Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
@eth-optimism/contracts-bedrock
Advanced tools
This package contains the smart contracts that compose the on-chain component of Optimism's upcoming Bedrock upgrade. We've tried to maintain 100% backwards compatibility with the existing system while also introducing new useful features. You can find detailed specifications for the contracts contained within this package here.
Name | Proxy Type | Description |
---|---|---|
L1CrossDomainMessenger | ResolvedDelegateProxy | High-level interface for sending messages to and receiving messages from Optimism |
L1StandardBridge | L1ChugSplashProxy | Standardized system for transfering ERC20 tokens to/from Optimism |
L2OutputOracle | Proxy | Stores commitments to the state of Optimism which can be used by contracts on L1 to access L2 state |
OptimismPortal | Proxy | Low-level message passing interface |
OptimismMintableERC20Factory | Proxy | Deploys standard OptimismMintableERC20 tokens that are compatible with either StandardBridge |
ProxyAdmin | - | Contract that can upgrade L1 contracts |
Name | Proxy Type | Description |
---|---|---|
GasPriceOracle | Proxy | Stores L2 gas price configuration values |
L1Block | Proxy | Stores L1 block context information (e.g., latest known L1 block hash) |
L2CrossDomainMessenger | Proxy | High-level interface for sending messages to and receiving messages from L1 |
L2StandardBridge | Proxy | Standardized system for transferring ERC20 tokens to/from L1 |
L2ToL1MessagePasser | Proxy | Low-level message passing interface |
SequencerFeeVault | Proxy | Vault for L2 transaction fees |
OptimismMintableERC20Factory | Proxy | Deploys standard OptimismMintableERC20 tokens that are compatible with either StandardBridge |
L2ProxyAdmin | - | Contract that can upgrade L2 contracts when sent a transaction from L1 |
Name | Location | Proxy Type | Description |
---|---|---|---|
AddressManager | L1 | - | Legacy upgrade mechanism (unused in Bedrock) |
DeployerWhitelist | L2 | Proxy | Legacy contract for managing allowed deployers (unused since EVM Equivalence upgrade) |
L1BlockNumber | L2 | Proxy | Legacy contract for accessing latest known L1 block number, replaced by L1Block |
We export contract ABIs, contract source code, and contract deployment information for this package via npm
:
npm install @eth-optimism/contracts-bedrock
We work on this repository with a combination of Hardhat and Foundry.
Install Foundry by following the instructions located here.
Install node modules with yarn (v1) and Node.js (16+):
yarn install
yarn build
yarn test
<network-name>.json
inside of the deploy-config
folder.deployConfigSpec
located inside of the `hardhat.config.ts.env.example
into .env
L1_RPC
and PRIVATE_KEY_DEPLOYER
environment variables in .env
npx hardhat deploy --network <network-name>
to deploy the L1 contractsnpx hardhat etherscan-verify --network <network-name> --sleep
to verify contracts on EtherscanWe use Seaport-style comments with some minor modifications. Some basic rules:
@notice
since it has the same general effect as @dev
but avoids confusion about when to use one over the other.@notice
and the first @param
.@param
and the first @return
.We also have the following custom tags:
@custom:proxied
: Add to a contract whenever it's meant to live behind a proxy.@custom:upgradeable
: Add to a contract whenever it's meant to be used in an upgradeable contract.@custom:semver
: Add to a constructor to indicate the version of a contract.@custom:legacy
: Add to an event or function when it only exists for legacy support.require
statements when making simple assertions.revert
if throwing an error where an assertion is not being made (no custom errors). See here for an example of this in practice."{ContractName}: {message}"
where message
is a lower case string.We use spacer variables to account for old storage slots that are no longer being used.
The name of a spacer variable MUST be in the format spacer_<slot>_<offset>_<length>
where <slot>
is the original storage slot number, <offset>
is the original offset position within the storage slot, and <length>
is the original size of the variable.
Spacers MUST be private
.
All contracts should be assumed to live behind proxies (except in certain special circumstances).
This means that new contracts MUST be built under the assumption of upgradeability.
We use a minimal Proxy
contract designed to be owned by a corresponding ProxyAdmin
which follow the interfaces of OpenZeppelin's Proxy
and ProxyAdmin
contracts, respectively.
Unless explicitly discussed otherwise, you MUST include the following basic upgradeability pattern for each new implementation contract:
Initializable
base contract.uint8 public constant VERSION = X
at the TOP of your contract.initialize
with the modifier reinitializer(VERSION)
.constructor
, set any immutable
variables and call the initialize
function for setting mutables.All (non-library and non-abstract) contracts MUST extend the Semver
base contract which exposes a version()
function that returns a semver-compliant version string.
During the Bedrock development process the Semver
value for all contracts SHOULD return 0.0.1
(this is not particularly important, but it's an easy standard to follow).
When the initial Bedrock upgrade is released, the Semver
value MUST be updated to 1.0.0
.
After the initial Bedrock upgrade, contracts MUST use the following versioning scheme:
patch
releases are to be used only for changes that do NOT modify contract bytecode (such as updating comments).minor
releases are to be used for changes that modify bytecode OR changes that expand the contract ABI provided that these changes do NOT break the existing interface.major
releases are to be used for changes that break the existing contract interface OR changes that modify the security model of a contract.We have made an exception to the Semver
rule for the WETH
contract to avoid making changes to a well-known, simple, and recognizable contract.
FAQs
Contracts for Optimism Specs
The npm package @eth-optimism/contracts-bedrock receives a total of 16,285 weekly downloads. As such, @eth-optimism/contracts-bedrock popularity was classified as popular.
We found that @eth-optimism/contracts-bedrock demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.