
+something like this:
+
+```shell
+Data:  <DATA>
+Signer: <ADDRESS>
+Signature: <SIGNATURE>
+```
+
+Double check the signer address is the right one.
+
+##### 3.2.4 Send the output to Facilitator(s)
+
+Nothing has occurred onchain - these are offchain signatures which
+will be collected by Facilitators for execution. Execution can occur
+by anyone once a threshold of signatures are collected, so a
+Facilitator will do the final execution for convenience.
+
+Share the `Data`, `Signer` and `Signature` with the Facilitator, and
+congrats, you are done!
+
+### [For Facilitator ONLY] How to execute
+
+#### Approve the transaction
+
+1. Collect outputs from all participating signers.
+1. Concatenate all signatures and export it as the `SIGNATURES`
+   environment variable, i.e. `export
+SIGNATURES="[SIGNATURE1][SIGNATURE2]..."`.
+1. Run the `make approve` command as described below to approve the transaction.
+
+For example, if the quorum is 2 and you get the following outputs:
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE01
+Signature: AAAA
+```
+
+```shell
+Data:  0xDEADBEEF
+Signer: 0xC0FFEE02
+Signature: BBBB
+```
+
+```bash
+SIGNATURES=AAAABBBB make approve
+```
+
+As the facilitator, you are then expected to sign / approve on behalf of the rest of our testnet multisigs that mirror our mainnet hierarchy.
+
+```bash
+make sign-b
+```
+
+```bash
+SIGNATURES=AAAA make approve-b
+```
+
+```bash
+make sign-nested-b
+```
+
+```bash
+SIGNATURES=AAAA make approve-nested-b
+```
+
+```bash
+make approve-coordinator
+```
+
+#### Execute the transaction
+
+IMPORTANT: Ensure op-challenger has been updated before executing.
+
+Once the signatures have been submitted approving the transaction for all nested Safes run:
+
+```bash
+make execute
+```
diff --git a/sepolia/2025-04-14-upgrade-fault-proofs/addresses.json b/sepolia/2025-04-14-upgrade-fault-proofs/addresses.json
@@ -0,0 +1,4 @@
+{
+  "faultDisputeGame": "0xcfce7dd673fbbbffd16ab936b7245a2f2db31c9a",
+  "permissionedDisputeGame": "0xf0102ffe22649a5421d53acc96e309660960cf44"
+}
diff --git a/sepolia/2025-04-14-upgrade-fault-proofs/foundry.toml b/sepolia/2025-04-14-upgrade-fault-proofs/foundry.toml
@@ -0,0 +1,20 @@
+[profile.default]
+src = 'src'
+out = 'out'
+libs = ['lib']
+broadcast = 'records'
+fs_permissions = [{ access = "read-write", path = "./" }]
+optimizer = true
+optimizer_runs = 200
+via-ir = false
+remappings = [
+    '@eth-optimism-bedrock/=lib/optimism/packages/contracts-bedrock/',
+    '@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts',
+    '@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts',
+    '@rari-capital/solmate/=lib/solmate/',
+    '@base-contracts/=lib/base-contracts',
+    'solady/=lib/solady/src/',
+    '@lib-keccak/=lib/lib-keccak/contracts/lib',
+]
+
+# See more config options https://github.com/foundry-rs/foundry/tree/master/config
diff --git a/...-04-14-upgrade-fault-proofs/records/DeployDisputeGames.s.sol/11155111/run-1744743721.json b/...-04-14-upgrade-fault-proofs/records/DeployDisputeGames.s.sol/11155111/run-1744743721.json