proofs: Move proposer/challenger params on v2 contract (#17463)

* Make calldata length check overridable

* Rework calldata length check

* Make calldata length helpers more granular

* Update PDG to use CWIA for proposer and challenger

* Add a few more tests

* Cleanup - rework method name, comments

* Run just lint

* Fix test names

* Add some more tests around invalid FDG immutable args data

* Add tests around invalid immutable args when creating PDGv2

* Add some method documentation

* Regenerate snapshots, run semver-lock

* Simplify method name

* Fix notice natspec comments

* Clean up step tests

* Reorder auth check and call to super.initialize

* Add fuzz test to validate step() reverts for unauthorized actors

* Run semver-lock

Author: mbaxter

packages/contracts-bedrock/interfaces/dispute/v2/IPermissionedDisputeGameV2.sol

@@ -130,13 +130,11 @@ interface IPermissionedDisputeGameV2 is IDisputeGame {
 
     error BadAuth();
 
-    function proposer() external view returns (address proposer_);
-    function challenger() external view returns (address challenger_);
+    function proposer() external pure returns (address proposer_);
+    function challenger() external pure returns (address challenger_);
 
     function __constructor__(
-        IFaultDisputeGameV2.GameConstructorParams memory _params,
-        address _proposer,
-        address _challenger
+        IFaultDisputeGameV2.GameConstructorParams memory _params
     )
         external;
 }

packages/contracts-bedrock/snapshots/abi/PermissionedDisputeGameV2.json

@@ -32,16 +32,6 @@
         "internalType": "struct FaultDisputeGameV2.GameConstructorParams",
         "name": "_params",
         "type": "tuple"
-      },
-      {
-        "internalType": "address",
-        "name": "_proposer",
-        "type": "address"
-      },
-      {
-        "internalType": "address",
-        "name": "_challenger",
-        "type": "address"
       }
     ],
     "stateMutability": "nonpayable",
@@ -182,7 +172,7 @@
         "type": "address"
       }
     ],
-    "stateMutability": "view",
+    "stateMutability": "pure",
     "type": "function"
   },
   {
@@ -660,7 +650,7 @@
         "type": "address"
       }
     ],
-    "stateMutability": "view",
+    "stateMutability": "pure",
     "type": "function"
   },
   {

packages/contracts-bedrock/snapshots/semver-lock.json

@@ -176,12 +176,12 @@
     "sourceCodeHash": "0x8fdd69d4bcd33a3d8b49a73ff5b6855f9ad5f7e2b7393e67cd755973b127b1e8"
   },
   "src/dispute/v2/FaultDisputeGameV2.sol:FaultDisputeGameV2": {
-    "initCodeHash": "0x13ef27ad793c95be884dea8259ac06619bf13d10868c5fc9980bc402b59efb8d",
-    "sourceCodeHash": "0x47c141889e647820759a2eaa84c31be8acdce6427cc4fe7c00a482ba44d62b87"
+    "initCodeHash": "0xb5a7bfcbfcb445dc57fc88c07d7305191dc32cc0cf5580d50b4897229e4033c1",
+    "sourceCodeHash": "0x38fd8878a22564cd63e2bdc6af51edead373e2c4a90e631d2774078bbaa54ea6"
   },
   "src/dispute/v2/PermissionedDisputeGameV2.sol:PermissionedDisputeGameV2": {
-    "initCodeHash": "0x7b1385d347dce625d63f71c13201fd90e63fcaeae17416911bccd9d670b3afc4",
-    "sourceCodeHash": "0xc5aa308a19fd9600607370693885155a3d6f9f7bf8a7c6ff93a389c37c136555"
+    "initCodeHash": "0xcff1406639ff8a83a4c948f412329956104bc7ee30eb8da169a2ba5ef6d8848f",
+    "sourceCodeHash": "0x53fdae5faf97beed5f23d4f285bed06766161ab15c88e3a388f84808471a73c3"
   },
   "src/legacy/DeployerWhitelist.sol:DeployerWhitelist": {
     "initCodeHash": "0x53099379ed48b87f027d55712dbdd1da7d7099925426eb0531da9c0012e02c29",

packages/contracts-bedrock/src/dispute/v2/FaultDisputeGameV2.sol

@@ -151,9 +151,9 @@ contract FaultDisputeGameV2 is Clone, ISemver {
     uint256 internal constant HEADER_BLOCK_NUMBER_INDEX = 8;
 
     /// @notice Semantic version.
-    /// @custom:semver 2.0.0
+    /// @custom:semver 2.1.0
     function version() public pure virtual returns (string memory) {
-        return "2.0.0";
+        return "2.1.0";
     }
 
     /// @notice The starting timestamp of the game
@@ -268,20 +268,7 @@ contract FaultDisputeGameV2 is Clone, ISemver {
         // This is to prevent adding extra or omitting bytes from to `extraData` that result in a different game UUID
         // in the factory, but are not used by the game, which would allow for multiple dispute games for the same
         // output proposal to be created.
-        //
-        // Expected length: 246 bytes
-        // - 4 bytes: selector
-        // - 2 bytes: CWIA length prefix
-        // - 20 bytes: creator address
-        // - 32 bytes: root claim
-        // - 32 bytes: l1 head
-        // - 32 bytes: extraData
-        // - 32 bytes: absolutePrestate
-        // - 20 bytes: vm address
-        // - 20 bytes: anchorStateRegistry address
-        // - 20 bytes: weth address
-        // - 32 bytes: l2ChainId
-        if (msg.data.length != 246) revert BadExtraData();
+        if (msg.data.length != expectedInitCallDataLength()) revert BadExtraData();
 
         // Grab the latest anchor root.
         (Hash root, uint256 rootBlockNumber) = anchorStateRegistry().getAnchorRoot();
@@ -340,6 +327,30 @@ contract FaultDisputeGameV2 is Clone, ISemver {
             GameType.unwrap(anchorStateRegistry().respectedGameType()) == GameType.unwrap(GAME_TYPE);
     }
 
+    /// @notice Returns the expected calldata length for the initialize method
+    function expectedInitCallDataLength() internal pure returns (uint256) {
+        // Expected length: 6 bytes + immutable args byte count
+        // - 4 bytes: selector
+        // - 2 bytes: CWIA length prefix
+        // - n bytes: Immutable args data
+        return 6 + immutableArgsByteCount();
+    }
+
+    /// @notice Returns the byte count of the immutable args for this contract.
+    function immutableArgsByteCount() internal pure virtual returns (uint256) {
+        // Expected length: 240 bytes
+        // - 20 bytes: creator address
+        // - 32 bytes: root claim
+        // - 32 bytes: l1 head
+        // - 32 bytes: extraData
+        // - 32 bytes: absolutePrestate
+        // - 20 bytes: vm address
+        // - 20 bytes: anchorStateRegistry address
+        // - 20 bytes: weth address
+        // - 32 bytes: l2ChainId
+        return 240;
+    }
+
     ////////////////////////////////////////////////////////////////
     //                  `IFaultDisputeGame` impl                  //
     ////////////////////////////////////////////////////////////////

packages/contracts-bedrock/src/dispute/v2/PermissionedDisputeGameV2.sol

@@ -17,39 +17,22 @@ import { BadAuth } from "src/dispute/lib/Errors.sol";
 ///         costs that certain networks may not wish to support. This contract can also be used as a fallback mechanism
 ///         in case of a failure in the permissionless fault proof system in the stage one release.
 contract PermissionedDisputeGameV2 is FaultDisputeGameV2 {
-    /// @notice The proposer role is allowed to create proposals and participate in the dispute game.
-    address internal immutable PROPOSER;
-
-    /// @notice The challenger role is allowed to participate in the dispute game.
-    address internal immutable CHALLENGER;
-
     /// @notice Modifier that gates access to the `challenger` and `proposer` roles.
     modifier onlyAuthorized() {
-        if (!(msg.sender == PROPOSER || msg.sender == CHALLENGER)) {
+        if (!(msg.sender == proposer() || msg.sender == challenger())) {
             revert BadAuth();
         }
         _;
     }
 
     /// @notice Semantic version.
-    /// @custom:semver 2.0.0
+    /// @custom:semver 2.1.0
     function version() public pure override returns (string memory) {
-        return "2.0.0";
+        return "2.1.0";
     }
 
     /// @param _params Parameters for creating a new FaultDisputeGame.
-    /// @param _proposer Address that is allowed to create instances of this contract.
-    /// @param _challenger Address that is allowed to challenge instances of this contract.
-    constructor(
-        GameConstructorParams memory _params,
-        address _proposer,
-        address _challenger
-    )
-        FaultDisputeGameV2(_params)
-    {
-        PROPOSER = _proposer;
-        CHALLENGER = _challenger;
-    }
+    constructor(GameConstructorParams memory _params) FaultDisputeGameV2(_params) { }
 
     /// @inheritdoc FaultDisputeGameV2
     function step(
@@ -86,24 +69,31 @@ contract PermissionedDisputeGameV2 is FaultDisputeGameV2 {
 
     /// @notice Initializes the contract.
     function initialize() public payable override {
+        super.initialize();
+
         // The creator of the dispute game must be the proposer EOA.
-        if (tx.origin != PROPOSER) revert BadAuth();
+        if (tx.origin != proposer()) revert BadAuth();
+    }
 
-        // Fallthrough initialization.
-        super.initialize();
+    function immutableArgsByteCount() internal pure override returns (uint256) {
+        // Extend expected data length to account for proposer and challenger addresses
+        // - 20 bytes: proposer address
+        // - 20 bytes: challenger address
+        return super.immutableArgsByteCount() + 40;
     }
 
     ////////////////////////////////////////////////////////////////
     //                     IMMUTABLE GETTERS                      //
     ////////////////////////////////////////////////////////////////
 
-    /// @notice Returns the proposer address.
-    function proposer() external view returns (address proposer_) {
-        proposer_ = PROPOSER;
+    /// @notice Returns the proposer address. The proposer role is allowed to create proposals and participate in the
+    /// dispute game.
+    function proposer() public pure returns (address proposer_) {
+        proposer_ = _getArgAddress(super.immutableArgsByteCount());
     }
 
-    /// @notice Returns the challenger address.
-    function challenger() external view returns (address challenger_) {
-        challenger_ = CHALLENGER;
+    /// @notice Returns the challenger address. The challenger role is allowed to participate in the dispute game.
+    function challenger() public pure returns (address challenger_) {
+        challenger_ = _getArgAddress(super.immutableArgsByteCount() + 20);
     }
 }

packages/contracts-bedrock/test/dispute/DisputeGameFactory.t.sol

@@ -129,9 +129,17 @@ contract DisputeGameFactory_TestInit is CommonTest {
         params_ = abi.decode(args, (ISuperFaultDisputeGame.GameConstructorParams));
     }
 
+    function _setGame(address _gameImpl, GameType _gameType) internal {
+        _setGame(_gameImpl, _gameType, false, "");
+    }
+
     function _setGame(address _gameImpl, GameType _gameType, bytes memory _implArgs) internal {
+        _setGame(_gameImpl, _gameType, true, _implArgs);
+    }
+
+    function _setGame(address _gameImpl, GameType _gameType, bool _hasImplArgs, bytes memory _implArgs) internal {
         vm.startPrank(disputeGameFactory.owner());
-        if (_implArgs.length > 0) {
+        if (_hasImplArgs) {
             disputeGameFactory.setImplementation(_gameType, IDisputeGame(_gameImpl), _implArgs);
         } else {
             disputeGameFactory.setImplementation(_gameType, IDisputeGame(_gameImpl));
@@ -157,7 +165,7 @@ contract DisputeGameFactory_TestInit is CommonTest {
             )
         });
 
-        _setGame(gameImpl_, GameTypes.SUPER_CANNON, "");
+        _setGame(gameImpl_, GameTypes.SUPER_CANNON);
     }
 
     /// @notice Sets up a super permissioned game implementation
@@ -185,7 +193,7 @@ contract DisputeGameFactory_TestInit is CommonTest {
             )
         });
 
-        _setGame(gameImpl_, GameTypes.SUPER_PERMISSIONED_CANNON, "");
+        _setGame(gameImpl_, GameTypes.SUPER_PERMISSIONED_CANNON);
     }
 
     /// @notice Sets up a fault game implementation
@@ -203,32 +211,44 @@ contract DisputeGameFactory_TestInit is CommonTest {
             )
         });
 
-        _setGame(gameImpl_, GameTypes.CANNON, "");
+        _setGame(gameImpl_, GameTypes.CANNON);
+    }
+
+    /// @notice Sets up immutable data for fault game v2 implementation
+    function getFaultDisputeGameV2ImmutableArgs(Claim _absolutePrestate)
+        internal
+        returns (bytes memory immutableArgs_, AlphabetVM vm_, IPreimageOracle preimageOracle_)
+    {
+        (vm_, preimageOracle_) = _createVM(_absolutePrestate);
+        // Encode the implementation args for CWIA (tightly packed)
+        immutableArgs_ = abi.encodePacked(
+            _absolutePrestate, // 32 bytes
+            vm_, // 20 bytes
+            anchorStateRegistry, // 20 bytes
+            delayedWeth, // 20 bytes
+            l2ChainId // 32 bytes (l2ChainId)
+        );
     }
 
     /// @notice Sets up a fault game v2 implementation
     function setupFaultDisputeGameV2(Claim _absolutePrestate)
         internal
         returns (address gameImpl_, AlphabetVM vm_, IPreimageOracle preimageOracle_)
     {
-        (vm_, preimageOracle_) = _createVM(_absolutePrestate);
+        bytes memory immutableArgs;
+        (immutableArgs, vm_, preimageOracle_) = getFaultDisputeGameV2ImmutableArgs(_absolutePrestate);
+        gameImpl_ = setupFaultDisputeGameV2(immutableArgs);
+    }
+
+    function setupFaultDisputeGameV2(bytes memory immutableArgs) internal returns (address gameImpl_) {
         gameImpl_ = DeployUtils.create1({
             _name: "FaultDisputeGameV2",
             _args: DeployUtils.encodeConstructor(
                 abi.encodeCall(IFaultDisputeGameV2.__constructor__, (_getGameConstructorParamsV2(GameTypes.CANNON)))
             )
         });
 
-        // Encode the implementation args for CWIA (tightly packed)
-        bytes memory implArgs = abi.encodePacked(
-            _absolutePrestate, // 32 bytes
-            vm_, // 20 bytes
-            anchorStateRegistry, // 20 bytes
-            delayedWeth, // 20 bytes
-            l2ChainId // 32 bytes (l2ChainId)
-        );
-
-        _setGame(gameImpl_, GameTypes.CANNON, implArgs);
+        _setGame(gameImpl_, GameTypes.CANNON, immutableArgs);
     }
 
     function setupPermissionedDisputeGame(
@@ -254,7 +274,7 @@ contract DisputeGameFactory_TestInit is CommonTest {
             )
         });
 
-        _setGame(gameImpl_, GameTypes.PERMISSIONED_CANNON, "");
+        _setGame(gameImpl_, GameTypes.PERMISSIONED_CANNON);
     }
 
     function changeClaimStatus(Claim _claim, VMStatus _status) public pure returns (Claim out_) {
@@ -263,6 +283,30 @@ contract DisputeGameFactory_TestInit is CommonTest {
         }
     }
 
+    /// @notice Sets up immutable args for PDG v2 implementation
+    function getPermissionedDisputeGameV2ImmutableArgs(
+        Claim _absolutePrestate,
+        address _proposer,
+        address _challenger
+    )
+        internal
+        returns (bytes memory implArgs_, AlphabetVM vm_, IPreimageOracle preimageOracle_)
+    {
+        (vm_, preimageOracle_) = _createVM(_absolutePrestate);
+
+        // Encode the implementation args for CWIA (tightly packed)
+        implArgs_ = abi.encodePacked(
+            _absolutePrestate, // 32 bytes
+            vm_, // 20 bytes
+            anchorStateRegistry, // 20 bytes
+            delayedWeth, // 20 bytes
+            l2ChainId, // 32 bytes (l2ChainId),
+            _proposer, // 20 bytes
+            _challenger // 20 bytes
+        );
+    }
+
+    /// @notice Deploys PDG v2 implementation and sets it on the DGF
     function setupPermissionedDisputeGameV2(
         Claim _absolutePrestate,
         address _proposer,
@@ -271,27 +315,25 @@ contract DisputeGameFactory_TestInit is CommonTest {
         internal
         returns (address gameImpl_, AlphabetVM vm_, IPreimageOracle preimageOracle_)
     {
-        (vm_, preimageOracle_) = _createVM(_absolutePrestate);
+        bytes memory implArgs;
+        (implArgs, vm_, preimageOracle_) =
+            getPermissionedDisputeGameV2ImmutableArgs(_absolutePrestate, _proposer, _challenger);
+
+        gameImpl_ = setupPermissionedDisputeGameV2(implArgs);
+    }
+
+    /// @notice Deploys PDG v2 implementation and sets it on the DGF
+    function setupPermissionedDisputeGameV2(bytes memory _implArgs) internal returns (address gameImpl_) {
         gameImpl_ = DeployUtils.create1({
             _name: "PermissionedDisputeGameV2",
             _args: DeployUtils.encodeConstructor(
                 abi.encodeCall(
-                    IPermissionedDisputeGameV2.__constructor__,
-                    (_getGameConstructorParamsV2(GameTypes.PERMISSIONED_CANNON), _proposer, _challenger)
+                    IPermissionedDisputeGameV2.__constructor__, (_getGameConstructorParamsV2(GameTypes.PERMISSIONED_CANNON))
                 )
             )
         });
 
-        // Encode the implementation args for CWIA (tightly packed)
-        bytes memory implArgs = abi.encodePacked(
-            _absolutePrestate, // 32 bytes
-            vm_, // 20 bytes
-            anchorStateRegistry, // 20 bytes
-            delayedWeth, // 20 bytes
-            l2ChainId // 32 bytes (l2ChainId)
-        );
-
-        _setGame(gameImpl_, GameTypes.PERMISSIONED_CANNON, implArgs);
+        _setGame(gameImpl_, GameTypes.PERMISSIONED_CANNON, _implArgs);
     }
 }