Skip to content

Linea deployment config #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Linea deployment config #113

wants to merge 9 commits into from

Conversation

mihailo-maksa
Copy link
Contributor

The primary reason I created this PR is to have the different deployment scripts ready for rapid deployment and verification at any moment. These include:

  • Main deployment script, adapted to both Linea and Base chains, with chainId validation.
  • Deployment scripts for the individual implementation contracts, which will be useful when it comes to upgrading the existing implementations. These also include chainId validation.

As a side note, if you wish to deploy the contracts on the Linea mainnet or Linea Sepolia, make sure to delete the existing cache, cache_forge, out and broadcast autogenerated folders from foundry, set the evm_version = "Paris" option in foundry.toml, and then compile the contracts again before running the deployment script.

@github-actions GitHub Actions
Copy link

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

✅ All 107 tests passed! (0 skipped, Total: 107)

Test Results for Merge

Test Suite Status Coverage Time
test/unit/EthMultiVault/EmergencyReedemAtom.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/CreateTriple.t.sol 100% (6/6) 0.006s
test/unit/EthMultiVault/AdminMultiVault.t.sol 100% (16/16) 0.007s
test/unit/EthMultiVault/DepositAtom.t.sol 100% (4/4) 0.003s
test/unit/EthMultiVault/Approvals.t.sol 100% (2/2) 0.004s
test/unit/EthMultiVault/DepositTriple.t.sol 100% (4/4) 0.011s
test/unit/EthMultiVault/DepositAtomCurve.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/RedeemAtom.t.sol 100% (4/4) 0.003s
test/unit/EthMultiVault/RedeemAtomCurve.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/RedeemTriple.t.sol 100% (5/5) 0.008s
test/BaseTest.sol 100% (2/2) 0.021s
test/unit/EthMultiVault/BatchCreateAtom.t.sol 100% (2/2) 0.006s
test/unit/EthMultiVault/RedeemTripleCurve.t.sol 100% (5/5) 0.010s
test/unit/EthMultiVault/DepositTripleCurve.t.sol 100% (4/4) 0.028s
test/unit/EthMultiVault/BatchCreateTriple.t.sol 100% (4/4) 0.017s
test/unit/EthMultiVault/EmergencyRedeemTriple.t.sol 100% (5/5) 0.014s
test/unit/EthMultiVault/CreateAtom.t.sol 100% (6/6) 0.006s
test/unit/EthMultiVault/Helpers.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/Profit.t.sol 100% (11/11) 0.024s
test/unit/EthMultiVault/UseCases.t.sol 100% (6/6) 10.170s

🔒 Security Analysis

⚠️ Found 1 High and 1 Medium severity issues

High Severity Issues

arbitrary-send-eth

Impact: AtomWallet._call(address,uint256,bytes) (src/AtomWallet.sol#214-221) sends eth to arbitrary user Dangerous calls: - (success,result) = target.call{value: value}(data) (src/AtomWallet.sol#215)

Affected Files:

  • src/AtomWallet.sol
View Detailed Findings
  • src/AtomWallet.sol:214 in _call

Medium Severity Issues

View Medium Severity Issues ##### incorrect-equality **Impact**: EthMultiVault._validateTimelock(bytes32) (src/EthMultiVault.sol#2214-2226) uses a dangerous strict equality: - timelock.readyTime == 0 (src/EthMultiVault.sol#2217)

Affected Files:

  • src/EthMultiVault.sol

  • src/EthMultiVault.sol:2214 in _validateTimelock

Recommended Actions

  1. Review and fix all high severity issues before deployment
  2. Implement thorough testing for affected components
  3. Consider additional security measures:
    • Access controls
    • Input validation
    • Invariant checks

⛽ Gas Analysis

⚠️ No gas snapshot generated

@github-actions GitHub Actions
Copy link

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

✅ All 107 tests passed! (0 skipped, Total: 107)

Test Results for Merge

Test Suite Status Coverage Time
test/unit/EthMultiVault/BatchCreateAtom.t.sol 100% (2/2) 0.002s
test/unit/EthMultiVault/EmergencyReedemAtom.t.sol 100% (4/4) 0.003s
test/unit/EthMultiVault/AdminMultiVault.t.sol 100% (16/16) 0.008s
test/unit/EthMultiVault/CreateTriple.t.sol 100% (6/6) 0.008s
test/unit/EthMultiVault/DepositAtom.t.sol 100% (4/4) 0.003s
test/unit/EthMultiVault/Approvals.t.sol 100% (2/2) 0.004s
test/unit/EthMultiVault/DepositAtomCurve.t.sol 100% (4/4) 0.004s
test/unit/EthMultiVault/BatchCreateTriple.t.sol 100% (4/4) 0.014s
test/BaseTest.sol 100% (2/2) 0.011s
test/unit/EthMultiVault/DepositTriple.t.sol 100% (4/4) 0.010s
test/unit/EthMultiVault/RedeemAtom.t.sol 100% (4/4) 0.006s
test/unit/EthMultiVault/CreateAtom.t.sol 100% (6/6) 0.008s
test/unit/EthMultiVault/DepositTripleCurve.t.sol 100% (4/4) 0.009s
test/unit/EthMultiVault/RedeemAtomCurve.t.sol 100% (4/4) 0.007s
test/unit/EthMultiVault/EmergencyRedeemTriple.t.sol 100% (5/5) 0.015s
test/unit/EthMultiVault/RedeemTriple.t.sol 100% (5/5) 0.011s
test/unit/EthMultiVault/RedeemTripleCurve.t.sol 100% (5/5) 0.017s
test/unit/EthMultiVault/Helpers.t.sol 100% (4/4) 0.005s
test/unit/EthMultiVault/Profit.t.sol 100% (11/11) 0.020s
test/unit/EthMultiVault/UseCases.t.sol 100% (6/6) 10.150s

🔒 Security Analysis

⚠️ Found 1 High and 1 Medium severity issues

High Severity Issues

arbitrary-send-eth

Impact: AtomWallet._call(address,uint256,bytes) (src/AtomWallet.sol#214-221) sends eth to arbitrary user Dangerous calls: - (success,result) = target.call{value: value}(data) (src/AtomWallet.sol#215)

Affected Files:

  • src/AtomWallet.sol
View Detailed Findings
  • src/AtomWallet.sol:214 in _call

Medium Severity Issues

View Medium Severity Issues ##### incorrect-equality **Impact**: EthMultiVault._validateTimelock(bytes32) (src/EthMultiVault.sol#2214-2226) uses a dangerous strict equality: - timelock.readyTime == 0 (src/EthMultiVault.sol#2217)

Affected Files:

  • src/EthMultiVault.sol

  • src/EthMultiVault.sol:2214 in _validateTimelock

Recommended Actions

  1. Review and fix all high severity issues before deployment
  2. Implement thorough testing for affected components
  3. Consider additional security measures:
    • Access controls
    • Input validation
    • Invariant checks

⛽ Gas Analysis

📊 First gas snapshot created

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 7, 2025

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

⚠️ No test results found

🔒 Security Analysis

⚠️ No security analysis results found

⛽ Gas Analysis

⚠️ No gas snapshot generated

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 7, 2025

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

⚠️ Could not parse test results

🔒 Security Analysis

⚠️ Found 3 High and 1 Medium severity issues

High Severity Issues

arbitrary-send-eth

Impact: AtomWallet._call(address,uint256,bytes) (src/AtomWallet.sol#214-221) sends eth to arbitrary user Dangerous calls: - (success,result) = target.call{value: value}(data) (src/AtomWallet.sol#215)

Affected Files:

  • src/AtomWallet.sol
View Detailed Findings
  • src/AtomWallet.sol:214 in _call
reentrancy-eth

Impact: Reentrancy in EthMultiVault.batchDeposit(address,uint256[],uint256[]) (src/EthMultiVault.sol#1219-1252): External calls: - _transferFeesToProtocolMultisig(protocolFee) (src/EthMultiVault.sol#1248) - (success,None) = address(generalConfig.protocolMultisig).call{value: value}() (src/EthMultiVault.sol#1418) State variables written after the call(s): - shares[i] = _deposit(receiver,termIds[i],userDepositAfterprotocolFee) (src/EthMultiVault.sol#1247) - vaults[id].totalAssets = totalAssets (src/EthMultiVault.sol#1759) - vaults[id].balanceOf[to] += amount (src/EthMultiVault.sol#1714) - vaults[id].totalShares = totalShares (src/EthMultiVault.sol#1760) EthMultiVault.vaults (src/EthMultiVault.sol#97) can be used in cross function reentrancies: - EthMultiVault.convertToAssets(uint256,uint256) (src/EthMultiVault.sol#2166-2170) - EthMultiVault.convertToShares(uint256,uint256) (src/EthMultiVault.sol#2131-2135) - EthMultiVault.currentSharePrice(uint256) (src/EthMultiVault.sol#2067-2073) - EthMultiVault.getDepositSharesAndFees(uint256,uint256) (src/EthMultiVault.sol#1859-1886) - EthMultiVault.getRedeemAssetsAndFees(uint256,uint256) (src/EthMultiVault.sol#1926-1960) - EthMultiVault.getVaultStateForUser(uint256,address) (src/EthMultiVault.sol#2303-2307) - EthMultiVault.maxRedeem(address,uint256) (src/EthMultiVault.sol#2105-2108) - EthMultiVault.vaults (src/EthMultiVault.sol#97)

Affected Files:

  • src/EthMultiVault.sol
View Detailed Findings
  • src/EthMultiVault.sol:1219 in batchDeposit
  • src/EthMultiVault.sol:1269 in batchDepositCurve

Medium Severity Issues

View Medium Severity Issues ##### incorrect-equality **Impact**: EthMultiVault._validateTimelock(bytes32) (src/EthMultiVault.sol#2400-2412) uses a dangerous strict equality: - timelock.readyTime == 0 (src/EthMultiVault.sol#2403)

Affected Files:

  • src/EthMultiVault.sol

  • src/EthMultiVault.sol:2400 in _validateTimelock

Recommended Actions

  1. Review and fix all high severity issues before deployment
  2. Implement thorough testing for affected components
  3. Consider additional security measures:
    • Access controls
    • Input validation
    • Invariant checks

⛽ Gas Analysis

⚠️ No gas snapshot generated

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 7, 2025

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

⚠️ Could not parse test results

🔒 Security Analysis

⚠️ Found 3 High and 1 Medium severity issues

High Severity Issues

arbitrary-send-eth

Impact: AtomWallet._call(address,uint256,bytes) (src/AtomWallet.sol#214-221) sends eth to arbitrary user Dangerous calls: - (success,result) = target.call{value: value}(data) (src/AtomWallet.sol#215)

Affected Files:

  • src/AtomWallet.sol
View Detailed Findings
  • src/AtomWallet.sol:214 in _call
reentrancy-eth

Impact: Reentrancy in EthMultiVault.batchDeposit(address,uint256[],uint256[]) (src/EthMultiVault.sol#1219-1252): External calls: - _transferFeesToProtocolMultisig(protocolFee) (src/EthMultiVault.sol#1248) - (success,None) = address(generalConfig.protocolMultisig).call{value: value}() (src/EthMultiVault.sol#1418) State variables written after the call(s): - shares[i] = _deposit(receiver,termIds[i],userDepositAfterprotocolFee) (src/EthMultiVault.sol#1247) - vaults[id].balanceOf[to] += amount (src/EthMultiVault.sol#1714) - vaults[id].totalAssets = totalAssets (src/EthMultiVault.sol#1759) - vaults[id].totalShares = totalShares (src/EthMultiVault.sol#1760) EthMultiVault.vaults (src/EthMultiVault.sol#97) can be used in cross function reentrancies: - EthMultiVault.convertToAssets(uint256,uint256) (src/EthMultiVault.sol#2178-2182) - EthMultiVault.convertToShares(uint256,uint256) (src/EthMultiVault.sol#2143-2147) - EthMultiVault.currentSharePrice(uint256) (src/EthMultiVault.sol#2079-2085) - EthMultiVault.getDepositSharesAndFees(uint256,uint256) (src/EthMultiVault.sol#1871-1898) - EthMultiVault.getRedeemAssetsAndFees(uint256,uint256) (src/EthMultiVault.sol#1938-1972) - EthMultiVault.getVaultStateForUser(uint256,address) (src/EthMultiVault.sol#2315-2319) - EthMultiVault.maxRedeem(address,uint256) (src/EthMultiVault.sol#2117-2120) - EthMultiVault.vaults (src/EthMultiVault.sol#97)

Affected Files:

  • src/EthMultiVault.sol
View Detailed Findings
  • src/EthMultiVault.sol:1219 in batchDeposit
  • src/EthMultiVault.sol:1269 in batchDepositCurve

Medium Severity Issues

View Medium Severity Issues ##### incorrect-equality **Impact**: EthMultiVault._validateTimelock(bytes32) (src/EthMultiVault.sol#2412-2424) uses a dangerous strict equality: - timelock.readyTime == 0 (src/EthMultiVault.sol#2415)

Affected Files:

  • src/EthMultiVault.sol

  • src/EthMultiVault.sol:2412 in _validateTimelock

Recommended Actions

  1. Review and fix all high severity issues before deployment
  2. Implement thorough testing for affected components
  3. Consider additional security measures:
    • Access controls
    • Input validation
    • Invariant checks

⛽ Gas Analysis

⚠️ No gas snapshot generated

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 7, 2025

Summary of Test Results if Merged To Main:

  • Full logs & artifacts are available in the Actions tab
  • This comment will update automatically with new CI runs

⚠️ Could not parse test results

🔒 Security Analysis

⚠️ Found 3 High and 1 Medium severity issues

High Severity Issues

arbitrary-send-eth

Impact: AtomWallet._call(address,uint256,bytes) (src/AtomWallet.sol#214-221) sends eth to arbitrary user Dangerous calls: - (success,result) = target.call{value: value}(data) (src/AtomWallet.sol#215)

Affected Files:

  • src/AtomWallet.sol
View Detailed Findings
  • src/AtomWallet.sol:214 in _call
reentrancy-eth

Impact: Reentrancy in EthMultiVault.batchDeposit(address,uint256[],uint256[]) (src/EthMultiVault.sol#1219-1252): External calls: - _transferFeesToProtocolMultisig(protocolFee) (src/EthMultiVault.sol#1248) - (success,None) = address(generalConfig.protocolMultisig).call{value: value}() (src/EthMultiVault.sol#1418) State variables written after the call(s): - shares[i] = _deposit(receiver,termIds[i],userDepositAfterprotocolFee) (src/EthMultiVault.sol#1247) - vaults[id].totalAssets = totalAssets (src/EthMultiVault.sol#1759) - vaults[id].balanceOf[to] += amount (src/EthMultiVault.sol#1714) - vaults[id].totalShares = totalShares (src/EthMultiVault.sol#1760) EthMultiVault.vaults (src/EthMultiVault.sol#97) can be used in cross function reentrancies: - EthMultiVault.convertToAssets(uint256,uint256) (src/EthMultiVault.sol#2178-2182) - EthMultiVault.convertToShares(uint256,uint256) (src/EthMultiVault.sol#2143-2147) - EthMultiVault.currentSharePrice(uint256) (src/EthMultiVault.sol#2079-2085) - EthMultiVault.getDepositSharesAndFees(uint256,uint256) (src/EthMultiVault.sol#1871-1898) - EthMultiVault.getRedeemAssetsAndFees(uint256,uint256) (src/EthMultiVault.sol#1938-1972) - EthMultiVault.getVaultStateForUser(uint256,address) (src/EthMultiVault.sol#2315-2319) - EthMultiVault.maxRedeem(address,uint256) (src/EthMultiVault.sol#2117-2120) - EthMultiVault.vaults (src/EthMultiVault.sol#97)

Affected Files:

  • src/EthMultiVault.sol
View Detailed Findings
  • src/EthMultiVault.sol:1219 in batchDeposit
  • src/EthMultiVault.sol:1269 in batchDepositCurve

Medium Severity Issues

View Medium Severity Issues ##### incorrect-equality **Impact**: EthMultiVault._validateTimelock(bytes32) (src/EthMultiVault.sol#2412-2424) uses a dangerous strict equality: - timelock.readyTime == 0 (src/EthMultiVault.sol#2415)

Affected Files:

  • src/EthMultiVault.sol

  • src/EthMultiVault.sol:2412 in _validateTimelock

Recommended Actions

  1. Review and fix all high severity issues before deployment
  2. Implement thorough testing for affected components
  3. Consider additional security measures:
    • Access controls
    • Input validation
    • Invariant checks

⛽ Gas Analysis

⚠️ No gas snapshot generated

auroter
auroter reviewed Apr 9, 2025
View reviewed changes
script/DeployToBase.s.sol
abi.encodeWithSelector(BondingCurveRegistry.initialize.selector, msg.sender);

// Deploy BondingCurveRegistry proxy
bondingCurveRegistryProxy = new TransparentUpgradeableProxy(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think the bonding curve registry is a proxy, and we don't need this. It doesn't store any important state (outside of the bonding curve IDs), so if we ever wanted a new one we can just deploy a new one and point the multivault config at it.

If we did this, we would need to ensure that any new registry just has the same bonding curve IDs as the old one. Because the curve IDs are tied to the economic state in the MultiVault, we never want to change them. Only add to them.

auroter
auroter requested changes Apr 9, 2025
View reviewed changes
Copy link
Member

@auroter auroter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just one minor issue that should be resolved, then I can approve this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@auroter auroter auroter requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mihailo-maksa @auroter