Maurelian maurelian

List of key breaking changes to watch for:

Unverified contracts:
1. Contracts whose source code has not been verified on Etherscan (Kovan, Optimistic Ethereum) will be wiped out along with their storage.
Contracts whose source code has been verified will be recompiled with the standard Solidity compiler. As a result of this:

Checklist used to review this PR to ensure no breaking changes after regenesis. Based on the changeset doc.

Unverified contracts
- Contracts whose source code has not been verified on Etherscan (Kovan, Optimistic Ethereum) will be wiped out along with their storage.
- NOTE: Please very that you're not calling any unverified contracts.
Contracts whose source code has been verified will be recompiled with the standard Solidity compiler. As a result of this:
The EXTCODEHASH and CODESIZE of every contract will change.

1. How many (non-library) contracts are in the scope?

Just our MerkleTrie contracts. The bulk of it is this Lib_MerkleTrie.sol (https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/trie/Lib_MerkleTrie.sol). But also this wrapper for it: https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/trie/Lib_SecureMerkleTrie.sol

And these three libs found here: https://github.com/ethereum-optimism/optimism/blob/88eb324e8648a1b5edabb8d817d0ccf8631a8bc9/packages/contracts/contracts/libraries/utils

import { Lib_BytesUtils } from "./Lib_BytesUtils.sol";
import { Lib_RLPReader } from "./Lib_RLPReader.sol";

0x1889dc51448166ca751b713f4532e293c9f22cbd7a2354ec4c1ec18012cf50ec

Description

A security vulnerability has been identified in the Ownable contract. The vulnerability lies in the constructor function, which allows anyone to become the owner of the contract without any authentication or authorization. This could potentially allow malicious actors to gain control of the contract and use it for malicious purposes.

The vulnerability can be exploited by sending a transaction to the contract from any address. This would set the _owner variable to the address of the sender, granting them full control of the contract. This could allow malicious actors to modify the contract, transfer funds, or otherwise

Verifying Correctness of the Safe Extensions Bytecode

The following steps can be taken in order to verify that the Safe Modules and Guard match the governance approved source code, and should work with tooling you already have. Do these from the root directory of the superchain-ops repo.

Update forge by running: foundryup.
Clone the Optimism monorepo: git clone https://github.com/ethereum-optimism/optimism.git
cd optimism

	#!/bin/bash
	TOKEN=< OpenAI token from https://platform.openai.com/account/api-keys >
	PROMPT="You are the best at writing shell commands. Assume the OS is Ubuntu. I want you to respond with only the shell commands separated by semicolons and no commentary. Here is what I want to do: $@"
	RESULT=`curl -s https://api.openai.com/v1/chat/completions \
	-H 'Content-Type: application/json' \
	-H "Authorization: Bearer $TOKEN" \
	-d "{
	\"model\": \"gpt-3.5-turbo\",
	\"messages\": [{\"role\": \"user\", \"content\": \"$PROMPT\"}]
	}" \| jq '.choices[] \| .message.content' -r`

	vrepo () {
	if [[ $# -ne 1 ]]
	then
	echo "Usage: vRepo <github URL or org/repo-name>"
	return 1
	fi
	if [[ $1 == "github.com" ]]
	then
	urlPath=$(echo $1 \| sed 's/.*github.com\///')
	org=$(echo $urlPath \| cut -d '/' -f1)

	That's OK. We can still talk about it here, right?
	...
	Right?