Deploy permit2 to various chains check

[0xDEnYO]

Which Jira task belongs to this PR?

Why did I implement it this way?

Checklist before requesting a review

• I have performed a self-review of my code
• This pull request is as small as possible and only tackles one problem
• I have added tests that cover the functionality / test the bug
• For new facets: I have checked all points from this list: https://www.notion.so/lifi/New-Facet-Contract-Checklist-157f0ff14ac78095a2b8f999d655622e
• I have updated any required documentation

Checklist for reviewer (DO NOT DEPLOY and contracts BEFORE CHECKING THIS!!!)

• I have checked that any arbitrary calls to external contracts are validated and or restricted
• I have checked that any privileged calls (i.e. storage modifications) are validated and or restricted
• I have ensured that any new contracts have had AT A MINIMUM 1 preliminary audit conducted on by <company/auditor>

[coderabbitai]

Walkthrough

This update introduces a new GitHub Actions workflow to automate verification of Permit2 contract bytecode for specific networks when their proxy addresses change. It also standardizes and expands the Permit2 proxy address configuration, updates deployment logs and targets, and adds new scripts and Solidity contracts for Permit2 bytecode extraction and verification.

Changes

File(s)	Change Summary
.github/workflows/verifyPermit2Bytecode.yml	Adds a GitHub Actions workflow to verify Permit2 bytecode on PRs that modify permit2Proxy.json.
config/permit2Proxy.json	Standardizes most entries to a default Permit2 address, adds new network keys, and normalizes address casing.
deployments/_deployments_log_file.json	Adds new deployment entries for version "1.0.3" and introduces a "worldchain" environment with deployment metadata.
deployments/corn.json deployments/swellchain.json	Updates the "Permit2Proxy" address value in each network's deployment configuration.
deployments/worldchain.diamond.json deployments/worldchain.json	Adds or updates the "Permit2Proxy" address for the "worldchain" network in deployment config files.
script/deploy/_targetState.json	Adds new facets and components, introduces a new deployment target "bob", and performs systematic renaming and reassignment of chain names and facets.
script/helperFunctions.sh	Changes function declaration style and adds a new function to read JSON values from config files.
script/utils/permit2/Permit2Check.s.sol	Introduces a new Solidity contract for verifying that runtime bytecode at an address matches expected bytecode.
script/utils/permit2/Permit2Code.s.sol	Introduces a new Solidity script contract for extracting Permit2 contract bytecode for a given chain and address.
script/utils/permit2/verifyPermit2Bytecode.sh	Adds a new Bash script to automate Permit2 bytecode verification on a specified network using Forge and helper scripts.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate Unit Tests

• Create PR with Unit Tests
• Commit Unit Tests in branch deploy-permit2-to-various-chainsCHECK
• Post Copyable Unit Tests in Comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai auto-generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 5

🔭 Outside diff range comments (1)

script/utils/permit2/verifyPermit2Bytecode.sh (1)

40-44: 🛠️ Refactor suggestion

Quote the runtime byte-code to avoid word-splitting

If $CODE ever contains a newline (Foundry wraps long hex strings) or leading 0x, word-splitting can turn it into multiple arguments and break the call.

-CODE=$(forge script Permit2Code --sig "getCode(uint256,address)" $CHAIN_ID $ADDRESS --json | jq -r '.returns["0"].value')
+CODE="$(forge script Permit2Code --sig "getCode(uint256,address)" "$CHAIN_ID" "$ADDRESS" --json | jq -r '.returns[0].value')"

...

-forge script Permit2Check --sig "checkCode(address,bytes)" $ADDRESS $CODE --rpc-url "$RPC_URL" -vvvv
+forge script Permit2Check --sig "checkCode(address,bytes)" "$ADDRESS" "$CODE" --rpc-url "$RPC_URL" -vvvv

Two extra quotes now, plus the JSON path fixed to .returns[0].value (array, not object).

♻️ Duplicate comments (1)

script/deploy/_targetState.json (1)

119-122: Duplicate: New facet additions across multiple networks
These entries mirror the mainnet changes (adding DeBridgeDlnFacet, GlacisFacet, etc.) in other chain blocks. Please refer to the guidance above for validating each.

Also applies to: 192-192, 388-388, 421-422, 455-455, 638-639, 703-704, 757-757, 819-820, 883-883, 937-937, 971-971, 1063-1064, 1132-1133, 1170-1170, 1199-1199, 1235-1235, 1325-1325, 1354-1355

🧹 Nitpick comments (9)

script/helperFunctions.sh (1)

3030-3054: Enhance readJsonValueFromConfigFile error handling and reuse helpers
Consider the following refinements:

• Use the existing checkIfFileExists helper for file existence checks to maintain consistency.
• Switch to jq -er so that missing keys cause a non-zero exit automatically (jq -er '.key // empty' file).
• Replace inline echo "[ERROR]" with the shared error function to standardize error formatting and exit codes.

config/permit2Proxy.json (1)

5-43: Verify network names & keep configuration deterministic

The file now contains many new keys. A few look suspicious ("soneium", "gravity", maybe "blast" instead of "blast-mainnet" etc.) or appear twice across other configs.
Please double-check that each key exactly matches the identifier used everywhere else (networks.json, helper scripts, CI matrix). A typo here silently breaks the verification script because readJsonValueFromConfigFile will succeed (value exists) yet the downstream RPC helpers won’t find a matching entry.

As a follow-up, consider sorting the keys alphabetically – future diffs become much smaller and merge conflicts rarer.

script/utils/permit2/Permit2Check.s.sol (2)

8-20: Mark the functions as view to communicate intent and save gas

Both checkCode overloads only read state (target.code, expected) and never modify storage.
Adding the view specifier removes an unnecessary SSTORE possibility from the generated byte-code and makes static-analysis happier.

-    function checkCode(address target, bytes memory expected) public virtual {
+    function checkCode(address target, bytes memory expected) public view virtual {
...
-    function checkCode(bytes memory expected) public virtual {
+    function checkCode(bytes memory expected) public view virtual {

---

11-16: Provide more context in the custom error

Right now the revert gives no hint why the hashes differ.
Returning both hashes (or even the first few bytes of each) greatly speeds up debugging on CI.

-    error RuntimeCodesAreNotTheSame();
+    error RuntimeCodesAreNotTheSame(bytes32 expectedHash, bytes32 onChainHash);

...
-        if (keccak256(expected) != keccak256(target.code))
-            revert RuntimeCodesAreNotTheSame();
+        bytes32 expHash = keccak256(expected);
+        bytes32 onChain = keccak256(target.code);
+        if (expHash != onChain) revert RuntimeCodesAreNotTheSame(expHash, onChain);

script/utils/permit2/Permit2Code.s.sol (2)

11-28: Safety note about vm.etch & creation code

vm.etch(where, permit2CreationCalldata) writes creation byte-code directly.
If someone mistakenly runs this script with --broadcast, the injected address becomes bricked (no runtime code) on a public network.

The comment “Don’t run in fork! Run isolated!” helps, but you can enforce it:

require(!vm.isFork(), "Permit2Code: must not run in fork/broadcast mode");

or wrap the script with --fork-url detection in CI.

---

24-26: Remove dead comment or wire the second vm.etch

Line 24 leaves a commented-out vm.etch(where, runtimeBytecode);.
If you really want the helper to write the runtime code for local debugging, keep it and gate behind a boolean flag; otherwise delete to avoid confusion.

.github/workflows/verifyPermit2Bytecode.yml (3)

26-27: Use two-dot diff for PR branch changes
Using origin/main...HEAD with three dots can include changes from both branches; to limit the check to commits on the PR branch only, switch to a two-dot range:

- if git diff --name-only origin/main...HEAD | grep -q "config/permit2Proxy.json"; then
+ if git diff --name-only origin/main..HEAD  | grep -q "config/permit2Proxy.json"; then

---

27-31: Quote $GITHUB_ENV to avoid word splitting
ShellCheck (SC2086) flags unquoted variable expansions. Wrap $GITHUB_ENV in quotes in both echo statements:

- echo "CONTINUE=true" >> $GITHUB_ENV
+ echo "CONTINUE=true" >> "$GITHUB_ENV"

- echo "CONTINUE=false" >> $GITHUB_ENV
+ echo "CONTINUE=false" >> "$GITHUB_ENV"

---

58-59: Quote $GITHUB_ENV when exporting CHANGED_NETWORKS
Similarly, quote the environment file path to prevent globbing:

- echo "CHANGED_NETWORKS=$(cat changed_networks.json)" >> $GITHUB_ENV
+ echo "CHANGED_NETWORKS=$(cat changed_networks.json)" >> "$GITHUB_ENV"

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge Base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 53cc357 and 1d8cd60.

📒 Files selected for processing (12)

• .github/workflows/verifyPermit2Bytecode.yml (1 hunks)
• config/permit2Proxy.json (1 hunks)
• deployments/_deployments_log_file.json (3 hunks)
• deployments/corn.json (1 hunks)
• deployments/swellchain.json (1 hunks)
• deployments/worldchain.diamond.json (1 hunks)
• deployments/worldchain.json (1 hunks)
• script/deploy/_targetState.json (30 hunks)
• script/helperFunctions.sh (2 hunks)
• script/utils/permit2/Permit2Check.s.sol (1 hunks)
• script/utils/permit2/Permit2Code.s.sol (1 hunks)
• script/utils/permit2/verifyPermit2Bytecode.sh (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

script/utils/permit2/verifyPermit2Bytecode.sh (1)

script/helperFunctions.sh (3)

• getRPCUrl (2786-2795)
• getChainId (2946-2963)
• readJsonValueFromConfigFile (3030-3053)

🪛 actionlint (1.7.7)

.github/workflows/verifyPermit2Bytecode.yml

25-25: shellcheck reported issue in this script: SC2086:info:2:27: Double quote to prevent globbing and word splitting

(shellcheck)

---

25-25: shellcheck reported issue in this script: SC2086:info:5:28: Double quote to prevent globbing and word splitting

(shellcheck)

---

36-36: shellcheck reported issue in this script: SC2086:info:16:29: Double quote to prevent globbing and word splitting

(shellcheck)

---

36-36: shellcheck reported issue in this script: SC2086:info:22:59: Double quote to prevent globbing and word splitting

(shellcheck)

🔇 Additional comments (6)

deployments/_deployments_log_file.json (3)

30340-30349: Deployment log entry for version 1.0.3 looks correct
The added block under the existing environment is properly formatted, with matching metadata fields (ADDRESS, OPTIMIZER_RUNS, TIMESTAMP, CONSTRUCTOR_ARGS, SALT, VERIFIED) and correct comma placement.

---

30364-30373: Deployment log entry for version 1.0.3 looks correct
This second environment’s new 1.0.3 entry follows the same structure and conventions as other entries; formatting and separators are consistent.

---

30405-30418: Verify new worldchain environment entry
A new worldchain network has been added with its production → 1.0.3 deployment details. Please confirm that this entry matches:

1. The Permit2Proxy address configured for worldchain in config/permit2Proxy.json.
2. The deployment record in deployments/worldchain.json (if present).

script/helperFunctions.sh (1)

2030-2038: Approved explicit function declaration for checkNetworksJsonFilePath
The addition of the function keyword for checkNetworksJsonFilePath aligns it with the style used by other helper functions and introduces no regressions.

script/deploy/_targetState.json (2)

36-39: Verify new facets on mainnet
You’ve added ChainflipFacet, ReceiverChainflip, DeBridgeDlnFacet, and GlacisFacet for mainnet:

• Ensure each facet contract is implemented and published at version 1.0.0.
• Update any deployment or initialization scripts and tests to include these facets.
• Confirm the mainnet Permit2Proxy address in config/permit2Proxy.json is aligned.

---

339-365: Review the new bob network target
A brand-new "bob" deployment is introduced:

• Add bob to config/permit2Proxy.json with a valid Permit2Proxy address.
• Verify your deployment tooling, scripts, and tests include bob.
• Confirm facet versions and that the LiFiDiamond contract is correctly configured for bob.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Ensure Permit2Proxy config coherence
The new Permit2Proxy address for the worldchain network should match the entry in config/permit2Proxy.json. Please verify with:

and confirm it equals 0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed.

---

🏁 Script executed:

jq -r '.worldchain' config/permit2Proxy.json

Length of output: 87

---

Sync Permit2Proxy Address

The Permit2Proxy address in deployments/worldchain.diamond.json (line 83) (0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed) does not match the .worldchain entry in config/permit2Proxy.json (0x000000000022D473030F116dDEE9F6B43aC78BA3). Please align these values:

• deployments/worldchain.diamond.json (line 83)
• config/permit2Proxy.json (.worldchain)

Recommended change:

--- deployments/worldchain.diamond.json
@@ line 83
-      "Permit2Proxy": "0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed",
+      "Permit2Proxy": "0x000000000022D473030F116dDEE9F6B43aC78BA3",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"Permit2Proxy": "0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed",
	"Permit2Proxy": "0x000000000022D473030F116dDEE9F6B43aC78BA3",

🤖 Prompt for AI Agents

In deployments/worldchain.diamond.json at line 83, the Permit2Proxy address does
not match the corresponding .worldchain entry in config/permit2Proxy.json.
Update the Permit2Proxy address in deployments/worldchain.diamond.json to
exactly match the value found in config/permit2Proxy.json under the .worldchain
key, which is 0x000000000022D473030F116dDEE9F6B43aC78BA3, ensuring both files
are consistent.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Validate updated Permit2Proxy address for corn network
Ensure the new Permit2Proxy address is correct and aligns with config/permit2Proxy.json:

---

🏁 Script executed:

jq -r '.corn' config/permit2Proxy.json

Length of output: 81

---

Fix mismatched Permit2Proxy address for corn network
The address in deployments/corn.json does not match the value in config/permit2Proxy.json (.corn). Please update it as follows:

 deployments/corn.json (line 18)
-  "Permit2Proxy": "0xad28ab7AE918f4Be8C6C5290500cB94373249F28",
+  "Permit2Proxy": "0x000000000022D473030F116dDEE9F6B43aC78BA3",

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"Permit2Proxy": "0xad28ab7AE918f4Be8C6C5290500cB94373249F28",
	"Permit2Proxy": "0x000000000022D473030F116dDEE9F6B43aC78BA3",

🤖 Prompt for AI Agents

In deployments/corn.json at line 18, the Permit2Proxy address does not match the
value specified in config/permit2Proxy.json under the .corn key. Update the
Permit2Proxy address in deployments/corn.json to exactly match the address found
in config/permit2Proxy.json for the corn network to ensure consistency.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Validate updated Permit2Proxy address for swellchain network
Please confirm that config/permit2Proxy.json reflects the updated address for swellchain:

---

🏁 Script executed:

jq -r '.swellchain' config/permit2Proxy.json

Length of output: 87

---

Mismatch in Permit2Proxy address for swellchain
The Permit2Proxy address in deployments/swellchain.json (0x0713eDe663E5251A722fdDcde7FbD7d6c23e3006) does not match the current value in config/permit2Proxy.json (0x000000000022D473030F116dDEE9F6B43aC78BA3). Please update the config entry:

• File: config/permit2Proxy.json

- "swellchain": "0x000000000022D473030F116dDEE9F6B43aC78BA3",
+ "swellchain": "0x0713eDe663E5251A722fdDcde7FbD7d6c23e3006",

🤖 Prompt for AI Agents

In config/permit2Proxy.json around the swellchain entry, update the Permit2Proxy
address to match the one in deployments/swellchain.json at line 18, which is
0x0713eDe663E5251A722fdDcde7FbD7d6c23e3006. This ensures consistency between the
deployment file and the configuration file.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Confirm Permit2Proxy addition for worldchain network
Please verify that the Permit2Proxy entry in deployments/worldchain.json matches the configuration entry:

and confirm the address 0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed is correct.

---

🏁 Script executed:

jq -r '.worldchain' config/permit2Proxy.json

Length of output: 87

---

Mismatch in Permit2Proxy for worldchain network
The address in deployments/worldchain.json (0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed) does not match the config value (0x000000000022D473030F116dDEE9F6B43aC78BA3). Please update line 29 accordingly:

-  "Permit2Proxy": "0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed"
+  "Permit2Proxy": "0x000000000022D473030F116dDEE9F6B43aC78BA3"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	"Permit2Proxy": "0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed"
	"Permit2Proxy": "0x000000000022D473030F116dDEE9F6B43aC78BA3"

🤖 Prompt for AI Agents

In deployments/worldchain.json at line 29, the Permit2Proxy address is
incorrect. Replace the current address
"0xfD7c2Ad2fd5c5392904e6d64226c28b0F42da9ed" with the correct address
"0x000000000022D473030F116dDEE9F6B43aC78BA3" as specified in the
config/permit2Proxy.json file.

[coderabbitai]

🛠️ Refactor suggestion

Harden the script with strict bash options

Early exit on unset vars or failed pipes prevents false-green CI runs.

-#!/bin/bash
+#!/usr/bin/env bash
+set -euo pipefail

Also add IFS=$'\n\t' if you expect to ever read arrays.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	#!/bin/bash
	# load script
	source script/helperFunctions.sh
	# Require argument: <network>
	if [ $# -lt 1 ]; then
	echo "Usage: $0 <network>"
	exit 1
	fi
	#!/usr/bin/env bash
	set -euo pipefail
	# load script
	source script/helperFunctions.sh
	# Require argument: <network>
	if [ $# -lt 1 ]; then
	echo "Usage: $0 <network>"
	exit 1
	fi

🤖 Prompt for AI Agents

In script/utils/permit2/verifyPermit2Bytecode.sh at lines 1 to 11, the script
lacks strict bash options that improve robustness. Add 'set -euo pipefail' at
the start to enable early exit on errors, unset variables, or failed pipes.
Also, set 'IFS=$'\n\t'' to properly handle array reading and prevent word
splitting issues.