hyperlane-xyz · asaj · Jan 29, 2022 · Jan 28, 2022 · Jan 28, 2022 · Jan 28, 2022
@@ -75,7 +75,7 @@ pub mod output_functions {
         )
         .unwrap();
         tree.push_leaf(
-            "0x7d2185e5a65904eeb35980b8e335f72d31feccfdc12b9bc0f6cbe32073ea7fba"
+            "0x5068ac60cb6f9c5202bbe8e7a1babdd972133ea3ad37d7e0e753c7e4ddd7ffbd"
                 .parse()
                 .unwrap(),
             TREE_DEPTH,

@@ -78,6 +78,12 @@ abstract contract Common is Initializable {
         bytes signature2
     );
 
+    /**
+     * @notice Emitted when Updater is rotated
+     * @param updater The address of the new updater
+     */
+    event NewUpdater(address updater);
+
     // ============ Modifiers ============
 
     /**
@@ -123,8 +129,7 @@ abstract contract Common is Initializable {
         if (
             Common._isUpdaterSignature(_oldRoot, _newRoot[0], _signature) &&
             Common._isUpdaterSignature(_oldRoot, _newRoot[1], _signature2) &&
-            _newRoot[0] != _newRoot[1] &&
-            !Common._isBenignDoubleUpdate(_oldRoot)
+            _newRoot[0] != _newRoot[1]
         ) {
             _fail();
             emit DoubleUpdate(_oldRoot, _newRoot, _signature, _signature2);
@@ -188,28 +193,11 @@ abstract contract Common is Initializable {
     }
 
     /**
-     * @notice Checks that a root is in a whitelist for which double updates
-     * are not enforced.
-     * @param _oldRoot Old merkle root
-     * @return TRUE iff the provided root is in the whitelist
-     **/
-    function _isBenignDoubleUpdate(bytes32 _oldRoot)
-        internal
-        view
-        returns (bool)
-    {
-        // The Polygon home temporarily forked from its replicas at this
-        // root due to a chain reorg.
-        // Polygon update txHash:
-        // 0x9cbe36b8d5365df013f138421b99283c014bbeee08f9c3b1f19ae428511e94ba
-        // Ethereum update txHash:
-        // 0xe8df2fc845356c1c75206982f8b707e8e5354c72a2ed250fcf839cbbf11101f9
-        // The fork was benign, as all roots were commitments to the same set
-        // of messages. The fork was resolved and therefore the system should
-        // not halt when presented with any double update that builds off of
-        // this root.
-        return
-            _oldRoot ==
-            0xde6e3d4540f861d08dfe4ac16334792de2fb44aa7bcd5b657238410791c67a81;
+     * @notice Set the Updater
+     * @param _updater Address of the Updater
+     */
+    function _setUpdater(address _updater) internal {
+        updater = _updater;
+        emit NewUpdater(_updater);
     }
 }
@@ -90,12 +90,6 @@ contract Home is
      */
     event UpdaterSlashed(address indexed updater, address indexed reporter);
 
-    /**
-     * @notice Emitted when Updater is rotated by the UpdaterManager
-     * @param updater The address of the new updater
-     */
-    event NewUpdater(address updater);
-
     /**
      * @notice Emitted when the UpdaterManager contract is changed
      * @param updaterManager The address of the new updaterManager
@@ -213,6 +207,7 @@ contract Home is
     ) external notFailed {
         // check that the update is not fraudulent;
         // if fraud is detected, Updater is slashed & Home is set to FAILED state
+        // Opportunity for gas savings, we iterate through the queue twice.
         if (improperUpdate(_committedRoot, _newRoot, _signature)) return;
         // clear all of the intermediate roots contained in this update from the queue
         while (true) {
@@ -315,15 +310,6 @@ contract Home is
         emit NewUpdaterManager(address(_updaterManager));
     }
 
-    /**
-     * @notice Set the Updater
-     * @param _updater Address of the Updater
-     */
-    function _setUpdater(address _updater) internal {
-        updater = _updater;
-        emit NewUpdater(_updater);
-    }
-
     /**
      * @notice Slash the Updater and set contract state to FAILED
      * @dev Called when fraud is proven (Improper Update or Double Update)

@@ -55,6 +55,8 @@ contract Replica is Version0, Common {
     mapping(bytes32 => uint256) public confirmAt;
     // Mapping of message leaves to MessageStatus
     mapping(bytes32 => MessageStatus) public messages;
+    // address responsible for Updater rotation
+    address private _owner;
 
     // ============ Upgrade Gap ============
 
@@ -63,6 +65,11 @@ contract Replica is Version0, Common {
 
     // ============ Events ============
 
+    event OwnershipTransferred(
+        address indexed previousOwner,
+        address indexed newOwner
+    );
+
     /**
      * @notice Emitted when message is processed
      * @param messageHash Hash of message that failed to process
@@ -103,10 +110,33 @@ contract Replica is Version0, Common {
         committedRoot = _committedRoot;
         confirmAt[_committedRoot] = 1;
         optimisticSeconds = _optimisticSeconds;
+        transferOwnership(msg.sender);
+    }
+
+    // ============ Modifiers ============
+
+    /**
+     * @notice Ensures that function is called by the owner
+     * @dev NOTE THAT WHEN OWNER IS THE NULL ADDRESS ANYONE CAN CALL ONLYOWNER
+     * FUNCTIONS. This is to allow the owner to be set post-facto. As such,
+     * renouncing ownership to the null address is unsafe and disabled.
+     */
+    modifier onlyOwner() {
+        bool ok = msg.sender == owner() || owner() == address(0);
+        require(ok, "!owner");
+        _;
     }
 
     // ============ External Functions ============
 
+    /**
+     * @notice Set a new Updater
+     * @param _updater the new Updater
+     */
+    function setUpdater(address _updater) external onlyOwner {
+        _setUpdater(_updater);
+    }
+
     /**
      * @notice Called by external agent. Submits the signed update's new root,
      * marks root's allowable confirmation time, and emits an `Update` event.
@@ -155,6 +185,26 @@ contract Replica is Version0, Common {
         process(_message);
     }
 
+    // ============ Public Functions ============
+
+    /**
+     * @notice Returns the address of the current owner.
+     */
+    // THIS SHOULD NOT BE VIRTUAL!
+    function owner() public view virtual returns (address) {
+        return _owner;
+    }
+
+    /**
+     * @dev Transfers ownership of the contract to a new account (`newOwner`).
+     * Can only be called by the current owner.
+     */
+    function transferOwnership(address newOwner) public onlyOwner {
+        require(newOwner != address(0), "!newOwner");
+        emit OwnershipTransferred(_owner, newOwner);
+        _owner = newOwner;
+    }
+
     /**
      * @notice Given formatted message, attempts to dispatch
      * message payload to end recipient.
@@ -229,8 +279,6 @@ contract Replica is Version0, Common {
         entered = 1;
     }
 
-    // ============ Public Functions ============
-
     /**
      * @notice Check that the root has been submitted
      * and that the optimistic timeout period has expired,

@@ -18,10 +18,6 @@ contract TestReplica is Replica {
         _setFailed();
     }
 
-    function setUpdater(address _updater) external {
-        updater = _updater;
-    }
-
     function setRemoteDomain(uint32 _remoteDomain) external {
         remoteDomain = _remoteDomain;
     }

@@ -301,6 +301,14 @@ export async function relinquish(deploy: CoreDeploy) {
     `${deploy.chain.name}: Dispatched relinquish upgradeBeaconController`,
   );
 
+  Object.entries(deploy.contracts.replicas).forEach(async ([domain, replica]) => {
+    await replica.proxy.transferOwnership(govRouter, deploy.overrides);
+    log(
+      isTestDeploy,
+      `${deploy.chain.name}: Dispatched relinquish Replica for domain ${domain}`,
+    );
+  });
+
   let tx = await deploy.contracts.home!.proxy.transferOwnership(
     govRouter,
     deploy.overrides,

diff --git a/typescript/optics-tests/package.json b/typescript/optics-tests/package.json
@@ -18,7 +18,7 @@
   "dependencies": {
     "@optics-xyz/deploy": "^0.0.3",
     "@optics-xyz/multi-provider": "^0.0.4",
-    "@optics-xyz/ts-interface": "^1.0.9",
+    "@optics-xyz/ts-interface": "1.1.0",
     "@types/node": "^15.14.7",
     "dotenv": "^10.0.0",
     "ethers": "^5.4.7"

@@ -94,31 +94,6 @@ describe('Common', async () => {
     expect(state).to.equal(OpticsState.ACTIVE);
   });
 
-  it('Does not fail contract on whitelisted double update proof', async () => {
-    const oldRoot = ethers.utils.hexlify(
-      '0xde6e3d4540f861d08dfe4ac16334792de2fb44aa7bcd5b657238410791c67a81');
-    const newRoot = ethers.utils.formatBytes32String('new root 1');
-    const newRoot2 = ethers.utils.formatBytes32String('new root 2');
-
-    const { signature } = await updater.signUpdate(oldRoot, newRoot);
-    const { signature: signature2 } = await updater.signUpdate(
-      oldRoot,
-      newRoot2,
-    );
-
-    await common.doubleUpdate(
-      oldRoot,
-      [newRoot, newRoot2],
-      signature,
-      signature2
-    );
-
-    // State should not be failed because double update proof is whitelisted
-    const state = await common.state();
-    expect(state).not.to.equal(OpticsState.FAILED);
-    expect(state).to.equal(OpticsState.ACTIVE);
-  });
-
   it('Checks Rust-produced SignedUpdate', async () => {
     // Compare Rust output in json file to solidity output
     for (let testCase of signedUpdateTestCases) {

@@ -113,6 +113,7 @@ describe('GovernanceRouter', async () => {
     // dispatch call on local governorRouter
     let tx = await governorRouter.callRemote(nonGovernorDomain, [call]);
     let receipt = await tx.wait(0);
+    console.log('events', receipt.events)
     let leaf = receipt.events?.[0].topics[1];
 
     expect(leaf).to.equal(helpers.proof.leaf);

@@ -80,6 +80,12 @@ describe('Replica', async () => {
     ).to.be.revertedWith('Initializable: contract is already initialized');
   });
 
+  it('Owner can rotate updater', async () => {
+    const newUpdater = fakeUpdater.address
+    await replica.setUpdater(newUpdater);
+    expect(await replica.updater()).to.equal(newUpdater);
+  });
+
   it('Halts on fail', async () => {
     await replica.setFailed();
     expect(await replica.state()).to.equal(OpticsState.FAILED);

@@ -69,10 +69,12 @@ interface CommonInterface extends ethers.utils.Interface {
 
   events: {
     "DoubleUpdate(bytes32,bytes32[2],bytes,bytes)": EventFragment;
+    "NewUpdater(address)": EventFragment;
     "Update(uint32,bytes32,bytes32,bytes)": EventFragment;
   };
 
   getEvent(nameOrSignatureOrTopic: "DoubleUpdate"): EventFragment;
+  getEvent(nameOrSignatureOrTopic: "NewUpdater"): EventFragment;
   getEvent(nameOrSignatureOrTopic: "Update"): EventFragment;
 }
 
@@ -193,6 +195,8 @@ export class Common extends BaseContract {
       }
     >;
 
+    NewUpdater(updater?: null): TypedEventFilter<[string], { updater: string }>;
+
     Update(
       homeDomain?: BigNumberish | null,
       oldRoot?: BytesLike | null,