feat: deploy Rollup contracts

[anna-carroll]

System

• RollupOrders
• RollupPassage
• Simple ERC20s - WBTC & USDT
• WETH9
• create2 helper

Safe

The Safe repo lacks Forge scripts to deploy their setup to a new chain, so we have implemented them here.

• Safe factory
• SafeL2 singleton
• one Safe instance to serve as the USDC admin

Other External

For the following pre-deployed contracts, we will be using the Forge deploy scripts written by the teams.

• permit2 - link
• USDC - link

[rswanson]

do we need cd for this?

[prestwich]

do we want to do salt-mining to find low addresses?

[anna-carroll]

hmm. well, we don't technically have to. we could handpick better addrs than we could reasonably mine by simply directly editing the allocs file. though, that would mean generating the allocs would be less reproducible.

[prestwich]

yeah, we'd also have to do some find-and-replace shenangians to update immutables and storage vars. which would be annoying. but it would be awful nice to have them have short addresses 🤔

[anna-carroll]

depends on how dearly we wish for the script to produce the exact final allocs

if we want efficient addrs for all contracts (&& fully deterministic script -> allocs) we might want to consider forking the USDC deploy script and making them CREATE2 deploys, because rn they're just CREATE and can't be easily mined

[anna-carroll]

yeah, we'd also have to do some find-and-replace shenangians to update immutables and storage vars. which would be annoying. but it would be awful nice to have them have short addresses 🤔

well, actually, out of the following contracts

• permit2
• RollupPassage
• RollupOrders
• WBTC
• USDT
• SafeProxyFactory
• SafeL2
• CompatibilityFallbackHandler
• the USDC admin Safe instance
• WETH9

we could handpick the addrs without find-and-replacing anything in code/storage:

1. permit2 is stored as an immutable in RollupPassage and RollupOrders
2. SafeL2 and CompatibilityFallbackHandler are stored in the storage slots of the USDC admin Safe instance
3. USDC admin Safe instance is stored in various storage slots in the USDC protocol

BUT, for all three of these cases, the addrs that are stored in storage/immutables are just params configured in the deploys of the subsequent contracts. we could just handpick the addrs and reconfigure the deploys to point to those addrs and the immutables/storage slots would be produced correctly by the deploy scripts.

The only ones that would be more complex to fiddle with (and therefore something I'm reticent to do) is:

• the entire USDC protocol

which has a lot of internal dependencies on itself that is stored in immutables/storage, so we'd have to get into the guts to mess with the addresses

[prestwich]

can you document this further? not 100% sure what's going on. is this a canary that is used later to do a find/replace on the minter address?

[anna-carroll]

is this a canary that is used later to do a find/replace on the minter address?

correct. the intention was actually to replace the real minter address here once it's chosen (rather than find/replace in the alloc json)

[anna-carroll]

similar for OWNER_ONE and OWNER_TWO, which really should be updated in code because the storage slots that Gnosis stores owners at depend on the list of owners themselves

[prestwich]

kind-of a nit, but this canary value is ambiguous if preceded by a 9 nibble. can we use something like 0x9988... (only ambiguous if preceded by 0x9988)

[anna-carroll]

how bout this (improved docs too) f5e85bd

[prestwich]

my understanding is that the DeployGnosisSafe.s.sol and ZenithL2.s.sol are not intended to be run via foundry targeting a live RPC. is that right? can we move them to a separate folder with a small readme or some other note?

[anna-carroll]

my understanding is that the DeployGnosisSafe.s.sol and ZenithL2.s.sol are not intended to be run via foundry targeting a live RPC. is that right?

hmm. well, their purpose is to be run in order to generate the alloc file. right now, generating them using heimdall dump does require running them on a live RPC (in addition to anvil) because anvil doesn't support the endpoint that's needed.

they could be moved to script/predeploy/ or some such (and add a README) if that feels clearer