diff --git a/mainnet/2025-09-13-incident-multisig-signers/.env b/mainnet/2025-09-13-incident-multisig-signers/.env new file mode 100644 index 00000000..1a887b60 --- /dev/null +++ b/mainnet/2025-09-13-incident-multisig-signers/.env @@ -0,0 +1,4 @@ +OP_COMMIT=ef7a933ca7f3d27ac40406f87fea25e0c3ba2016 +BASE_CONTRACTS_COMMIT=cab46f4c34f11e22640ec3073aa6f0b46cdaa1b7 + +OWNER_SAFE=0x14536667Cd30e52C0b458BaACcB9faDA7046E056 diff --git a/mainnet/2025-09-13-incident-multisig-signers/Makefile b/mainnet/2025-09-13-incident-multisig-signers/Makefile new file mode 100644 index 00000000..211ebed9 --- /dev/null +++ b/mainnet/2025-09-13-incident-multisig-signers/Makefile @@ -0,0 +1,38 @@ +include ../../Makefile +include ../.env +include .env + +SCRIPT = UpdateSigners + +ifndef LEDGER_ACCOUNT +override LEDGER_ACCOUNT = 0 +endif + +.PHONY: deps +deps: new-go-deps new-forge-deps + +.PHONY: new-go-deps +new-go-deps: + go install github.com/jackchuma/state-diff@v0.0.1 + +.PHONY: new-forge-deps +new-forge-deps: + forge install --no-git safe-global/safe-smart-account@186a21a74b327f17fc41217a927dea7064f74604 + +.PHONY: gen-validation +gen-validation: + $(GOPATH)/bin/state-diff --rpc $(L1_RPC_URL) -o VALIDATION.md \ + -- forge script --rpc-url $(L1_RPC_URL) $(SCRIPT) \ + --sig "sign(address[])" [] --sender 0x24c3AE1AeDB8142D32BB6d3B988f5910F272D53b + +.PHONY: sign +sign: + $(GOPATH)/bin/eip712sign --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" -- \ + forge script --rpc-url $(L1_RPC_URL) $(SCRIPT) --sig "sign(address[])" [] + +.PHONY: execute +execute: + forge script --rpc-url $(L1_RPC_URL) \ + $(SCRIPT) --sig "run(bytes)" $(SIGNATURES) \ + --ledger --hd-paths "m/44'/60'/$(LEDGER_ACCOUNT)'/0/0" \ + --broadcast -vvvv diff --git a/mainnet/2025-09-13-incident-multisig-signers/OwnerDiff.json b/mainnet/2025-09-13-incident-multisig-signers/OwnerDiff.json new file mode 100644 index 00000000..af60a5bb --- /dev/null +++ b/mainnet/2025-09-13-incident-multisig-signers/OwnerDiff.json @@ -0,0 +1,11 @@ +{ + "OwnersToAdd": [ + "0x5B154B8587168CB984Ff610F5De74289D8f68874", + "0x1841CB3C2ce6870D0417844C817849da64E6e937" + ], + "OwnersToRemove": [ + "0x73565876170a336Fa02fDe34EeD03E3121f70bA6", + "0x92B79E6C995Ee8B267EC1Ac2743D1c1fBFFFc447", + "0x9bf96dcf51959915c8c343a3e50820ad069a1859" + ] +} diff --git a/mainnet/2025-09-13-incident-multisig-signers/README.md b/mainnet/2025-09-13-incident-multisig-signers/README.md new file mode 100644 index 00000000..c8917761 --- /dev/null +++ b/mainnet/2025-09-13-incident-multisig-signers/README.md @@ -0,0 +1,182 @@ +# Update Mainnet Incident Multisig Signers + +Status: SIGNING + +## Description + +We wish to update the owners of our [Incident Multisig](https://sepolia.etherscan.io/address/0x5dfeb066334b67355a15dc9b67317fd2a2e1f77f) on Mainnet to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. + +If this is your first signing task, follow the initial setup instructions below. If you have previously signed tasks in this repo, you can skip directly to the [Procedure](#procedure). + +## Initial Setup + +These instructions are for initial setup of your development environment to install basic tools (e.g Go, Git etc.) needed for the rest of the README. + +### 1. Install Homebrew + +Open your terminal and run the following command: + +```bash +/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" +``` + +### 2. Once the installation completes, follow next steps + +You should see "next steps" in your terminal. Copy/paste the suggested commands. They should look like: + +```bash +echo >> /Users/yourname/.zprofile + echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> /Users/yourname/.zprofile + eval "$(/opt/homebrew/bin/brew shellenv)" +``` + +### 3. Install Golang + +```bash +brew install go +``` + +### 4. Install Foundry if Needed + +Inside Terminal run: + +```bash +forge --version +``` + +If you see an output that starts with `forge Version`, you have foundry installed and can proceed to the next step. + +If you do not get an output from `forge --version`, you need to install foundry with: + +```bash +curl -L https://foundry.paradigm.xyz | bash +``` + +After installation completes, quit / re-open your terminal and run: + +```bash +foundryup +``` + +If you see a `libusb` warning (`warning: libusb not found...`), you can safely ignore it and continue to the next step. + +### 5. Make a free [Tenderly](https://tenderly.co/) account if you don't already have one. + +We will use this later on for simulating and validating the task transaction. + +### 6. Clone Repo + +Inside Terminal run: + +```bash +git clone https://github.com/base/contract-deployments.git +``` + +## Procedure + +### 1. Update repo: + +```bash +cd contract-deployments +git pull +cd mainnet/2025-09-13-incident-multisig-signers +make deps +``` + +### 2. Setup Ledger + +Connect and unlock your Ledger with your 8-digit pin. Open the Ethereum application on Ledger so it displays the message "Application is ready". + +### 3. Produce Simulation + +Run the following command in your terminal. Please note that blind signing must first be enabled on your Ledger. + +```bash +make sign +``` + +You will see a "Simulation link" from the output (yes, it's a big link). Paste the URL from your terminal in your browser. A prompt may ask you to choose a project, any project will do. You can create one if necessary. + +If you see the following text after the link in your terminal, "Insert the following hex into the 'Raw input data' field:", the following 2 steps are required. + +1. Click the "Enter raw input data" option towards the bottom of the `Contract` component on the left side of your screen in Tenderly. +2. Paste the data string below "Insert the following hex into the 'Raw input data' field:" in your terminal into the "Raw input data" field. + +Click "Simulate Transaction". + +Example link below (just for reference): + +```txt +https://dashboard.tenderly.co/TENDERLY_USERNAME/TENDERLY_PROJECT/simulator/new?network=1&contractAddress=0xcA11bde05977b3631167028862bE2a173976CA11&from=0x1804c8AB1F12E6bbf3894d4083f33e07309d1f38&stateOverrides=%5B%7B"contractAddress":"0x20AcF55A3DCfe07fC4cecaCFa1628F788EC8A4Dd","storage":%5B%7B"key":"0x0000000000000000000000000000000000000000000000000000000000000004","value":"0x0000000000000000000000000000000000000000000000000000000000000001"%7D,%7B"key":"0x0000000000000000000000000000000000000000000000000000000000000003","value":"0x0000000000000000000000000000000000000000000000000000000000000001"%7D,%7B"key":"0xe90b7bceb6e7df5418fb78d8ee546e97c83a08bbccc01a0644d599ccd2a7c2e0","value":"0x000000000000000000000000ca11bde05977b3631167028862be2a173976ca11"%7D,%7B"key":"0x316a0aac0d94f5824f0b66f5bbe94a8c360a17699a1d3a233aafcf7146e9f11c","value":"0x0000000000000000000000000000000000000000000000000000000000000001"%7D%5D%7D,%7B"contractAddress":"0x9855054731540A48b28990B63DcF4f33d8AE46A1","storage":%5B%7B"key":"0x0000000000000000000000000000000000000000000000000000000000000004","value":"0x0000000000000000000000000000000000000000000000000000000000000001"%7D%5D%7D,%7B"contractAddress":"0x7bB41C3008B3f03FE483B28b8DB90e19Cf07595c","storage":%5B%7B"key":"0x0000000000000000000000000000000000000000000000000000000000000004","value":"0x0000000000000000000000000000000000000000000000000000000000000001"%7D%5D%7D%5D +``` + +### 4. Validate Simulation + +We will be performing 3 validations and extract the domain hash and message hash to approve on your Ledger: + +1. Validate integrity of the simulation. +2. Validate correctness of the state diff. +3. Validate and extract domain hash and message hash to approve. + +> [!NOTE] +> Ensure you have "Dev Mode" turned on in Tenderly for these validations. This switch is usually located towards the top right of the Tenderly UI. + +#### 4.1. Validate integrity of the simulation. + +Make sure you are on the "Summary" tab of the tenderly simulation, to validate integrity of the simulation, we need to check the following: + +1. "Network": Check the network is Mainnet. +2. "Timestamp": Check the simulation is performed on a block with a recent timestamp (i.e. close to when you run the script). +3. "Sender": Check the address shown is your signer account. If not see the derivation path Note above. + +#### 4.2. Validate correctness of the state diff. + +Now click on the "State" tab. + +Refer to the [Validation](./VALIDATION.md) instructions for the transaction you are signing. + +Once complete return to this document to complete the signing. + +#### 4.3. Extract the domain hash and the message hash to approve. + +Now that we have verified the transaction performs the right operation, we need to extract the domain hash and the message hash to approve. + +Go back to the "Summary" tab in the Tenderly UI, and find the `Safe.checkSignatures` call. This call's `data` parameter contains both the domain hash and the message hash that will show up in your Ledger. + +It will be a concatenation of `0x1901`, the domain hash, and the message hash, in the format: **`0x1901[domain hash][message hash]`**. + +Note down this value. You will need to compare it with the ones displayed on the Ledger screen at signing. + +### 5. Sign the Transaction + +Once the validations are done, it's time to actually sign the transaction. + +**Note: if your ledger is displaying the lock screen, you will need to unlock your Ledger again before running the sign command.** + +> [!WARNING] +> This is the most security critical part of the playbook: make sure the +> domain hash and message hash in the following two places match: +> +> 1. On your Ledger screen. +> 2. In the Tenderly simulation. You should use the same Tenderly +> simulation as the one you used to verify the state diffs, instead +> of opening the new one printed in the console. +> +> There is no need to verify anything printed in the console. There is +> no need to open the new Tenderly simulation link either. + +After verification, sign the transaction. You will see the `Data`, `Signer` and `Signature` printed in the console. Format should be something like this: + +```shell +Data: +Signer:
+Signature: +``` + +Double check the signer address is your ledger address. + +### 6. Send the output to Facilitator(s) + +Nothing has occurred onchain - these are offchain signatures which will be collected by Facilitators for execution. Execution can occur by anyone once a threshold of signatures are collected, so a Facilitator will do the final execution for convenience. + +Share the `Data`, `Signer` and `Signature` with the Facilitator, and congrats, you are done! diff --git a/mainnet/2025-09-13-incident-multisig-signers/VALIDATION.md b/mainnet/2025-09-13-incident-multisig-signers/VALIDATION.md new file mode 100644 index 00000000..8d14e6e6 --- /dev/null +++ b/mainnet/2025-09-13-incident-multisig-signers/VALIDATION.md @@ -0,0 +1,135 @@ +# Validation + +This document can be used to validate the inputs and result of the execution of the upgrade transaction which you are signing. + +> [!NOTE] +> +> This document provides names for each contract address to add clarity to what you are seeing. These names will not be visible in the Tenderly UI. All that matters is that addresses and storage slot hex values match exactly what is presented in this document. + +The steps are: + +1. [Validate the Domain and Message Hashes](#expected-domain-and-message-hashes) +2. [Verifying the state changes](#state-changes) + +## Expected Domain and Message Hashes + +First, we need to validate the domain and message hashes. These values should match both the values on your ledger and the values printed to the terminal when you run the task. + +> [!CAUTION] +> +> Before signing, ensure the below hashes match what is on your ledger. +> +> ### Incident Safe - Mainnet: `0x14536667Cd30e52C0b458BaACcB9faDA7046E056` +> +> - Domain Hash: `0xf3474c66ee08325b410c3f442c878d01ec97dd55a415a307e9d7d2ea24336289` +> - Message Hash: `0x16606b54a30b976c8fe52d12ad3313580c2a8c1f8ad356e798b992c8c0100316` + +# State Validations + +For each contract listed in the state diff, please verify that no contracts or state changes shown in the Tenderly diff are missing from this document. Additionally, please verify that for each contract: + +- The following state changes (and none others) are made to that contract. This validates that no unexpected state changes occur. +- All key values match the semantic meaning provided, which can be validated using the terminal commands provided. + +## State Overrides + +### Incident Safe - Mainnet (`0x14536667Cd30e52C0b458BaACcB9faDA7046E056`) + +- **Key**: `0x0000000000000000000000000000000000000000000000000000000000000004`
+ **Override**: `0x0000000000000000000000000000000000000000000000000000000000000001`
+ **Meaning**: Override the threshold to 1 so the transaction simulation can occur. + +- **Key**: `0xf9fe516b35962c32e1a7f8f1af935904480e1fd58eb91134e29da0325fb045b4`
+ **Override**: `0x0000000000000000000000000000000000000000000000000000000000000001`
+ **Meaning**: Simulates an approval from msg.sender in order for the task simulation to succeed. + +## Task State Changes + +### Incident Safe - Mainnet (`0x14536667Cd30e52C0b458BaACcB9faDA7046E056`) + +0. **Key**: `0x0000000000000000000000000000000000000000000000000000000000000003`
+ **Before**: `0x000000000000000000000000000000000000000000000000000000000000000e`
+ **After**: `0x000000000000000000000000000000000000000000000000000000000000000c`
+ **Value Type**: uint256
+ **Decoded Old Value**: `14`
+ **Decoded New Value**: `12`
+ **Meaning**: Updates the owner count
+ +1. **Key**: `0x0000000000000000000000000000000000000000000000000000000000000004`
+ **Before**: `0x0000000000000000000000000000000000000000000000000000000000000001`
+ **After**: `0x0000000000000000000000000000000000000000000000000000000000000003`
+ **Value Type**: uint256
+ **Decoded Old Value**: `1`
+ **Decoded New Value**: `3`
+ **Meaning**: Updates the execution threshold
+ +2. **Key**: `0x0000000000000000000000000000000000000000000000000000000000000005`
+ **Before**: `0x000000000000000000000000000000000000000000000000000000000000005a`
+ **After**: `0x000000000000000000000000000000000000000000000000000000000000005b`
+ **Value Type**: uint256
+ **Decoded Old Value**: `90`
+ **Decoded New Value**: `91`
+ **Meaning**: Increments the nonce
+ +3. **Key**: `0x03fe74f236e7c719072f101a65bf28fcc331b8991895a586493c4ec54f013c79`
+ **Before**: `0x0000000000000000000000000000000000000000000000000000000000000000`
+ **After**: `0x000000000000000000000000541a833e4303eb56a45be7e8e4a908db97568d1e`
+ **Value Type**: address
+ **Decoded Old Value**: `0x0000000000000000000000000000000000000000`
+ **Decoded New Value**: `0x541a833e4303eb56a45be7e8e4a908db97568d1e`
+ **Meaning**: Adds `0x5b154b8587168cb984ff610f5de74289d8f68874` to the owners mapping. This key can be derived from `cast index address 0x5b154b8587168cb984ff610f5de74289d8f68874 2`.
+ +4. **Key**: `0x51d0c1d26cdd742324bf18c3cb0c420aba6f951a054a73620fd9d0ed20dae7e8`
+ **Before**: `0x00000000000000000000000073565876170a336fa02fde34eed03e3121f70ba6`
+ **After**: `0x000000000000000000000000a3d3c103442f162856163d564b983ae538c6202d`
+ **Value Type**: address
+ **Decoded Old Value**: `0x73565876170a336fa02fde34eed03e3121f70ba6`
+ **Decoded New Value**: `0xa3d3c103442f162856163d564b983ae538c6202d`
+ **Meaning**: Removes `0x73565876170a336fa02fde34eed03e3121f70ba6` from the owners list. This key can be derived from `cast index address 0x26c72586fb396325f58718152fefa94e93cf177b 2`.
+ +5. **Key**: `0x680f53193021c7b5ff32fc6154805dcdc0fe6dae60134f899becf9139fee0f45`
+ **Before**: `0x000000000000000000000000b37b2d42cb0c10ebf96279cceca2cbfc47c6f236`
+ **After**: `0x0000000000000000000000000000000000000000000000000000000000000000`
+ **Value Type**: address
+ **Decoded Old Value**: `0xb37b2d42cb0c10ebf96279cceca2cbfc47c6f236`
+ **Decoded New Value**: `0x0000000000000000000000000000000000000000`
+ **Meaning**: Removes `0x9bf96dcf51959915c8c343a3e50820ad069a1859` from the owners list. This key can be derived from `cast index address 0x9bf96dcf51959915c8c343a3e50820ad069a1859 2`.
+ +6. **Key**: `0x7ea68b3c8a7f7867f7b6d6e5bd030223645fb027b0eb1dd797ca76b222c926e4`
+ **Before**: `0x000000000000000000000000a3d3c103442f162856163d564b983ae538c6202d`
+ **After**: `0x0000000000000000000000000000000000000000000000000000000000000000`
+ **Value Type**: address
+ **Decoded Old Value**: `0xa3d3c103442f162856163d564b983ae538c6202d`
+ **Decoded New Value**: `0x0000000000000000000000000000000000000000`
+ **Meaning**: Removes `0x92b79e6c995ee8b267ec1ac2743d1c1fbfffc447` from the owners list. This key can be derived from `cast index address 0x92b79e6c995ee8b267ec1ac2743d1c1fbfffc447 2`.
+ +7. **Key**: `0xb66edc9a114e89f02d0b7982582a48a539d388af46cfade8e93f01cba0973729`
+ **Before**: `0x0000000000000000000000009bf96dcf51959915c8c343a3e50820ad069a1859`
+ **After**: `0x000000000000000000000000b37b2d42cb0c10ebf96279cceca2cbfc47c6f236`
+ **Value Type**: address
+ **Decoded Old Value**: `0x9bf96dcf51959915c8c343a3e50820ad069a1859`
+ **Decoded New Value**: `0xb37b2d42cb0c10ebf96279cceca2cbfc47c6f236`
+ **Meaning**: Updates the owners list for `0xa31e1c38d5c37d8ecd0e94c80c0f7fd624d009a3` to point to the next address `0xb37b2d42cb0c10ebf96279cceca2cbfc47c6f236` + since it's current next address was deleted. This key can be derived from `cast index address 0xa31e1c38d5c37d8ecd0e94c80c0f7fd624d009a3 2`.
+ +8. **Key**: `0xd5d27d91bd7fb221a305aba9b1452dc14191edebe72a0d2caa92579343b1367f`
+ **Before**: `0x00000000000000000000000092b79e6c995ee8b267ec1ac2743d1c1fbfffc447`
+ **After**: `0x0000000000000000000000000000000000000000000000000000000000000000`
+ **Value Type**: address
+ **Decoded Old Value**: `0x92b79e6c995ee8b267ec1ac2743d1c1fbfffc447`
+ **Decoded New Value**: `0x0000000000000000000000000000000000000000`
+ **Meaning**: Removes `0x73565876170a336fa02fde34eed03e3121f70ba6` from the owners list. This key can be derived from `cast index address 0x73565876170a336fa02fde34eed03e3121f70ba6 2`.
+ +9. **Key**: `0xe90b7bceb6e7df5418fb78d8ee546e97c83a08bbccc01a0644d599ccd2a7c2e0`
+ **Before**: `0x000000000000000000000000541a833e4303eb56a45be7e8e4a908db97568d1e`
+ **After**: `0x0000000000000000000000005b154b8587168cb984ff610f5de74289d8f68874`
+ **Value Type**: address
+ **Decoded Old Value**: `0x541a833e4303eb56a45be7e8e4a908db97568d1e`
+ **Decoded New Value**: `0x5b154b8587168cb984ff610f5de74289d8f68874`
+ **Meaning**: Sets the head of the owners linked list. This key can be derived from `cast index address 0x0000000000000000000000000000000000000001 2`.
+ +### Your Signer Address + +- Nonce increment + +You can now navigate back to the [README](../README.md#43-extract-the-domain-hash-and-the-message-hash-to-approve) to continue the signing process. diff --git a/mainnet/2025-09-13-incident-multisig-signers/foundry.toml b/mainnet/2025-09-13-incident-multisig-signers/foundry.toml new file mode 100644 index 00000000..14499ab0 --- /dev/null +++ b/mainnet/2025-09-13-incident-multisig-signers/foundry.toml @@ -0,0 +1,20 @@ +[profile.default] +src = 'src' +out = 'out' +libs = ['lib'] +broadcast = 'records' +fs_permissions = [{ access = "read-write", path = "./" }] +optimizer = true +optimizer_runs = 999999 +solc_version = "0.8.15" +via-ir = false +remappings = [ + '@eth-optimism-bedrock/=lib/optimism/packages/contracts-bedrock/', + '@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts', + '@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts', + '@rari-capital/solmate/=lib/solmate/', + '@base-contracts/=lib/base-contracts', + 'solady/=lib/solady/src/', +] + +# See more config options https://github.com/foundry-rs/foundry/tree/master/config diff --git a/mainnet/2025-09-13-incident-multisig-signers/script/UpdateSigners.s.sol b/mainnet/2025-09-13-incident-multisig-signers/script/UpdateSigners.s.sol new file mode 100644 index 00000000..41d91501 --- /dev/null +++ b/mainnet/2025-09-13-incident-multisig-signers/script/UpdateSigners.s.sol @@ -0,0 +1,133 @@ +// SPDX-License-Identifier: MIT +pragma solidity 0.8.15; + +import {Vm} from "forge-std/Vm.sol"; +import {stdJson} from "forge-std/StdJson.sol"; +import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; +import {IMulticall3} from "forge-std/interfaces/IMulticall3.sol"; + +import {MultisigScript} from "@base-contracts/script/universal/MultisigScript.sol"; +import {GnosisSafe} from "safe-smart-account/GnosisSafe.sol"; +import {OwnerManager} from "safe-smart-account/base/OwnerManager.sol"; + +contract UpdateSigners is MultisigScript { + using stdJson for string; + + address public constant SENTINEL_OWNERS = address(0x1); + + address public immutable OWNER_SAFE; + uint256 public immutable THRESHOLD; + address[] public EXISTING_OWNERS; + + address[] public OWNERS_TO_ADD; + address[] public OWNERS_TO_REMOVE; + + mapping(address => address) public ownerToPrevOwner; + mapping(address => address) public ownerToNextOwner; + mapping(address => bool) public expectedOwner; + + constructor() { + OWNER_SAFE = vm.envAddress("OWNER_SAFE"); + + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + THRESHOLD = ownerSafe.getThreshold(); + EXISTING_OWNERS = ownerSafe.getOwners(); + + string memory rootPath = vm.projectRoot(); + string memory path = string.concat(rootPath, "/OwnerDiff.json"); + string memory jsonData = vm.readFile(path); + + OWNERS_TO_ADD = abi.decode(jsonData.parseRaw(".OwnersToAdd"), (address[])); + OWNERS_TO_REMOVE = abi.decode(jsonData.parseRaw(".OwnersToRemove"), (address[])); + } + + function setUp() external { + require(OWNERS_TO_ADD.length > 0, "Precheck 00"); + require(OWNERS_TO_REMOVE.length > 0, "Precheck 01"); + require(EXISTING_OWNERS.length == 14, "Precheck 02"); + + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + address prevOwner = SENTINEL_OWNERS; + + for (uint256 i = OWNERS_TO_ADD.length; i > 0; i--) { + uint256 index = i - 1; + // Make sure owners to add are not already owners + require(!ownerSafe.isOwner(OWNERS_TO_ADD[index]), "Precheck 03"); + // Prevent duplicates + require(!expectedOwner[OWNERS_TO_ADD[index]], "Precheck 04"); + + ownerToPrevOwner[OWNERS_TO_ADD[index]] = prevOwner; + ownerToNextOwner[prevOwner] = OWNERS_TO_ADD[index]; + prevOwner = OWNERS_TO_ADD[index]; + expectedOwner[OWNERS_TO_ADD[index]] = true; + } + + for (uint256 i; i < EXISTING_OWNERS.length; i++) { + ownerToPrevOwner[EXISTING_OWNERS[i]] = prevOwner; + ownerToNextOwner[prevOwner] = EXISTING_OWNERS[i]; + prevOwner = EXISTING_OWNERS[i]; + expectedOwner[EXISTING_OWNERS[i]] = true; + } + + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + // Make sure owners to remove are owners + require(ownerSafe.isOwner(OWNERS_TO_REMOVE[i]), "Precheck 05"); + // Prevent duplicates + require(expectedOwner[OWNERS_TO_REMOVE[i]], "Precheck 06"); + expectedOwner[OWNERS_TO_REMOVE[i]] = false; + + // Remove from linked list to keep ownerToPrevOwner up to date + // Note: This works as long as the order of OWNERS_TO_REMOVE does not change during `_buildCalls()` + address nextOwner = ownerToNextOwner[OWNERS_TO_REMOVE[i]]; + address prevPtr = ownerToPrevOwner[OWNERS_TO_REMOVE[i]]; + ownerToPrevOwner[nextOwner] = prevPtr; + ownerToNextOwner[prevPtr] = nextOwner; + } + } + + function _postCheck(Vm.AccountAccess[] memory, Simulation.Payload memory) internal view override { + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + address[] memory postCheckOwners = ownerSafe.getOwners(); + uint256 postCheckThreshold = ownerSafe.getThreshold(); + + uint256 expectedLength = EXISTING_OWNERS.length + OWNERS_TO_ADD.length - OWNERS_TO_REMOVE.length; + + require(postCheckThreshold == THRESHOLD, "Postcheck 00"); + require(postCheckOwners.length == expectedLength, "Postcheck 01"); + + for (uint256 i; i < postCheckOwners.length; i++) { + require(expectedOwner[postCheckOwners[i]], "Postcheck 02"); + } + } + + function _buildCalls() internal view override returns (IMulticall3.Call3Value[] memory) { + IMulticall3.Call3Value[] memory calls = + new IMulticall3.Call3Value[](OWNERS_TO_ADD.length + OWNERS_TO_REMOVE.length); + + for (uint256 i; i < OWNERS_TO_ADD.length; i++) { + calls[i] = IMulticall3.Call3Value({ + target: OWNER_SAFE, + allowFailure: false, + callData: abi.encodeCall(OwnerManager.addOwnerWithThreshold, (OWNERS_TO_ADD[i], THRESHOLD)), + value: 0 + }); + } + + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + calls[OWNERS_TO_ADD.length + i] = IMulticall3.Call3Value({ + target: OWNER_SAFE, + allowFailure: false, + callData: abi.encodeCall( + OwnerManager.removeOwner, (ownerToPrevOwner[OWNERS_TO_REMOVE[i]], OWNERS_TO_REMOVE[i], THRESHOLD) + ), + value: 0 + }); + } + + return calls; + } + + function _ownerSafe() internal view override returns (address) { + return OWNER_SAFE; + } +}