Skip to content

Commit

Permalink
Merge pull request #46 from AztecProtocol/master
Browse files Browse the repository at this point in the history
Merge master changes to v2.1
  • Loading branch information
charlielye authored Sep 12, 2023
2 parents 4c7fd54 + 27c7db8 commit f3bff85
Show file tree
Hide file tree
Showing 46 changed files with 2,305 additions and 725 deletions.
3 changes: 0 additions & 3 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -679,9 +679,6 @@ jobs:
deploy_ecr sdk
deploy_s3 sdk
deploy_npm sdk
- run:
name: "wasabi"
command: deploy wasabi
- run:
name: "hummus"
command: |
Expand Down
23 changes: 23 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,26 @@
- `yarn-project/kebab` - Proxy server sitting between falafel and ETH node.
- `yarn-project/sdk` - SDK for interacting with a rollup provider.
- `yarn-project/wasabi` - Load testing tool.

## Bug Bounties and Vulnerability Reporting

We are currently running a Bug Bounty Program. For all information, please visit [immunefi](https://immunefi.com/bounty/aztecnetwork/).

## Audit reports

See audit reports [here](https://github.com/AztecProtocol/aztec-security/tree/main/Audits)

| Title | Vendor | Report |
| ----------------- | ------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| Rollup Processor | Arbitrary Execution | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Aztec_20221014.pdf) |
| Rollup Processor | Solidified | [link](<https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20(1).pdf>) |
| Aave Bridge | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Aave%20Bridge.pdf) |
| Compound Bridge | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Compound%20Bridge.pdf) |
| Curve Bridge | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Curve%20Bridge.pdf) |
| DCA Bridge | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20DCA%20Bridge.pdf) |
| Element Bridge | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Element%20Bridge.pdf) |
| Lido Bridge | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Lido%20Bridge.pdf) |
| Liquity Bridge | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Liquity%20Bridge.pdf) |
| Liquity Bridge #2 | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Liquity%20Trove%20Bridge%20II.pdf) |
| Set Bridge | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Set%20Bridge.pdf) |
| Rollup Subsidy | Solidified | [link](https://github.com/AztecProtocol/aztec-security/blob/main/Audits/Audit%20Report%20-%20Aztec%20Subsidy%20Contract.pdf) |
2 changes: 1 addition & 1 deletion contracts/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ RUN forge install --no-commit \
https://github.com/AztecProtocol/aztec-connect-bridges@master
ENV MAINNET_RPC_URL='https://mainnet.infura.io/v3/9928b52099854248b3a096be07a6b23c'

RUN forge clean && forge build && forge test
RUN forge clean && forge build && forge test && REFERENCE=true forge test

WORKDIR /usr/src/contracts
CMD ["./scripts/deploy_contracts.sh"]
102 changes: 75 additions & 27 deletions contracts/README.md
Original file line number Diff line number Diff line change
@@ -1,49 +1,96 @@
# Aztec-Connect Contracts

## Getting setup
## Overview

As per usual, running `./bootstrap.sh` should get you up to speed. However some information below on the use of submodules is covered to help you reason about it does.
Aztec is a privacy-first recursive zero-knowledge rollup (zk-zk-rollup) built on Ethereum and today it is the only zkRollup built from the ground up to be privacy-preserving. Its unique architecture ensures that transactions are private, while also retaining auditability and compliance. Our long-term vision is building a decentralized, high-throughput, privacy-preserving network that enables Web3 to cross the chasm and achieve mainstream adoption.

This project uses foundry as it's testing framework, before getting started / if you have any issues it is worth exploring the [book](https://book.getfoundry.sh/). It is generally a fantastic up to date resource.
For more information about Aztec, please visit https://aztec.network/ or https://twitter.com/aztecnetwork. Documentation for Aztec Connect Bridges is available at https://github.com/AztecProtocol/aztec-connect-bridges.

## Setting up submodules
If you are interested in the Rollup Contract itself, a reference implementation (too big for mainnet) is put in the `core/reference` folder, it uses less yul so is a little easier to reason about.

Foundry has some wrapper functions around submodules that generally make them easier to work with. If it is your first time setting up this repo running `forge install --no-commit` should have you ready to roll.
## Developers

`forge update --no-commit` is the command to use if submodules has changed and you already have some installed. If submodules are causing a lot of issues and lots of errors are occurring while attempting to install. Deleting the /lib folder and running `forge install --no-commit` will generally resolve the issues.
If you would like to build on top of Aztec, please see our [documentation](https://aztec.network/developers/).
If you would like to contribute to the protocol, please see the [aztec2 book](https://github.com/AztecProtocol/aztec-connect/tree/master/specs/aztec-connect) for our specifications.

# Tests
### Getting started

`forge test` will run the test suite. See the forge book linked above about how to target specific tests.
```
./bootstrap.sh
```

## Running the docker for tests locally:
As per usual, running `./bootstrap.sh` should get you up to speed. It will install any submodules / frameworks required.
This project uses foundry as it's testing framework, before getting started / if you have any issues consult the [book](https://book.getfoundry.sh/).

### Submodules

Forge modules:

- [forge-std](https://github.com/foundry-rs/forge-std) (Testing)
- [uniswap v2 core](https://github.com/uniswap/v2-core) (Fee Distributor dependency)
- [uniswap v2 periphery](https://github.com/uniswap/v2-periphery) (Fee Distributor dependency)
- [openzeppelin contracts](https://github.com/openzeppelin/openzeppelin-contracts)
- [openzeppelin contracts upgradable](https://github.com/openzeppelin/openzeppelin-contracts-upgradable)
- [rollup encoder](https://github.com/AztecProtocol/rollup-encoder) (Test harness to encode rollup calldata)
- [aztec connect bridges](https://github.com/AztecProtocol/aztec-connect-bridges) (Bridges repository)

Use `forge update --no-commit` if submodules have changed and you already have some installed. If submodules are causing issues and errors are occurring while installing. Deleting the `/lib` folder then running `forge install --no-commit` will generally resolve the issues.

### Directory Structure

```bash
# In root run
docker build -f ./contracts/DockerFile --no-cache .
```
src
├── core
│   ├── Decoder.sol
│   ├── DefiBridgeProxy.sol
│   ├── processors
│ │   ├── RollupProcessor.sol
│   │   └── RollupProcessorV2.sol
│   ├── reference
│   │   └── RollupProcessorV2Reference.sol
│   └── verifier
│   ├── BaseStandardVerifier.sol
│   ├── instances
│   │   └── ... Contract Verifiers
│   └── keys
│   └── ... Contract Verification Keys
├── periphery
│   ├── AztecFaucet.sol
│   ├── AztecFeeDistributor.sol
│   ├── PermitHelper.sol
│   └── ProxyDeployer.sol
├── script
│   └── ... Deployment scripts
└── test
└── ... Test suite
```
## Tests

`forge test` will run the test suite. See the forge book linked above about how to target specific tests. To use the reference implementation set `export REFERENCE=true`.

# Generating new verification keys
### Running tests in a Docker container:

It is possible to generate new verification keys by running the `generate_vks.sh` script that is put in `verification-keys`. This generates the keys and their matching solidity contracts. Also to be used for generating the large 28x32 key.
```bash
# In root run
docker build --no-cache .
```

# Verifier test
## Generating new verification keys (for aztec developers)

The verifier test is available in `yarn-project/contracts-verifier-test`.
It is possible to generate new verification keys by running the `generate_vks.sh` script that is put in `verification-keys`. This generates the keys and their matching solidity contracts. For example the 28x32 key (used in our production rollup) verifies the circuit which validates 28 recursive proofs of 32 smaller inner proofs.

# Deployments
## Deployments

## e2e tests
### Devnet / Stage / Testnet Deployments

The familiar tmux-scripts and docker-compose setups will automatically deploy a new set of contracts to a anvil instance for you.
If you would just like to run the deployment script for testing purposes, `deploy_local` will set reasonable defaults and then run the testing script.
The CI/CD pipeline will use the script in `deploy/deploy_contracts.sh` to orchestrate deployments.

## Devnet / Stage / Testnet Deployments
### Local Deployments

The CD pipeline will use the script in `deploy/deploy_contracts.sh` to reason whether it should perform new deployments or not.
To quickly bootstrap an anvil fork with our entire suite of mainnet contracts deployed run `scripts/start_e2e_fork.sh`.

**Environment Variables**
When deploying to dev or testnet from a local machine, there are some required environment variables
When deploying to dev or testnet from a local machine, there are some required environment variables.

Required:

Expand All @@ -61,15 +108,16 @@ Optional:

### How are deployments triggered?

Inside the `deploy` folder there are files named for each of the environments (`dev`, `testnet`. `stage`). In the deployment script it will check whether there is a diff in the file of the deployment environment. E.g. if you want to trigger a redeploy in dev, then if your version tag has a change in the dev file, it will redeploy the contracts.
Redeploying the testnet contracts can be done in one click with the `redeploy-mainnet-fork` circle ci workflow.
To force deployments through ci there are override files for each environment inside the `deploy` folder (`dev`, `testnet`. `stage`). The deployment script it will check whether there is a diff in the target environment's file. E.g. if you want to force a redeploy in dev, changing the dev file will trigger it.
Please exercise caution in your commits that these files have not changed by accident.

### How do downstream services consume the contract addresses?

#### e2e

In e2e tests the contracts service will serve the deployed addresses using `socat` - see `serve.sh`. It will look for the output of the deployment script `/serve/deployment_addresses.json` and serve it on a defined port (usually 8547). Before each of the other services (`kebab`, `falafel`) boot they run an `export_addresses` script that queries the contract addresses on this port.
For e2e tests the contracts service will serve deployed addresses using `socat` - see `serve.sh`. It will serve the deployment script output (`/serve/deployment_addresses.json`) on the defined port (8547 by default). When downstream services (`kebab`, `falafel`) boot they run an `export_addresses` script that consumes the contract addresses.

### Deployments
#### Deployments

At the end of the deployments script there is a loop that will export all of the critical addresses into terraform variables. The accompanying files in the `terraform` folder will output these addresses such that they are available to the other services as environment vars at deploy time.
At the end of the deployments script, all critical addresses will be saved into terraform variables. They are consumed by downstream services as env vars at deploy time.
36 changes: 20 additions & 16 deletions contracts/scripts/ci_deploy_contracts.sh
Original file line number Diff line number Diff line change
Expand Up @@ -4,32 +4,36 @@ set -e
# Do not deploy if a mainnet deployment
case $VERSION_TAG in
testnet)
export ETHEREUM_HOST=https://aztec-connect-$VERSION_TAG-mainnet-fork.aztec.network:8545/$TEST_FORK_API_KEY
export PRIVATE_KEY=$TF_VAR_TEST_FORK_CONTRACTS_DEPLOYER_PRIVATE_KEY
export DEPLOYER_ADDRESS=$TF_VAR_TEST_FORK_CONTRACTS_DEPLOYER_ADDRESS
export FAUCET_CONTROLLER=$TF_VAR_TEST_FORK_FAUCET_OPERATOR_ADDRESS
export ROLLUP_PROVIDER_ADDRESS=$TF_VAR_TEST_FORK_ROLLUP_PROVIDER_ADDRESS
TAG=TEST
;;
dev)
export ETHEREUM_HOST=https://aztec-connect-$VERSION_TAG-mainnet-fork.aztec.network:8545/$DEV_FORK_API_KEY
export PRIVATE_KEY=$TF_VAR_DEV_FORK_CONTRACTS_DEPLOYER_PRIVATE_KEY
export DEPLOYER_ADDRESS=$TF_VAR_DEV_FORK_CONTRACTS_DEPLOYER_ADDRESS
export FAUCET_CONTROLLER=$TF_VAR_DEV_FORK_FAUCET_OPERATOR_ADDRESS
export ROLLUP_PROVIDER_ADDRESS=$TF_VAR_DEV_FORK_ROLLUP_PROVIDER_ADDRESS
TAG=DEV
;;
stage)
export ETHEREUM_HOST=https://aztec-connect-$VERSION_TAG-mainnet-fork.aztec.network:8545/$STAGE_FORK_API_KEY
export PRIVATE_KEY=$TF_VAR_STAGE_FORK_CONTRACTS_DEPLOYER_PRIVATE_KEY
export DEPLOYER_ADDRESS=$TF_VAR_STAGE_FORK_CONTRACTS_DEPLOYER_ADDRESS
export FAUCET_CONTROLLER=$TF_VAR_STAGE_FORK_FAUCET_OPERATOR_ADDRESS
export ROLLUP_PROVIDER_ADDRESS=$TF_VAR_STAGE_FORK_ROLLUP_PROVIDER_ADDRESS
TAG=STAGE
;;
*)
echo "No configuration for VERSION_TAG=$VERSION_TAG, skipping contract deployment."
exit 0
;;
esac

# DECLARE INTERMEDIATE VARIABLES
FORK_BASE=https://aztec-connect-$VERSION_TAG-mainnet-fork.aztec.network:8545
declare API_KEY_VAL=$(eval echo "\$${TAG}_FORK_API_KEY")
declare PRIVATE_KEY_VAL=$(eval echo "\$${TAG}_FORK_CONTRACTS_DEPLOYER_PRIVATE_KEY")
declare DEPLOYER_VAL=$(eval echo "\$${TAG}_FORK_CONTRACTS_DEPLOYER_ADDRESS")
declare FAUCET_VAL=$(eval echo "\$${TAG}_FORK_FAUCET_OPERATOR_ADDRESS")
declare ROLLUP_VAL=$(eval echo "\$${TAG}_FORK_ROLLUP_PROVIDER_ADDRESS")

# EXPORT VARIABLES
export API_KEY="$API_KEY_VAL"
export PRIVATE_KEY="$PRIVATE_KEY_VAL"
export DEPLOYER_ADDRESS="$DEPLOYER_VAL"
export FAUCET_CONTROLLER="$FAUCET_VAL"
export ROLLUP_PROVIDER_ADDRESS="$ROLLUP_VAL"
export ETHEREUM_HOST="$FORK_BASE/$API_KEY"

LAST_COMMIT=$(last_successful_commit contracts $DEPLOY_TAG-deployed)

if [ -z "$LAST_COMMIT" ]; then
Expand All @@ -55,4 +59,4 @@ elif changed $LAST_COMMIT "contracts/deploy/$VERSION_TAG" || [ "$FORCE_DEPLOY" =
deploy_terraform contracts ./terraform/$VERSION_TAG
fi

tag_remote_image contracts cache-$COMMIT_HASH cache-$COMMIT_HASH-$DEPLOY_TAG-deployed
tag_remote_image contracts cache-$COMMIT_HASH cache-$COMMIT_HASH-$DEPLOY_TAG-deployed
2 changes: 1 addition & 1 deletion contracts/scripts/start_e2e_fork.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
set -eu pipefail

export FORK_BLOCK=15918000
export FORK_URL=https://mainnet.infura.io/v3/6a04b7c89c5b421faefde663f787aa35
export FORK_URL=https://mainnet.infura.io/v3/9928b52099854248b3a096be07a6b23c
export CHAIN_ID=3630

./scripts/start_e2e.sh
32 changes: 0 additions & 32 deletions contracts/scripts/tenderly_increase_balance.sh

This file was deleted.

Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@ import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {AccessControl} from "@openzeppelin/contracts/access/AccessControl.sol";
import {Initializable} from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";

import {IVerifier} from "./interfaces/IVerifier.sol";
import {IVerifier} from "../interfaces/IVerifier.sol";
import {IRollupProcessor} from "rollup-encoder/interfaces/IRollupProcessor.sol";
import {IERC20Permit} from "./interfaces/IERC20Permit.sol";
import {IDefiBridge} from "./interfaces/IDefiBridge.sol";
import {IERC20Permit} from "../interfaces/IERC20Permit.sol";
import {IDefiBridge} from "../interfaces/IDefiBridge.sol";

import {Decoder} from "./Decoder.sol";
import {Decoder} from "../Decoder.sol";
import {AztecTypes} from "rollup-encoder/libraries/AztecTypes.sol";

import {TokenTransfers} from "./libraries/TokenTransfers.sol";
import {TokenTransfers} from "../libraries/TokenTransfers.sol";
import "rollup-encoder/libraries/RollupProcessorLibrary.sol";

/**
Expand Down
Loading

0 comments on commit f3bff85

Please sign in to comment.