WIP: Enshrined Revenue Sharing implementation

[geoknee]

Towards https://github.com/ethereum-optimism/client-pod/issues/739

[semgrep-app]

Semgrep found 15 sol-style-notice-over-dev-natspec findings:

• packages/contracts-bedrock/src/L2/RevenueSharer.sol
  • L14 - Triage
• packages/contracts-bedrock/scripts/L2Genesis.s.sol
  • L27 - Triage
  • L57 - Triage
  • L62 - Triage
  • L81 - Triage
  • L186 - Triage
  • L251 - Triage
  • L271 - Triage
  • L343 - Triage
  • L349 - Triage
  • L354 - Triage
  • 4 more - Triage

Prefer @notice over @dev in natspec comments

_{Ignore this finding from sol-style-notice-over-dev-natspec.}

Semgrep found 13 sol-style-doc-comment findings:

• packages/contracts-bedrock/src/L2/RevenueSharer.sol
  • L21-23 - Triage
  • L25-27 - Triage
  • L29-32 - Triage
  • L34-37 - Triage
  • L43-45 - Triage
  • L47-49 - Triage
  • L55-59 - Triage
  • L61-65 - Triage
  • L71-75 - Triage
  • L87-89 - Triage
  • 3 more - Triage

Javadoc-style comments are not allowed. Use /// style doc comments instead.

_{Ignore this finding from sol-style-doc-comment.}

Semgrep found 11 golang_fmt_errorf_no_params findings:

• op-plasma/cmd/daserver/flags.go
  • L82 - Triage
  • L85 - Triage
• op-chain-ops/state/encoding.go
  • L85 - Triage
  • L90 - Triage
• op-chain-ops/immutables/immutables.go
  • L222 - Triage
  • L226 - Triage
  • L244 - Triage
  • L248 - Triage
  • L252 - Triage
• op-bindings/bindgen/remote_handlers.go
  • L224 - Triage
  • L264 - Triage

No fmt.Errorf invocations without fmt arguments allowed

_{Ignore this finding from golang_fmt_errorf_no_params.}

Semgrep found 2 import-text-template findings:

• op-bindings/bindgen/remote_handlers.go
  • L11 - Triage
• op-bindings/bindgen/generator_local.go
  • L12 - Triage

When working with web applications that involve rendering user-generated content, it's important to properly escape any HTML content to prevent Cross-Site Scripting (XSS) attacks. In Go, the text/template package does not automatically escape HTML content, which can leave your application vulnerable to these types of attacks. To mitigate this risk, it's recommended to use the html/template package instead, which provides built-in functionality for HTML escaping. By using html/template to render your HTML content, you can help to ensure that your web application is more secure and less susceptible to XSS vulnerabilities.

_{Ignore this finding from import-text-template.}

Semgrep found 1 dangerous-exec-command finding:

• op-challenger/game/fault/trace/cannon/executor.go
  • L149 - Triage

Detected non-static command inside Command. Audit the input to 'exec.Command'. If unverified user data can reach this call site, this is a code injection vulnerability. A malicious actor can inject a malicious script to execute arbitrary code.

_{Ignore this finding from dangerous-exec-command.}

[tynes]

You should rebase on latest develop - its not necessary to do the bindings thing anymore, we use a forge script to create the L2 genesis, there are instructions here on how to run the command. I believe this is safe to add to the L2 genesis as part of the PR but we should make sure the specs are finalized before adding it to the L2 genesis generation since we don't have good releases of contracts yet :)

[tynes]

can you explain this todo more?

[tynes]

The control flow is kinda jank for this system, def not your fault, its trying to build something on top that isn't really suited well for this usecase. It would be good to have a comment saying "withdraw calls back to this contract, sending its full balance of ether" or something like that so its more obvious the control flow

[tynes]

It could be worth also calling to check that the withdrawal network is L2, otherwise the state machine can be fooled

[tynes]

i know this is draft but i don't think we should merge it until we align more on the design :)

[geoknee]

i know this is draft but i don't think we should merge it until we align more on the design :)

For sure. I also added WIP to the title, this is far from merging.

[tynes]

you should be sure to call initialize on the implementation too, with null values

[tynes]

i would like us to add a version of SafeCall that only takes 2 arguments so we don't need to pass gasleft. If you don't want to do it as part of this PR thats fine

[tynes]

This is great so far!

[tynes]

If you added a mermaid diagram to the specs that showed the flow of calls, that would be amazing

[tynes]

If you could add a useRevenueShare = _envOr(_json, ".useRevenueShare", true); that would be great then in the Genesis generation you can know to configure the fee vaults appropriately when its set to true. Will need to add a setter setUseRevenueShare to be able to not break legacy tests, you can see how this is done with plasma, you need to call it in the tests setUp before calling super.setUp

[tynes]

can you use _envOr with null fallback values? This prevents breaking config and also makes it so that the null values are set when the revenue share is turned off

[github-actions]

This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[github-actions]

This PR is stale because it has been open 14 days with no activity. Remove stale label or comment or this will be closed in 5 days.