Skip to content

[CHAIN-1516/MAINNET] System config upgrade #350

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions mainnet/2025-06-04-upgrade-system-config/.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
OP_REPO=https://github.com/ethereum-optimism/optimism.git
OP_VERSION=op-contracts/v3.0.0-rc.2
OP_CONTRACT_PATCH=patch/max-gas-limit.patch
BASE_CONTRACTS_COMMIT=cab46f4c34f11e22640ec3073aa6f0b46cdaa1b7

# Used by the scripts.
OWNER_SAFE=0x7bB41C3008B3f03FE483B28b8DB90e19Cf07595c
PROXY_ADMIN=0x0475cBCAebd9CE8AfA5025828d5b98DFb67E059E
SYSTEM_CONFIG=0x73a79Fab69143498Ed3712e519A88a918e1f4072

# Used by the make commands.
OP_MULTISIG=0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A
BASE_NESTED_MULTISIG=0x9C4a57Feb77e294Fd7BF5EBE9AB01CAA0a90A110
BASE_SC_MULTISIG=0x20acf55a3dcfe07fc4cecacfa1628f788ec8a4dd
BASE_MULTISIG=0x9855054731540A48b28990B63DcF4f33d8AE46A1
130 changes: 130 additions & 0 deletions mainnet/2025-06-04-upgrade-system-config/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
include ../../Makefile
include ../.env
include .env

ifndef LEDGER_ACCOUNT
override LEDGER_ACCOUNT = 0
endif

# Overwriting this from top level makefile to change the branch
.PHONY: checkout-op-commit
checkout-op-commit:
rm -rf lib/optimism
mkdir -p lib/optimism
cd lib/optimism; \
git init; \
git remote add origin $(OP_REPO); \
git fetch --depth=1 origin tag $(OP_VERSION) --no-tags; \
git checkout $(OP_VERSION); \
git apply ../../$(OP_CONTRACT_PATCH)

.PHONY: deps
deps: new-go-deps

.PHONY: new-go-deps
new-go-deps:
go install github.com/jackchuma/[email protected]

.PHONY: deploy
deploy:
forge script --rpc-url $(L1_RPC_URL) DeploySystemConfigScript --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --verify --broadcast

#
# ┌─────────────────────────────────────────────┐ ┌─────────────────────────────────────────────┐ ┌─────────────────────────────────────────────┐
# │ Base Nested │ │ Base Security Council │ │ OP │
# │ (3 of 6) │ │ (7 of 10) │ │ (5 of 7) │
# │ 0x9C4a57Feb77e294Fd7BF5EBE9AB01CAA0a90A110 │ │ 0x20AcF55A3DCfe07fC4cecaCFa1628F788EC8A4Dd │ │ 0x9BA6e03D8B90dE867373Db8cF1A58d2F7F006b3A │
# └─────────────────────┬───────────────────────┘ └─────────────────────┬───────────────────────┘ └─────────────────────┬───────────────────────┘
# │ │ │
# └─────────────────┬───────────────────────────────────┘ │
# ▼ │
# ┌─────────────────────────────────────────────┐ │
# │ Base │ │
# │ 0x9855054731540A48b28990B63DcF4f33d8AE46A1 │ │
# └─────────────────────┬───────────────────────┘ │
# │ │
# └─────────────────┬────────────────────────────────────────────────────────────────┘
# ▼
# ┌─────────────────────────────────────────────┐
# │ ProxyAdminOwner │
# │ 0x7bB41C3008B3f03FE483B28b8DB90e19Cf07595c │
# └─────────────────────────────────────────────┘


# OPTIMISM

.PHONY: gen-validation-op
gen-validation-op:
$(GOPATH)/bin/state-diff --rpc $(L1_RPC_URL) -o OP_VALIDATION.md \
-- forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "sign(address[])" "[$(OP_MULTISIG)]" \
--sender 0x42d27eEA1AD6e22Af6284F609847CB3Cd56B9c64

.PHONY: sign-op
sign-op:
$(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \
forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "sign(address[])" "[$(OP_MULTISIG)]"

.PHONY: approve-op
approve-op:
forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "approve(address[],bytes)" "[$(OP_MULTISIG)]" $(SIGNATURES) \
--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv

# BASE NESTED

.PHONY: gen-validation-base-nested
gen-validation-base-nested:
$(GOPATH)/bin/state-diff --rpc $(L1_RPC_URL) -o BASE_NESTED_VALIDATION.md \
-- forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "sign(address[])" "[$(BASE_NESTED_MULTISIG), $(BASE_MULTISIG)]" \
--sender 0x6CD3850756b7894774Ab715D136F9dD02837De50

.PHONY: sign-base-nested
sign-base-nested:
$(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \
forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "sign(address[])" "[$(BASE_NESTED_MULTISIG), $(BASE_MULTISIG)]"

.PHONY: approve-base-nested
approve-base-nested:
forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "approve(address[],bytes)" "[$(BASE_NESTED_MULTISIG), $(BASE_MULTISIG)]" $(SIGNATURES) \
--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv

# BASE SC

.PHONY: gen-validation-base-sc
gen-validation-base-sc:
$(GOPATH)/bin/state-diff --rpc $(L1_RPC_URL) -o BASE_SC_VALIDATION.md \
-- forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "sign(address[])" "[$(BASE_SC_MULTISIG), $(BASE_MULTISIG)]" \
--sender 0x5ff5C78ff194acc24C22DAaDdE4D639ebF18ACC6

.PHONY: sign-base-sc
sign-base-sc:
$(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \
forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "sign(address[])" "[$(BASE_SC_MULTISIG), $(BASE_MULTISIG)]"

.PHONY: approve-base-sc
approve-base-sc:
forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "approve(address[],bytes)" "[$(BASE_SC_MULTISIG), $(BASE_MULTISIG)]" $(SIGNATURES) \
--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv

# BASE

.PHONY: approve-base
approve-base:
forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "approve(address[],bytes)" "[$(BASE_MULTISIG)]" 0x \
--ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv

# Execute

.PHONY: execute
execute:
forge script --rpc-url $(L1_RPC_URL) UpgradeSystemConfigScript \
--sig "run(bytes)" 0x --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" --broadcast -vvvv
136 changes: 136 additions & 0 deletions mainnet/2025-06-04-upgrade-system-config/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
# Upgrade System Config

Status: Ready to deploy

## Description

This task contains two scripts:
1. `DeploySystemConfigScript` - This script deploys the new system config implementation.
2. `UpgradeSystemConfigScript` - This script performs the upgrade to the new implementation deployed in the previous step.

NOTE: Signers should not care about the `DeploySystemConfigScript` script as it will be ran before hand by the facilitator.
The rest of this document will focus on using the `UpgradeSystemConfigScript` script.

## Procedure

### 1. Update repo:

```bash
cd contract-deployments
git pull
cd mainnet/2025-06-04-upgrade-system-config
make deps
```

### 2. Setup Ledger

Your Ledger needs to be connected and unlocked. The Ethereum
application needs to be opened on Ledger with the message "Application
is ready".

### 3. Simulate, Validate, and Sign

#### 3.1. Simulate and validate the transaction

Make sure your ledger is still unlocked and run the following command:

For Optimism signers:
```bash
make sign-op
```

For Base signers:
```bash
make sign-base-nested
```

For Base Security Council signers:
```bash
make sign-base-sc
```

For each run, you will see a "Simulation link" from the output.

Paste this URL in your browser. A prompt may ask you to choose a
project, any project will do. You can create one if necessary.

Click "Simulate Transaction".

We will be performing 3 validations and extract the domain hash and
message hash to approve on your Ledger:

1. Validate integrity of the simulation.
2. Validate correctness of the state diff.
3. Validate and extract domain hash and message hash to approve.

##### 3.1.1. Validate integrity of the simulation.

Make sure you are on the "Overview" tab of the tenderly simulation, to
validate integrity of the simulation, we need to check the following:

1. "Network": Check the network is `Mainnet`.
2. "Timestamp": Check the simulation is performed on a block with a
recent timestamp (i.e. close to when you run the script).

##### 3.1.2. Validate correctness of the state diff.

Now click on the "State" tab, and refer to the validations instructions for the transaction you are signing:

- For Optimism signers: [validations instructions](./validations/OP_VALIDATION.md)
- For Base signers: [validations instructions](./validations/BASE_NESTED_VALIDATION.md)
- For Base Security Council signers: [validations instructions](./validations/BASE_SC_VALIDATION.md)

Once complete return to this document to complete the signing.

### 4. Extract the domain hash and the message hash to approve.

Now that we have verified the transaction performs the right
operation, we need to extract the domain hash and the message hash to
approve.

Go back to the "Overview" tab, and find the
`GnosisSafe.checkSignatures` call. This call's `data` parameter
contains both the domain hash and the message hash that will show up
in your Ledger.

It will be a concatenation of `0x1901`, the domain hash, and the
message hash: `0x1901[domain hash][message hash]`.

Note down this value. You will need to compare it with the ones
displayed on the Ledger screen at signing.

Once the validations are done, it's time to actually sign the
transaction.

> [!WARNING]
> This is the most security critical part of the playbook: make sure the
> domain hash and message hash in the following three places match:
>
> 1. On your Ledger screen.
> 2. In the terminal output.
> 3. In the Tenderly simulation. You should use the same Tenderly
> simulation as the one you used to verify the state diffs, instead
> of opening the new one printed in the console.
>

After verification, sign the transaction. You will see the `Data`,
`Signer` and `Signature` printed in the console. Format should be
something like this:

```shell
Data: <DATA>
Signer: <ADDRESS>
Signature: <SIGNATURE>
```

Double check the signer address is the right one.

#### 4.1. Send the output to Facilitator(s)

Nothing has occurred onchain - these are offchain signatures which
will be collected by Facilitators for execution. Execution can occur
by anyone once a threshold of signatures are collected, so a
Facilitator will do the final execution for convenience.

Share the `Data`, `Signer` and `Signature` with the Facilitator, and
congrats, you are done!
24 changes: 24 additions & 0 deletions mainnet/2025-06-04-upgrade-system-config/foundry.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
[profile.default]
src = 'src'
out = 'out'
libs = ['lib']
broadcast = 'records'
fs_permissions = [{ access = "read-write", path = "./" }]
optimizer = true
optimizer_runs = 999999
solc_version = "0.8.15"
via-ir = false
remappings = [
'@eth-optimism-bedrock/=lib/optimism/packages/contracts-bedrock/',
'@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts',
'@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts',
'@rari-capital/solmate/=lib/solmate/',
'@base-contracts/=lib/base-contracts',
'solady/=lib/solady/src/',
'@lib-keccak/=lib/lib-keccak/contracts/lib',
'src/libraries/=lib/optimism/packages/contracts-bedrock/src/libraries',
'interfaces/universal/=lib/optimism/packages/contracts-bedrock/interfaces/universal',
'interfaces/L1/=lib/optimism/packages/contracts-bedrock/interfaces/L1',
]

# See more config options https://github.com/foundry-rs/foundry/tree/master/config
25 changes: 25 additions & 0 deletions mainnet/2025-06-04-upgrade-system-config/patch/max-gas-limit.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
diff --git a/packages/contracts-bedrock/src/L1/SystemConfig.sol b/packages/contracts-bedrock/src/L1/SystemConfig.sol
index e767bc64a..a7617d5e8 100644
--- a/packages/contracts-bedrock/src/L1/SystemConfig.sol
+++ b/packages/contracts-bedrock/src/L1/SystemConfig.sol
@@ -87,7 +87,7 @@ contract SystemConfig is OwnableUpgradeable, ISemver {
/// @notice The maximum gas limit that can be set for L2 blocks. This limit is used to enforce that the blocks
/// on L2 are not too large to process and prove. Over time, this value can be increased as various
/// optimizations and improvements are made to the system at large.
- uint64 internal constant MAX_GAS_LIMIT = 200_000_000;
+ uint64 internal constant MAX_GAS_LIMIT = 500_000_000;

/// @notice Fixed L2 gas overhead. Used as part of the L2 fee calculation.
/// Deprecated since the Ecotone network upgrade
@@ -136,9 +136,9 @@ contract SystemConfig is OwnableUpgradeable, ISemver {
event ConfigUpdate(uint256 indexed version, UpdateType indexed updateType, bytes data);

/// @notice Semantic version.
- /// @custom:semver 2.5.0
+ /// @custom:semver 2.5.0+max-gas-limit-500M
function version() public pure virtual returns (string memory) {
- return "2.5.0";
+ return "2.5.0+max-gas-limit-500M";
}

/// @notice Constructs the SystemConfig contract.
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
// SPDX-License-Identifier: MIT
pragma solidity 0.8.15;

import {Script, console} from "forge-std/Script.sol";

import {SystemConfig} from "@eth-optimism-bedrock/src/L1/SystemConfig.sol";

contract DeploySystemConfigScript is Script {
SystemConfig systemConfigImpl;

function run() public {
vm.startBroadcast();
systemConfigImpl = new SystemConfig();
console.log("SystemConfig implementation deployed at: ", address(systemConfigImpl));
vm.stopBroadcast();

string memory obj = "root";
string memory json = vm.serializeAddress(obj, "systemConfig", address(systemConfigImpl));
vm.writeJson(json, "addresses.json");

_postCheck();
}

function _postCheck() internal view {
require(
keccak256(bytes(SystemConfig(systemConfigImpl).version())) == keccak256("2.5.0+max-gas-limit-500M"),
"SystemConfig version mismatch"
);

require(SystemConfig(systemConfigImpl).maximumGasLimit() == 500_000_000, "Maximum gas limit mismatch");
}
}
Loading