matter-labs · StanislavBreadless · Dec 20, 2024 · Dec 17, 2024 · Dec 18, 2024 · Dec 18, 2024
@@ -2,7 +2,7 @@
 
 pragma solidity 0.8.24;
 
-import {OperatorDAInputLengthTooSmall, InvalidNumberOfBlobs, InvalidBlobsHashes, InvalidL2DAOutputHash, OneBlobWithCalldata, PubdataInputTooSmall, PubdataLengthTooBig, InvalidPubdataHash} from "./DAContractsErrors.sol";
+import {OperatorDAInputTooSmall, InvalidNumberOfBlobs, InvalidL2DAOutputHash, OnlyOneBlobWithCalldataAllowed, PubdataInputTooSmall, PubdataLengthTooBig, InvalidPubdataHash} from "./DAContractsErrors.sol";
 
 /// @dev Total number of bytes in a blob. Blob = 4096 field elements * 31 bytes per field element
 /// @dev EIP-4844 defines it as 131_072 but we use 4096 * 31 within our circuits to always fit within a field element
@@ -45,7 +45,7 @@ abstract contract CalldataDA {
 
         // Check that it accommodates enough pubdata for the state diff hash, hash of pubdata + the number of blobs.
         if (_operatorDAInput.length < BLOB_DATA_OFFSET) {
-            revert OperatorDAInputLengthTooSmall(_operatorDAInput.length, BLOB_DATA_OFFSET);
+            revert OperatorDAInputTooSmall(_operatorDAInput.length, BLOB_DATA_OFFSET);
         }
 
         stateDiffHash = bytes32(_operatorDAInput[:32]);
@@ -61,7 +61,7 @@ abstract contract CalldataDA {
         blobsLinearHashes = new bytes32[](_maxBlobsSupported);
 
         if (_operatorDAInput.length < BLOB_DATA_OFFSET + 32 * blobsProvided) {
-            revert InvalidBlobsHashes(_operatorDAInput.length, BLOB_DATA_OFFSET + 32 * blobsProvided);
+            revert OperatorDAInputTooSmall(_operatorDAInput.length, BLOB_DATA_OFFSET + 32 * blobsProvided);
         }
 
         _cloneCalldata(blobsLinearHashes, _operatorDAInput[BLOB_DATA_OFFSET:], blobsProvided);
@@ -90,7 +90,7 @@ abstract contract CalldataDA {
         bytes calldata _pubdataInput
     ) internal pure virtual returns (bytes32[] memory blobCommitments, bytes calldata _pubdata) {
         if (_blobsProvided != 1) {
-            revert OneBlobWithCalldata();
+            revert OnlyOneBlobWithCalldataAllowed();
         }
         if (_pubdataInput.length < BLOB_COMMITMENT_SIZE) {
             revert PubdataInputTooSmall(_pubdataInput.length, BLOB_COMMITMENT_SIZE);

@@ -16,29 +16,26 @@ error PointEvalCallFailed(bytes);
 // 0x4daa985d
 error PointEvalFailed(bytes);
 
-// 0xf4a3e629
-error OperatorDAInputLengthTooSmall(uint256 operatorDAInputLength, uint256 blobDataOffset);
+// 0x885ae069
+error OperatorDAInputTooSmall(uint256 operatorDAInputLength, uint256 minAllowedLength);
 
 // 0xbeb96791
 error InvalidNumberOfBlobs(uint256 blobsProvided, uint256 maxBlobsSupported);
 
-// 0xcd384e46
-error InvalidBlobsHashes(uint256 operatorDAInputLength, uint256 blobsProvided);
-
 // 0xd2531c15
 error InvalidL2DAOutputHash(bytes32 l2DAValidatorOutputHash);
 
-// 0x3db6e664
-error OneBlobWithCalldata();
+// 0x04e05fd1
+error OnlyOneBlobWithCalldataAllowed();
 
 // 0x2dc9747d
-error PubdataInputTooSmall(uint256 pubdataInputLength, uint256 blobCommitmentSize);
+error PubdataInputTooSmall(uint256 pubdataInputLength, uint256 totalBlobsCommitmentSize);
 
 // 0x9044dff9
-error PubdataLengthTooBig(uint256 pubdataLength, uint256 blobSizeBytes);
+error PubdataLengthTooBig(uint256 pubdataLength, uint256 totalBlobSizeBytes);
 
 // 0x5513177c
-error InvalidPubdataHash(bytes32 fullPubdataHash, bytes32 pubdata);
+error InvalidPubdataHash(bytes32 fullPubdataHash, bytes32 providedPubdataHash);
 
 // 0xc771423e
 error BlobCommitmentNotPublished();

@@ -13,7 +13,7 @@ import {InvalidPubdataSource, PubdataCommitmentsEmpty, InvalidPubdataCommitments
 uint256 constant BLOBS_SUPPORTED = 6;
 
 /// @dev The number of blocks within each we allow blob to be used for DA.
-/// On Ethereum blobs expire within 4096 slots, i.e. 4096 * 32 blocks. We reserve
+/// On Ethereum blobs expire within 4096 epochs, i.e. 4096 * 32 blocks. We reserve
 /// half of the time in order to ensure reader's ability to read the blob's content.
 uint256 constant BLOB_EXPIRATION_BLOCKS = (4096 * 32) / 2;
 

@@ -5,28 +5,11 @@ import "@matterlabs/hardhat-zksync-verify";
 import "@nomiclabs/hardhat-ethers";
 import "hardhat-typechain";
 
-// This version of system contracts requires a pre release of the compiler
-const COMPILER_VERSION = "1.5.0";
-const PRE_RELEASE_VERSION = "prerelease-a167aa3-code4rena";
-function getZksolcUrl(): string {
-  // @ts-ignore
-  const platform = { darwin: "macosx", linux: "linux", win32: "windows" }[process.platform];
-  // @ts-ignore
-  const toolchain = { linux: "-musl", win32: "-gnu", darwin: "" }[process.platform];
-  const arch = process.arch === "x64" ? "amd64" : process.arch;
-  const ext = process.platform === "win32" ? ".exe" : "";
-
-  return `https://github.com/matter-labs/era-compiler-solidity/releases/download/${PRE_RELEASE_VERSION}/zksolc-${platform}-${arch}${toolchain}-v${COMPILER_VERSION}${ext}`;
-}
-
-console.log(`Using zksolc from ${getZksolcUrl()}`);
-
 export default {
   zksolc: {
     version: "1.5.0",
     compilerSource: "binary",
     settings: {
-      compilerPath: getZksolcUrl(),
       isSystem: true,
     },
   },

@@ -28,7 +28,7 @@ import {DataEncoding} from "../common/libraries/DataEncoding.sol";
 import {IBridgehub} from "../bridgehub/IBridgehub.sol";
 import {L2_BASE_TOKEN_SYSTEM_CONTRACT_ADDR, L2_ASSET_ROUTER_ADDR} from "../common/L2ContractAddresses.sol";
 import {DataEncoding} from "../common/libraries/DataEncoding.sol";
-import {LegacyBridgeNotSet, Unauthorized, SharedBridgeKey, DepositExists, AddressAlreadySet, InvalidProof, DepositDoesNotExist, SharedBridgeValueNotSet, WithdrawalAlreadyFinalized, L2WithdrawalMessageWrongLength, InvalidSelector, SharedBridgeValueNotSet, ZeroAddress} from "../common/L1ContractErrors.sol";
+import {LegacyMethodForNonL1Token, LegacyBridgeNotSet, Unauthorized, SharedBridgeKey, DepositExists, AddressAlreadySet, InvalidProof, DepositDoesNotExist, SharedBridgeValueNotSet, WithdrawalAlreadyFinalized, L2WithdrawalMessageWrongLength, InvalidSelector, SharedBridgeValueNotSet, ZeroAddress} from "../common/L1ContractErrors.sol";
 import {WrongL2Sender, NativeTokenVaultAlreadySet, EthTransferFailed, WrongMsgLength} from "./L1BridgeContractErrors.sol";
 
 /// @author Matter Labs
@@ -570,11 +570,14 @@ contract L1Nullifier is IL1Nullifier, ReentrancyGuard, Ownable2StepUpgradeable,
             // slither-disable-next-line unused-return
             (amount, ) = UnsafeBytes.readUint256(_l2ToL1message, offset);
             assetId = BRIDGE_HUB.baseTokenAssetId(_chainId);
-            address baseToken = BRIDGE_HUB.baseToken(_chainId);
             transferData = DataEncoding.encodeBridgeMintData({
                 _originalCaller: address(0),
                 _remoteReceiver: l1Receiver,
-                _originToken: baseToken,
+                // Note, that `assetId` could belong to a token native to an L2, and so
+                // the logic for determining the correct origin token address will be complex.
+                // It is expected that this value won't be used in the NativeTokenVault and so providing
+                // any value is acceptable here.
+                _originToken: address(0),
                 _amount: amount,
                 _erc20Metadata: new bytes(0)
             });
@@ -642,9 +645,13 @@ contract L1Nullifier is IL1Nullifier, ReentrancyGuard, Ownable2StepUpgradeable,
         bytes32[] calldata _merkleProof
     ) external {
         bytes32 assetId = l1NativeTokenVault.assetId(_l1Token);
+        bytes32 ntvAssetId = DataEncoding.encodeNTVAssetId(block.chainid, _l1Token);
         if (assetId == bytes32(0)) {
-            assetId = DataEncoding.encodeNTVAssetId(block.chainid, _l1Token);
+            assetId = ntvAssetId;
+        } else if (assetId != ntvAssetId) {
+            revert LegacyMethodForNonL1Token();
         }
+
         // For legacy deposits, the l2 receiver is not required to check tx data hash
         // The token address does not have to be provided for this functionality either.
         bytes memory assetData = DataEncoding.encodeBridgeBurnData(_amount, address(0), address(0));

@@ -88,7 +88,7 @@ abstract contract AssetRouterBase is IAssetRouterBase, Ownable2StepUpgradeable,
         }
         _setAssetHandler(assetId, _assetHandlerAddress);
         assetDeploymentTracker[assetId] = msg.sender;
-        emit AssetDeploymentTrackerRegistered(assetId, _assetRegistrationData, sender);
+        emit AssetDeploymentTrackerRegistered(assetId, _assetRegistrationData, msg.sender);
     }
 
     /*//////////////////////////////////////////////////////////////

@@ -22,7 +22,7 @@ import {DataEncoding} from "../../common/libraries/DataEncoding.sol";
 import {AddressAliasHelper} from "../../vendor/AddressAliasHelper.sol";
 import {TWO_BRIDGES_MAGIC_VALUE, ETH_TOKEN_ADDRESS} from "../../common/Config.sol";
 import {NativeTokenVaultAlreadySet} from "../L1BridgeContractErrors.sol";
-import {LegacyBridgeUsesNonNativeToken, NonEmptyMsgValue, UnsupportedEncodingVersion, AssetIdNotSupported, AssetHandlerDoesNotExist, Unauthorized, ZeroAddress, TokenNotSupported, AddressAlreadyUsed, TokensWithFeesNotSupported} from "../../common/L1ContractErrors.sol";
+import {LegacyEncodingUsedForNonL1Token, LegacyBridgeUsesNonNativeToken, NonEmptyMsgValue, UnsupportedEncodingVersion, AssetIdNotSupported, AssetHandlerDoesNotExist, Unauthorized, ZeroAddress, TokenNotSupported, AddressAlreadyUsed, TokensWithFeesNotSupported} from "../../common/L1ContractErrors.sol";
 import {L2_ASSET_ROUTER_ADDR} from "../../common/L2ContractAddresses.sol";
 
 import {IBridgehub, L2TransactionRequestTwoBridgesInner, L2TransactionRequestDirect} from "../../bridgehub/IBridgehub.sol";
@@ -386,6 +386,12 @@ contract L1AssetRouter is AssetRouterBase, IL1AssetRouter, ReentrancyGuard {
         );
         bytes32 assetId = _ensureTokenRegisteredWithNTV(_l1Token);
 
+        // We ensure that the legacy data format can not be used for tokens that did not originate from L1.
+        bytes32 expectedAssetId = DataEncoding.encodeNTVAssetId(block.chainid, _l1Token);
+        if (assetId != expectedAssetId) {
+            revert LegacyEncodingUsedForNonL1Token();
+        }
+
         if (assetId == ETH_TOKEN_ASSET_ID) {
             // In the old SDK/contracts the user had to always provide `0` as the deposit amount for ETH token, while
             // ultimately the provided `msg.value` was used as the deposit amount. This check is needed for backwards compatibility.

@@ -223,9 +223,9 @@ abstract contract NativeTokenVault is
         }
     }
 
-    function tryRegisterTokenFromBurnData(bytes calldata _data, bytes32 _expectedAssetId) external {
+    function tryRegisterTokenFromBurnData(bytes calldata _burnData, bytes32 _expectedAssetId) external {
         // slither-disable-next-line unused-return
-        (, , address tokenAddress) = DataEncoding.decodeBridgeBurnData(_data);
+        (, , address tokenAddress) = DataEncoding.decodeBridgeBurnData(_burnData);
 
         if (tokenAddress == address(0)) {
             revert ZeroAddress();
@@ -338,8 +338,7 @@ abstract contract NativeTokenVault is
         address _receiver,
         address _nativeToken
     ) internal virtual returns (bytes memory _bridgeMintData) {
-        address nativeToken = tokenAddress[_assetId];
-        if (nativeToken == WETH_TOKEN) {
+        if (_nativeToken == WETH_TOKEN) {
             // This ensures that WETH_TOKEN can never be bridged from chains it is native to.
             // It can only be withdrawn from the chain where it has already gotten.
             revert BurningNativeWETHNotSupported();

@@ -104,7 +104,11 @@ contract CTMDeploymentTracker is ICTMDeploymentTracker, Ownable2StepUpgradeable
 
     /// @notice The function called by the Bridgehub after the L2 transaction has been initiated.
     /// @dev Not used in this contract. In case the transaction fails, we can just re-try it.
-    function bridgehubConfirmL2Transaction(uint256 _chainId, bytes32 _txDataHash, bytes32 _txHash) external {}
+    function bridgehubConfirmL2Transaction(
+        uint256 _chainId,
+        bytes32 _txDataHash,
+        bytes32 _txHash
+    ) external onlyBridgehub {}
 
     /// @notice Used to register the ctm asset in L2 AssetRouter.
     /// @param _originalCaller the address that called the Router

@@ -362,6 +362,8 @@ error IncorrectTokenAddressFromNTV(bytes32 assetId, address tokenAddress);
 error InvalidProofLengthForFinalNode();
 // 0x7acd7817
 error TokenIsNotLegacy();
+// 0xfade089a
+error LegacyEncodingUsedForNonL1Token();
 // 0xa51fa558
 error TokenIsLegacy();
 // 0x29963361
@@ -387,6 +389,8 @@ error InvalidNTVBurnData();
 error InvalidSystemLogsLength();
 // 0x8efef97a
 error LegacyBridgeNotSet();
+// 0x767eed08
+error LegacyMethodForNonL1Token();
 
 enum SharedBridgeKey {
     PostUpgradeFirstBatch,

@@ -19,6 +19,8 @@ import {ReentrancyGuard} from "../common/ReentrancyGuard.sol";
 /// @dev Note, that it does not implement any form of access control by default, but instead utilizes
 /// so called "restrictions": contracts that implement the `IRestriction` interface and ensure that
 /// particular restrictions are ensured for the contract, including access control, security invariants, etc.
+/// @dev This is a new EXPERIMENTAL version of the `ChainAdmin` implementation. While chains may opt into using it,
+/// using the old `ChainAdminSingleOwner` is recommended.
 contract ChainAdmin is IChainAdmin, ReentrancyGuard {
     using EnumerableSet for EnumerableSet.AddressSet;