[WIP] Add Rebasable token to Optimism

.editorconfig

@@ -0,0 +1,15 @@
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+charset = utf-8
+indent_style = space
+indent_size = 4
+
+[*.{js,yml,json,cjs}]
+indent_size = 2
+max_line_length = 120

.env.example

@@ -25,11 +25,41 @@ ETHERSCAN_API_KEY_OPT=
 # Bridge/Gateway Deployment
 # ############################
 
-# Address of the token to deploy the bridge/gateway for
+# Address of the token on L1 to deploy the bridge/gateway for
 TOKEN=
 
+# Address of the rebasable token on L1 to deploy the bridge/gateway for
+REBASABLE_TOKEN=
+
+# Address of token rate pusher. Required to config TokenRateOracle.
+L1_OP_STACK_TOKEN_RATE_PUSHER=
+
+# Gas limit required to complete pushing token rate on L2.
+# Default is: 300_000.
+# This value was calculated by formula:
+# l2GasLimit = (gas cost of L2Bridge.finalizeDeposit() + OptimismPortal.minimumGasLimit(depositData.length)) * 1.5
+L2_GAS_LIMIT_FOR_PUSHING_TOKEN_RATE=
+
+# A time period when token rate can be considered outdated.
+TOKEN_RATE_OUTDATED_DELAY=86400 # default is 86400 (24 hours)
+
+# Address of L1 token bridge proxy.
+L1_TOKEN_BRIDGE=
+
+# Address of L2 token bridge proxy.
+L2_TOKEN_BRIDGE=
+
+# Address of the non-rebasable token proxy on L2.
+L2_TOKEN=
+
+# Address of token rate oracle on L2
+L2_TOKEN_RATE_ORACLE=
+
+# Address of bridge executor.
+GOV_BRIDGE_EXECUTOR=
+
 # Name of the network environments used by deployment scripts.
-# Might be one of: "mainnet", "goerli".
+# Might be one of: "mainnet", "sepolia".
 NETWORK=mainnet
 
 # Run deployment in the forking network instead of public ones
@@ -74,6 +104,10 @@ TESTING_ARB_L2_GATEWAY_ROUTER=0x57f54f87C44d816f60b92864e23b8c0897D4d81D
 TESTING_OPT_NETWORK=
 TESTING_OPT_L1_TOKEN=0xaF8a2F0aE374b03376155BF745A3421Dac711C12
 TESTING_OPT_L2_TOKEN=0xAED5F9aaF167923D34174b8E636aaF040A11f6F7
+TESTING_OPT_L1_TOKEN_RATE_NOTIFIER=0x554f2C7D58522c050d38Ebea4FF072ED7C4e61cb
+TESTING_OPT_L1_REBASABLE_TOKEN=0xB82381A3fBD3FaFA77B3a7bE693342618240067b
+TESTING_OPT_L2_REBASABLE_TOKEN=0x6696Cb7bb602FC744254Ad9E07EfC474FBF78857
+TESTING_OPT_L2_TOKEN_RATE_ORACLE=0x8ea513d1e5Be31fb5FC2f2971897594720de9E70
 TESTING_OPT_L1_ERC20_TOKEN_BRIDGE=0x243b661276670bD17399C488E7287ea4D416115b
 TESTING_OPT_L2_ERC20_TOKEN_BRIDGE=0x447CD1794d209Ac4E6B4097B34658bc00C4d0a51
 

.env.wsteth.opt_mainnet

@@ -21,6 +21,9 @@ ETHERSCAN_API_KEY_OPT=
 # Address of the token to deploy the bridge/gateway for
 TOKEN=0x7f39C581F595B53c5cb19bD0b3f8dA6c935E2Ca0
 
+# Address of the rebasable token to deploy the bridge/gateway for
+REBASABLE_TOKEN=
+
 # Name of the network environments used by deployment scripts.
 # Might be one of: "mainnet", "goerli".
 NETWORK=mainnet

.storage-layout

@@ -58,12 +58,12 @@
 |------|------|------|--------|-------|----------|
 
 =======================
-➡ L1ERC20TokenBridge
+➡ L1ERC20ExtendedTokensBridge
 =======================
 
 | Name | Type | Slot | Offset | Bytes | Contract |
 |--------|---------------------------------------------------|------|--------|-------|--------------------------------------------------------------|
-| _roles | mapping(bytes32 => struct AccessControl.RoleData) | 0 | 0 | 32 | contracts/optimism/L1ERC20TokenBridge.sol:L1ERC20TokenBridge |
+| _roles | mapping(bytes32 => struct AccessControl.RoleData) | 0 | 0 | 32 | contracts/optimism/L1ERC20ExtendedTokensBridge.sol:L1ERC20ExtendedTokensBridge |
 
 =======================
 ➡ L1ERC20TokenGateway
@@ -81,12 +81,12 @@
 |------|------|------|--------|-------|----------|
 
 =======================
-➡ L2ERC20TokenBridge
+➡ L2ERC20ExtendedTokensBridge
 =======================
 
 | Name | Type | Slot | Offset | Bytes | Contract |
 |--------|---------------------------------------------------|------|--------|-------|--------------------------------------------------------------|
-| _roles | mapping(bytes32 => struct AccessControl.RoleData) | 0 | 0 | 32 | contracts/optimism/L2ERC20TokenBridge.sol:L2ERC20TokenBridge |
+| _roles | mapping(bytes32 => struct AccessControl.RoleData) | 0 | 0 | 32 | contracts/optimism/L2ERC20ExtendedTokensBridge.sol:L2ERC20ExtendedTokensBridge |
 
 =======================
 ➡ L2ERC20TokenGateway

README.md

@@ -6,6 +6,7 @@ To retrieve more detailed info about the bridging process, see the specification
 
 - [Lido's Arbitrum Gateway](https://github.com/lidofinance/lido-l2/blob/main/contracts/arbitrum/README.md).
 - [Lido's Optimism Bridge](https://github.com/lidofinance/lido-l2/blob/main/contracts/optimism/README.md).
+- [wstETH Bridging Guide](https://docs.lido.fi/token-guides/wsteth-bridging-guide/#r-5-bridging-l1-lido-dao-decisions)
 
 ## Project setup
 
@@ -42,8 +43,17 @@ Fill the newly created `.env` file with the required variables. See the [Project
 
 The configuration of the deployment scripts happens via the ENV variables. The following variables are required:
 
-- [`TOKEN`](#TOKEN) - address of the token to deploy a new bridge on the Ethereum chain.
-- [`NETWORK`](#NETWORK) - name of the network environments used by deployment scripts. Allowed values: `mainnet`, `goerli`.
+- [`TOKEN`](#TOKEN) - address of the non-rebasable token to deploy a new bridge on the Ethereum chain.
+- [`REBASABLE_TOKEN`] (#REBASABLE_TOKEN) - address of the rebasable token to deploy new bridge on the Ethereum chain.
+- [`L1_OP_STACK_TOKEN_RATE_PUSHER`](#L1_OP_STACK_TOKEN_RATE_PUSHER) - address of token rate pusher. Required to config TokenRateOracle.
+- [`L2_GAS_LIMIT_FOR_PUSHING_TOKEN_RATE`](#L2_GAS_LIMIT_FOR_PUSHING_TOKEN_RATE) - gas limit required to complete pushing token rate on L2.This value was calculated by formula: l2GasLimit = (gas cost of L2Bridge.finalizeDeposit() + OptimismPortal.minimumGasLimit(depositData.length)) * 1.5
+- [`TOKEN_RATE_OUTDATED_DELAY`](#TOKEN_RATE_OUTDATED_DELAY) - a time period when token rate can be considered outdated. Default is 86400 (24 hours).
+- [`L1_TOKEN_BRIDGE`](#L1_TOKEN_BRIDGE) - address of L1 token bridge.
+- [`L2_TOKEN_BRIDGE`](#L2_TOKEN_BRIDGE) - address of L2 token bridge.
+- [`L2_TOKEN`](#L2_TOKEN) - address of the non-rebasable token on L2.
+- [`L2_TOKEN_RATE_ORACLE`](#L2_TOKEN_RATE_ORACLE) - address of token rate oracle on L2.
+- [`GOV_BRIDGE_EXECUTOR`](#GOV_BRIDGE_EXECUTOR) - address of bridge executor.
+- [`NETWORK`](#NETWORK) - name of the network environments used by deployment scripts. Allowed values: `mainnet`, `sepolia`.
 - [`FORKING`](#FORKING) - run deployment in the forking network instead of real ones
 - [`ETH_DEPLOYER_PRIVATE_KEY`](#ETH_DEPLOYER_PRIVATE_KEY) - The private key of the deployer account in the Ethereum network is used during the deployment process.
 - [`ARB_DEPLOYER_PRIVATE_KEY`](#ARB_DEPLOYER_PRIVATE_KEY) - The private key of the deployer account in the Arbitrum network is used during the deployment process.
@@ -314,13 +324,17 @@ Below variables used in the Arbitrum/Optimism bridge deployment process.
 
 #### `TOKEN`
 
-Address of the token to deploy a new bridge on the Ethereum chain.
+Address of the existing non-rebasable token to deploy a new bridge for on the Ethereum chain.
+
+#### `REBASABLE_TOKEN`
+
+Address of the existing rebasable token to deploy new bridge for on the Ethereum chain.
 
 #### `NETWORK`
 
 > Default value: `mainnet`
 
-Name of the network environments used by deployment scripts. Might be one of: `mainnet`, `goerli`.
+Name of the network environments used by deployment scripts. Might be one of: `mainnet`, `sepolia`.
 
 #### `FORKING`
 
@@ -442,7 +456,7 @@ The following variables are used in the process of the Integration & E2E testing
 
 #### `TESTING_ARB_NETWORK`
 
-Name of the network environments used for Arbitrum Integration & E2E testing. Might be one of: `mainnet`, `goerli`.
+Name of the network environments used for Arbitrum Integration & E2E testing. Might be one of: `mainnet`, `sepolia`.
 
 #### `TESTING_ARB_L1_TOKEN`
 
@@ -482,7 +496,7 @@ Address of the L2 gateway router used in the Acceptance Integration & E2E (when
 
 #### `TESTING_OPT_NETWORK`
 
-Name of the network environments used for Optimism Integration & E2E testing. Might be one of: `mainnet`, `goerli`.
+Name of the network environments used for Optimism Integration & E2E testing. Might be one of: `mainnet`, `sepolia`.
 
 #### `TESTING_OPT_L1_TOKEN`
 

artifacts-opt.json

@@ -2,13 +2,13 @@
  {
  "artifactPath": "artifacts/contracts/proxy/OssifiableProxy.sol/OssifiableProxy.json",
  "sourcePath": "contracts/proxy/OssifiableProxy.sol",
- "name": "L2ERC20TokenBridge proxy",
+ "name": "L2ERC20ExtendedTokensBridge proxy",
  "address": "0x8E01013243a96601a86eb3153F0d9Fa4fbFb6957"
  },
  {
- "artifactPath": "artifacts/contracts/optimism/L2ERC20TokenBridge.sol/L2ERC20TokenBridge.json",
- "sourcePath": "contracts/optimism/L2ERC20TokenBridge.sol",
- "name": "L2ERC20TokenBridge",
+ "artifactPath": "artifacts/contracts/optimism/L2ERC20ExtendedTokensBridge.sol/L2ERC20ExtendedTokensBridge.json",
+ "sourcePath": "contracts/optimism/L2ERC20ExtendedTokensBridge.sol",
+ "name": "L2ERC20ExtendedTokensBridge",
  "address": "0x23B96aDD54c479C6784Dd504670B5376B808f4C7",
  "txHash": "0x5d69e9c6ec1d634f0d90812c2189c925993d1fffbc9b0b416fdc123e15407c56"
  },

contracts/arbitrum/L2ERC20TokenGateway.sol

@@ -3,7 +3,7 @@
 
 pragma solidity 0.8.10;
 
-import {IERC20Bridged} from "../token/interfaces/IERC20Bridged.sol";
+import {IERC20Bridged} from "../token/ERC20Bridged.sol";
 import {IL2TokenGateway, IInterchainTokenGateway} from "./interfaces/IL2TokenGateway.sol";
 
 import {L2CrossDomainEnabled} from "./L2CrossDomainEnabled.sol";

contracts/arbitrum/README.md

@@ -707,7 +707,6 @@ Transfers `amount` of token from the `from_` account to `to_` using the allowanc
 > - **`addedValue_`** - a number to increase allowance
 >
 > **Emits:** `Approval(address indexed owner, address indexed spender, uint256 value)`
-
 Atomically increases the allowance granted to `spender` by the caller. Returns a `bool` value indicating whether the operation succeed.
 
 #### `decreaseAllowance(address,uint256)`
@@ -722,7 +721,6 @@ Atomically increases the allowance granted to `spender` by the caller. Returns a
 > - **`subtractedValue_`** - a number to decrease allowance
 >
 > **Emits:** `Approval(address indexed owner, address indexed spender, uint256 value)`
-
 Atomically decreases the allowance granted to `spender` by the caller. Returns a `bool` value indicating whether the operation succeed.
 
 ## `ERC20Bridged`

contracts/lib/DepositDataCodec.sol

@@ -0,0 +1,44 @@
+// SPDX-FileCopyrightText: 2024 Lido <[email protected]>
+// SPDX-License-Identifier: GPL-3.0
+
+pragma solidity 0.8.10;
+
+/// @author kovalgek
+/// @notice encodes and decodes DepositData for crosschain transfering.
+library DepositDataCodec {
+
+ uint8 internal constant RATE_FIELD_SIZE = 12;
+ uint8 internal constant TIMESTAMP_FIELD_SIZE = 5;
+
+ struct DepositData {
+ uint96 rate;
+ uint40 timestamp;
+ bytes data;
+ }
+
+ function encodeDepositData(DepositData memory depositData) internal pure returns (bytes memory) {
+ bytes memory data = bytes.concat(
+ abi.encodePacked(depositData.rate),
+ abi.encodePacked(depositData.timestamp),
+ abi.encodePacked(depositData.data)
+ );
+ return data;
+ }
+
+ function decodeDepositData(bytes calldata buffer) internal pure returns (DepositData memory) {
+
+ if (buffer.length < RATE_FIELD_SIZE + TIMESTAMP_FIELD_SIZE) {
+ revert ErrorDepositDataLength();
+ }
+
+ DepositData memory depositData = DepositData({
+ rate: uint96(bytes12(buffer[0:RATE_FIELD_SIZE])),
+ timestamp: uint40(bytes5(buffer[RATE_FIELD_SIZE:RATE_FIELD_SIZE + TIMESTAMP_FIELD_SIZE])),
+ data: buffer[RATE_FIELD_SIZE + TIMESTAMP_FIELD_SIZE:]
+ });
+
+ return depositData;
+ }
+
+ error ErrorDepositDataLength();
+}

contracts/lib/ECDSA.sol

@@ -0,0 +1,57 @@
+// SPDX-FileCopyrightText: 2024 Lido <[email protected]>
+// SPDX-License-Identifier: MIT
+
+// Extracted from:
+// https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v3.4.0/contracts/cryptography/ECDSA.sol#L53
+// https://github.com/OpenZeppelin/openzeppelin-contracts/blob/541e821/contracts/utils/cryptography/ECDSA.sol#L112
+
+pragma solidity 0.8.10;
+
+library ECDSA {
+ /**
+ * @dev Returns the address that signed a hashed message (`hash`).
+ * This address can then be used for verification purposes.
+ * Receives the `v`, `r` and `s` signature fields separately.
+ *
+ * The `ecrecover` EVM opcode allows for malleable (non-unique) signatures:
+ * this function rejects them by requiring the `s` value to be in the lower
+ * half order, and the `v` value to be either 27 or 28.
+ *
+ * IMPORTANT: `hash` _must_ be the result of a hash operation for the
+ * verification to be secure: it is possible to craft signatures that
+ * recover to arbitrary addresses for non-hashed data.
+ */
+ function recover(bytes32 hash, uint8 v, bytes32 r, bytes32 s) internal pure returns (address)
+ {
+ // EIP-2 still allows signature malleability for ecrecover(). Remove this possibility and make the signature
+ // unique. Appendix F in the Ethereum Yellow paper (https://ethereum.github.io/yellowpaper/paper.pdf), defines
+ // the valid range for s in (281): 0 < s < secp256k1n ÷ 2 + 1, and for v in (282): v ∈ {27, 28}. Most
+ // signatures from current libraries generate a unique signature with an s-value in the lower half order.
+ //
+ // If your library generates malleable signatures, such as s-values in the upper range, calculate a new s-value
+ // with 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141 - s1 and flip v from 27 to 28 or
+ // vice versa. If your library also generates signatures with 0/1 for v instead 27/28, add 27 to v to accept
+ // these malleable signatures as well.
+ require(uint256(s) <= 0x7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5D576E7357A4501DDFE92F46681B20A0, "ECDSA: invalid signature 's' value");
+
+ // If the signature is valid (and not malleable), return the signer address
+ address signer = ecrecover(hash, v, r, s);
+ require(signer != address(0), "ECDSA: invalid signature");
+
+ return signer;
+ }
+
+ /**
+ * @dev Overload of `recover` that receives the `r` and `vs` short-signature fields separately.
+ * See https://eips.ethereum.org/EIPS/eip-2098[EIP-2098 short signatures]
+ */
+ function recover(bytes32 hash, bytes32 r, bytes32 vs) internal pure returns (address) {
+ bytes32 s;
+ uint8 v;
+ assembly {
+ s := and(vs, 0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff)
+ v := add(shr(255, vs), 27)
+ }
+ return recover(hash, v, r, s);
+ }
+}

contracts/lib/SignatureChecker.sol

@@ -0,0 +1,64 @@
+// SPDX-FileCopyrightText: 2024 Lido <[email protected]>
+// SPDX-License-Identifier: MIT
+
+pragma solidity 0.8.10;
+
+import {ECDSA} from "./ECDSA.sol";
+
+/// @dev A copy of SignatureUtils.sol contract from Lido Core Protocol
+/// https://github.com/lidofinance/lido-dao/blob/master/contracts/common/lib/SignatureUtils.sol
+library SignatureChecker {
+ /**
+ * @dev The selector of the ERC1271's `isValidSignature(bytes32 hash, bytes signature)` function,
+ * serving at the same time as the magic value that the function should return upon success.
+ *
+ * See https://eips.ethereum.org/EIPS/eip-1271.
+ *
+ * bytes4(keccak256("isValidSignature(bytes32,bytes)")
+ */
+ bytes4 internal constant ERC1271_IS_VALID_SIGNATURE_SELECTOR = 0x1626ba7e;
+
+ /**
+ * @dev Checks signature validity.
+ *
+ * If the signer address doesn't contain any code, assumes that the address is externally owned
+ * and the signature is a ECDSA signature generated using its private key. Otherwise, issues a
+ * static call to the signer address to check the signature validity using the ERC-1271 standard.
+ */
+ function isValidSignature(
+ address signer,
+ bytes32 msgHash,
+ uint8 v,
+ bytes32 r,
+ bytes32 s
+ ) internal view returns (bool) {
+ if (_hasCode(signer)) {
+ bytes memory sig = abi.encodePacked(r, s, v);
+ // Solidity <0.5 generates a regular CALL instruction even if the function being called
+ // is marked as `view`, and the only way to perform a STATICCALL is to use assembly
+ bytes memory data = abi.encodeWithSelector(ERC1271_IS_VALID_SIGNATURE_SELECTOR, msgHash, sig);
+ bytes32 retval;
+ /// @solidity memory-safe-assembly
+ assembly {
+ // allocate memory for storing the return value
+ let outDataOffset := mload(0x40)
+ mstore(0x40, add(outDataOffset, 32))
+ // issue a static call and load the result if the call succeeded
+ let success := staticcall(gas(), signer, add(data, 32), mload(data), outDataOffset, 32)
+ if and(eq(success, 1), eq(returndatasize(), 32)) {
+ retval := mload(outDataOffset)
+ }
+ }
+ return retval == bytes32(ERC1271_IS_VALID_SIGNATURE_SELECTOR);
+ } else {
+ return ECDSA.recover(msgHash, v, r, s) == signer;
+ }
+ }
+
+ function _hasCode(address addr) internal view returns (bool) {
+ uint256 size;
+ /// @solidity memory-safe-assembly
+ assembly { size := extcodesize(addr) }
+ return size > 0;
+ }
+}