Market update v1 changes

.github/workflows/deploy-market.yaml

@@ -57,7 +57,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: '16'
+          node-version: '18'
 
       - name: Install packages
         run: yarn install --non-interactive --frozen-lockfile
@@ -90,4 +90,4 @@ jobs:
           git config user.email "<>"
           git add deployments/\*/roots.json
           git commit -m "Modified deployment roots from GitHub Actions"
-          git push origin
+          git push origin

.github/workflows/enact-migration.yaml

@@ -94,7 +94,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: '16'
+          node-version: '18'
 
       - name: Install packages
         run: yarn install --non-interactive --frozen-lockfile
@@ -153,4 +153,4 @@ jobs:
           git config user.email "<>"
           git add deployments/${{ github.event.inputs.network }}/${{ github.event.inputs.deployment }}/migrations/${{ github.event.inputs.migration }}.ts
           git commit -m "Modified migration from GitHub Actions" || echo "No changes to commit"
-          git push origin
+          git push origin

.github/workflows/prepare-migration.yaml

@@ -57,7 +57,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: '16'
+          node-version: '18'
 
       - name: Install packages
         run: yarn install --non-interactive --frozen-lockfile
@@ -81,4 +81,4 @@ jobs:
         if: success() || failure() # run this step even if previous step failed
         with:
           name: ${{ github.event.inputs.network }}-${{ github.event.inputs.deployment }}-${{ github.event.inputs.migration }}
-          path: deployments/${{ github.event.inputs.network }}/${{ github.event.inputs.deployment }}/artifacts/${{ github.event.inputs.migration }}.json
+          path: deployments/${{ github.event.inputs.network }}/${{ github.event.inputs.deployment }}/artifacts/${{ github.event.inputs.migration }}.json

.github/workflows/run-contract-linter.yaml

@@ -21,7 +21,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: '16'
+          node-version: '18'
 
       - name: Install packages
         run: yarn install --non-interactive --frozen-lockfile && yarn build

.github/workflows/run-coverage.yaml

@@ -23,7 +23,7 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           cache: 'yarn'
-          node-version: '16'
+          node-version: '18'
 
       - name: Install packages
         run: yarn install --non-interactive --frozen-lockfile

.github/workflows/run-eslint.yaml

@@ -21,7 +21,7 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           cache: 'yarn'
-          node-version: '16'
+          node-version: '18'
 
       - name: Install packages
         run: yarn install --non-interactive --frozen-lockfile && yarn build

.github/workflows/run-forge-tests.yaml

@@ -30,6 +30,13 @@ jobs:
           ARBISCAN_KEY: ${{ secrets.ARBISCAN_KEY }}
           LINEASCAN_KEY: ${{ secrets.LINEASCAN_KEY }}
           OPTIMISMSCAN_KEY: ${{ secrets.OPTIMISMSCAN_KEY }}
+          MAINNET_RPC_URL: ${{ secrets.MAINNET_RPC_URL }}
+          OPTIMISM_RPC_URL: ${{ secrets.OPTIMISM_RPC_URL }}
+          BASE_RPC_URL: ${{ secrets.BASE_RPC_URL }}
+          SCROLL_RPC_URL: ${{ secrets.SCROLL_RPC_URL }}
+          ARBITRUM_RPC_URL: ${{ secrets.ARBITRUM_RPC_URL }}
+          POLYGON_RPC_URL: ${{ secrets.POLYGON_RPC_URL }}
+          SALT: ${{ secrets.SALT }}
 
       - name: Build Comet with older solc versions
         run: |

.github/workflows/run-gas-profiler.yaml

@@ -21,7 +21,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: '16'
+          node-version: '18'
 
       - name: Install packages
         run: yarn install --non-interactive --frozen-lockfile && yarn build

.github/workflows/run-scenarios.yaml

@@ -2,6 +2,8 @@ name: Run Scenarios
 on:
   workflow_dispatch:
   pull_request:
+permissions:
+  checks: write 
 jobs:
   run-scenarios:
     strategy:
@@ -29,7 +31,7 @@ jobs:
       - uses: actions/setup-node@v4
         with:
           cache: 'yarn'
-          node-version: '16'
+          node-version: '18'
 
       - name: Cache Deployments
         uses: actions/cache@v4
@@ -64,4 +66,4 @@ jobs:
         with:
           name: Scenario Tests (${{ matrix.bases }}) # Name of the check run which will be created
           path: scenario-results.json # Path to test results (inside artifact .zip)
-          reporter: mocha-json # Format of test results
+          reporter: mocha-json # Format of test results

.github/workflows/run-slither.yaml

@@ -12,7 +12,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: '16'
+          node-version: '18'
 
       - uses: actions/setup-python@v4
         with:
@@ -24,6 +24,9 @@ jobs:
       - name: Install packages
         run: pip install slither-analyzer solc-select
 
+      - name: Install Foundry
+        uses: foundry-rs/foundry-toolchain@v1
+
       - name: Switch to solidity version
         run: solc-select install 0.8.15;solc-select use 0.8.15
 

.github/workflows/run-unit-tests.yaml

@@ -2,6 +2,10 @@ name: Run Unit Tests
 on:
   workflow_dispatch:
   pull_request:
+
+permissions:
+  checks: write  # Grant write permission to checks
+
 jobs:
   unit-tests:
     name: Unit tests
@@ -20,7 +24,7 @@ jobs:
 
       - uses: actions/setup-node@v4
         with:
-          node-version: '16'
+          node-version: '18'
 
       - name: Install packages
         run: yarn install --non-interactive --frozen-lockfile

.gitignore

@@ -23,4 +23,11 @@ typechain/
 
 test-results.json
 scenario-results.json
+.idea/
+*.iml
 
+deployments/localhost/dai/roots.json
+forge/Makefile
+.envrc
+
+broadcast/

Makefile

@@ -0,0 +1,129 @@
+# Makefile for verifying contracts
+
+
+# Declare constants at the top
+MARKET_UPDATE_MULTISIG = 0x7e14050080306cd36b47DE61ce604b3a1EC70c4e
+MARKET_ADMIN_TIMELOCK_ADDRESS = 0x81Bc6016Fa365bfE929a51Eec9217B441B598eC6
+MARKET_UPDATE_PROPOSER = 0xB6Ef3AC71E9baCF1F4b9426C149d855Bfc4415F9
+CONFIGURATOR_IMPL = 0x371DB45c7ee248dAFf4Dc1FFB67A20faa0ecFE02
+COMET_PROXY_ADMIN = 0x24D86Da09C4Dd64e50dB7501b0f695d030f397aF
+MARKET_ADMIN_PERMISSION_CHECKER = 0x62DD0452411113404cf9a7fE88A5E6E86f9B71a6
+
+SOLIDITY_COMPILER_VERSION = "0.8.15"
+SENDER = "0x470579d16401a36BF63b1428eaA7189FBdE5Fee9"
+EVM_VERSION = "london"
+OWNERS = '["0xDD659911EcBD4458db07Ee7cDdeC79bf8F859AbC", "0xda32C5AEE8Fc5C51Ed9a99f5608c33f435F740B4", "0x1D8e0b8F4CEd9262C9ac0c0870BF8B45D74ad9D9", "0x47526FDDBA0A5a7ef001FaaD4836b771B3e92522"]'
+THRESHOLD = 2
+
+#RPC_URL = "RPCUrlOfTheNetwork"
+#SENDER = "0x470579d16401a36BF63b1428eaA7189FBdE5Fee9"
+#ETHERSCAN_API_KEY = ""
+#CHAIN_ID = ChainIdOfTheNetwork
+#SALT = 'salt-salt-sale-salt'
+
+include .env
+
+# Define targets for each contract
+verify-all: verify-MarketUpdateTimelock verify-MarketUpdateProposer verify-Configurator verify-CometProxyAdmin verify-MarketAdminPermissionChecker
+
+# Deploying Safe
+deploy-safe:
+	@echo "Deploying Safe..."
+	OWNERS=$(OWNERS) THRESHOLD=$(THRESHOLD) SALT=$(SALT) CHAIN_ID=$(CHAIN_ID) yarn hardhat run scripts/marketupdates/deploySafe.ts
+
+# Deploying the contracts
+deploy-contracts:
+	@echo "Deploying contracts..."
+	CHAIN_ID=$(CHAIN_ID) forge script forge/script/marketupdates/DeployContracts.s.sol:DeployContracts \
+		--rpc-url $(RPC_URL) \
+		--optimize \
+		--optimizer-runs 200 \
+		--use $(SOLIDITY_COMPILER_VERSION) \
+		--evm-version $(EVM_VERSION) \
+		--broadcast \
+		--via-ir \
+		-vvvv \
+		--sender $(SENDER)
+
+# Compute contracts addresses
+compute-contracts-addresses:
+	@echo "Computing contracts addresses..."
+	CHAIN_ID=$(CHAIN_ID) forge script forge/script/marketupdates/ComputeContractsAddresses.s.sol:ComputeContractAddresses \
+		--rpc-url $(RPC_URL) \
+		--optimize \
+		--optimizer-runs 200 \
+		--use $(SOLIDITY_COMPILER_VERSION) \
+		--evm-version $(EVM_VERSION) \
+		--via-ir \
+		-vvvv \
+		--skip-simulation \
+		--sender $(SENDER)
+
+# Verifying MarketUpdateTimelock
+verify-MarketUpdateTimelock:
+	@echo "Verifying MarketUpdateTimelock..."
+	forge verify-contract \
+		--chain-id $(CHAIN_ID) \
+		--compiler-version $(SOLIDITY_COMPILER_VERSION) \
+		--optimizer-runs 200 \
+		--constructor-args $(shell cast abi-encode "constructor(address,uint256)" $(SENDER) 172800) \
+		--etherscan-api-key $(ETHERSCAN_API_KEY) \
+		--watch \
+		--via-ir \
+		${MARKET_ADMIN_TIMELOCK_ADDRESS} \
+		contracts/marketupdates/MarketUpdateTimelock.sol:MarketUpdateTimelock
+
+# Verifying MarketUpdateProposer
+verify-MarketUpdateProposer:
+	@echo "Verifying MarketUpdateProposer..."
+	forge verify-contract \
+		--chain-id $(CHAIN_ID) \
+		--compiler-version $(SOLIDITY_COMPILER_VERSION) \
+		--optimizer-runs 200 \
+		--constructor-args $(shell cast abi-encode "constructor(address,address,address,address)" $(SENDER) $(MARKET_UPDATE_MULTISIG) 0x0000000000000000000000000000000000000000 $(MARKET_ADMIN_TIMELOCK_ADDRESS)) \
+		--etherscan-api-key $(ETHERSCAN_API_KEY) \
+		--watch \
+		--via-ir \
+		${MARKET_UPDATE_PROPOSER} \
+		contracts/marketupdates/MarketUpdateProposer.sol:MarketUpdateProposer
+
+# Verifying CometProxyAdmin
+verify-CometProxyAdmin:
+	@echo "Verifying CometProxyAdmin..."
+	forge verify-contract \
+		--chain-id $(CHAIN_ID) \
+		--compiler-version $(SOLIDITY_COMPILER_VERSION) \
+		--optimizer-runs 200 \
+		--constructor-args $(shell cast abi-encode "constructor(address)" $(SENDER)) \
+		--etherscan-api-key $(ETHERSCAN_API_KEY) \
+		--watch \
+		--via-ir \
+		${COMET_PROXY_ADMIN} \
+		contracts/CometProxyAdmin.sol:CometProxyAdmin
+
+# Verifying Configurator
+verify-Configurator:
+	@echo "Verifying Configurator..."
+	forge verify-contract \
+		--chain-id $(CHAIN_ID) \
+		--compiler-version $(SOLIDITY_COMPILER_VERSION) \
+		--optimizer-runs 200 \
+		--etherscan-api-key $(ETHERSCAN_API_KEY) \
+		--watch \
+		--via-ir \
+		${CONFIGURATOR_IMPL} \
+		contracts/Configurator.sol:Configurator
+
+# Verifying MarketAdminPermissionChecker
+verify-MarketAdminPermissionChecker:
+	@echo "Verifying MarketAdminPermissionChecker..."
+	forge verify-contract \
+		--chain-id $(CHAIN_ID) \
+		--compiler-version $(SOLIDITY_COMPILER_VERSION) \
+		--optimizer-runs 200 \
+		--constructor-args $(shell cast abi-encode "constructor(address,address,address)" $(SENDER) $(MARKET_UPDATE_MULTISIG) 0x0000000000000000000000000000000000000000) \
+		--etherscan-api-key $(ETHERSCAN_API_KEY) \
+		--watch \
+		--via-ir \
+		${MARKET_ADMIN_PERMISSION_CHECKER} \
+		contracts/marketupdates/MarketAdminPermissionChecker.sol:MarketAdminPermissionChecker

contracts/CometProxyAdmin.sol

@@ -1,30 +1,79 @@
 // SPDX-License-Identifier: BUSL-1.1
 pragma solidity 0.8.15;
 
 import "./vendor/proxy/transparent/ProxyAdmin.sol";
+import "./marketupdates/MarketAdminPermissionCheckerInterface.sol";
 
 interface Deployable {
   function deploy(address cometProxy) external returns (address);
 }
 
 contract CometProxyAdmin is ProxyAdmin {
+
+    /// @notice MarketAdminPermissionChecker contract which is used to check if the caller has permission to perform market updates(or deployment)
+    MarketAdminPermissionCheckerInterface public marketAdminPermissionChecker;
+
+    event SetMarketAdminPermissionChecker(address indexed oldMarketAdminPermissionChecker, address indexed newMarketAdminPermissionChecker);
+    error Unauthorized();
+
+    /**
+     * @dev Ensures that the caller is either the owner or the market admin.
+     * This delegates the permission check logic to the MarketAdminPermissionChecker contract.
+     */
+    modifier ownerOrMarketAdmin {
+        if(_msgSender() != owner()) marketAdminPermissionChecker.checkUpdatePermission(_msgSender());
+        _;
+    }
+
+    /**
+     * @dev Initializes the contract setting the specified address as the initial owner.
+     * @param initialOwner The address to set as the owner of the contract.
+     */
+    constructor(address initialOwner) ProxyAdmin(initialOwner) {}
+
     /**
      * @dev Deploy a new Comet and upgrade the implementation of the Comet proxy
      *  Requirements:
      *   - This contract must be the admin of `CometProxy`
      */
-    function deployAndUpgradeTo(Deployable configuratorProxy, TransparentUpgradeableProxy cometProxy) public virtual onlyOwner {
+    function deployAndUpgradeTo(Deployable configuratorProxy, TransparentUpgradeableProxy cometProxy) public virtual ownerOrMarketAdmin {
         address newCometImpl = configuratorProxy.deploy(address(cometProxy));
-        upgrade(cometProxy, newCometImpl);
+        _upgrade(cometProxy, newCometImpl);
     }
 
     /**
      * @dev Deploy a new Comet and upgrade the implementation of the Comet proxy, then call the function
      *  Requirements:
      *   - This contract must be the admin of `CometProxy`
      */
-    function deployUpgradeToAndCall(Deployable configuratorProxy, TransparentUpgradeableProxy cometProxy, bytes memory data) public virtual onlyOwner {
+    function deployUpgradeToAndCall(Deployable configuratorProxy, TransparentUpgradeableProxy cometProxy, bytes memory data) public virtual ownerOrMarketAdmin {
         address newCometImpl = configuratorProxy.deploy(address(cometProxy));
-        upgradeAndCall(cometProxy, newCometImpl, data);
+        _upgradeAndCall(cometProxy, newCometImpl, data);
     }
-}
+
+    /**
+    * @notice Sets the MarketAdminPermissionChecker contract
+    * @dev Note: Only callable by main-governor-timelock
+    **/
+    function setMarketAdminPermissionChecker(MarketAdminPermissionCheckerInterface newMarketAdminPermissionChecker) external {
+        if (_msgSender() != owner()) revert Unauthorized();
+        address oldMarketAdminPermissionChecker = address(marketAdminPermissionChecker);
+        marketAdminPermissionChecker = newMarketAdminPermissionChecker;
+        emit SetMarketAdminPermissionChecker(oldMarketAdminPermissionChecker, address(newMarketAdminPermissionChecker));
+    }
+
+
+    /**
+     * @dev Custom upgrade function that allows owner and marketAdmin to call it
+     */
+    function _upgrade(TransparentUpgradeableProxy proxy, address implementation) private {
+        proxy.upgradeTo(implementation);
+    }
+
+    /**
+     * @dev Custom upgradeAndCall function that allows owner and marketAdmin to call it
+     */
+    function _upgradeAndCall(TransparentUpgradeableProxy proxy, address implementation, bytes memory data) private {
+        proxy.upgradeToAndCall(implementation, data);
+    }
+}