chore(deps-dev): bump @typescript-eslint/eslint-plugin from 4.33.0 to 6.5.0

packages/bridge-ui-v2/package.json

@@ -25,7 +25,7 @@
     "@sveltejs/adapter-static": "^2.0.2",
     "@sveltejs/kit": "^1.22.3",
     "@types/debug": "^4.1.7",
-    "@typescript-eslint/eslint-plugin": "^5.45.0",
+    "@typescript-eslint/eslint-plugin": "^6.5.0",
     "@typescript-eslint/parser": "^5.45.0",
     "@vitest/coverage-v8": "^0.33.0",
     "@wagmi/cli": "^1.0.1",

packages/bridge-ui-v2/src/styles/components.css

@@ -167,11 +167,13 @@
     hover:background-color: var(--interactive-dark-tertiary-hover, #5D636F);
   }
 
-  .glassy-gradient-card {
-    /* Trying to be consistent with design */
-    /* grey-500/10 => grey-800/20 */
+  .glassy-gradient-card::before {
     background: linear-gradient(226deg, rgba(93, 99, 111, 0.1) 1.26%, rgba(25, 30, 40, 0.2) 100%);
-    backdrop-filter: blur(10px);
+    content: '';
+    backdrop-filter: blur(2px);
+    position: absolute;
+    inset: 0%;
+    z-index: -1;
   }
 
   input {

packages/bridge-ui/package.json

@@ -31,7 +31,7 @@
     "@types/jest": "^27.5.2",
     "@types/mixpanel": "^2.14.3",
     "@types/sanitize-html": "^2.6.2",
-    "@typescript-eslint/eslint-plugin": "^5.16.0",
+    "@typescript-eslint/eslint-plugin": "^6.5.0",
     "@typescript-eslint/parser": "^5.16.0",
     "@wagmi/cli": "^1.0.1",
     "@zerodevx/svelte-toast": "^0.6.3",

packages/pos-dashboard/package.json

@@ -29,7 +29,7 @@
     "@types/jest": "^27.0.2",
     "@types/mixpanel": "^2.14.3",
     "@types/sanitize-html": "^2.6.2",
-    "@typescript-eslint/eslint-plugin": "^5.16.0",
+    "@typescript-eslint/eslint-plugin": "^6.5.0",
     "@typescript-eslint/parser": "^5.16.0",
     "@wagmi/cli": "^1.0.1",
     "@zerodevx/svelte-toast": "^0.6.3",

packages/protocol/contracts/L1/TaikoData.sol

@@ -142,11 +142,11 @@ library TaikoData {
     struct Block {
         bytes32 metaHash; // slot 1
         address prover; // slot 2
-        uint64 proposedAt;
-        uint16 nextTransitionId;
-        uint16 verifiedTransitionId;
-        uint64 blockId; // slot 3
         uint96 proofBond;
+        uint64 blockId; // slot 3
+        uint64 proposedAt;
+        uint32 nextTransitionId;
+        uint32 verifiedTransitionId;
         uint16 proofWindow;
     }
 
@@ -187,9 +187,9 @@ library TaikoData {
         // Ring buffer for proposed blocks and a some recent verified blocks.
         mapping(uint64 blockId_mode_blockRingBufferSize => Block) blocks;
         mapping(
-            uint64 blockId => mapping(bytes32 parentHash => uint16 transitionId)
+            uint64 blockId => mapping(bytes32 parentHash => uint32 transitionId)
             ) transitionIds;
-        mapping(uint64 blockId => mapping(uint16 transitionId => Transition))
+        mapping(uint64 blockId => mapping(uint32 transitionId => Transition))
             transitions;
         mapping(bytes32 txListHash => TxListInfo) txListInfo;
         mapping(uint256 depositId_mode_ethDepositRingBufferSize => uint256)

packages/protocol/contracts/L1/TaikoToken.sol

@@ -25,8 +25,8 @@ import { PausableUpgradeable } from
 import { Proxied } from "../common/Proxied.sol";
 
 /// @title TaikoToken
-/// @notice The TaikoToken (TKO) is used for proposing blocks and also for
-/// staking in the Taiko protocol. It is an ERC20 token with 8 decimal places of
+/// @notice The TaikoToken (TKO), in the protocol is used for prover collateral
+/// in the form of bonds. It is an ERC20 token with 18 decimal places of
 /// precision.
 contract TaikoToken is
     EssentialContract,
@@ -109,7 +109,7 @@ contract TaikoToken is
         uint256 amount
     )
         public
-        onlyFromNamed("erc20_vault")
+        onlyFromNamed2("erc20_vault", "taiko")
     {
         _burn(from, amount);
     }

packages/protocol/contracts/L1/libs/LibDepositing.sol

@@ -61,6 +61,9 @@ library LibDepositing {
             })
         );
 
+        // Unchecked is safe:
+        // - uint64 can store up to ~1.8 * 1e19, which can represent 584K years
+        // if we are depositing at every second
         unchecked {
             state.slotA.numEthDeposits++;
         }
@@ -106,6 +109,12 @@ library LibDepositing {
                 });
                 uint96 _fee =
                     deposits[i].amount > fee ? fee : deposits[i].amount;
+
+                // Unchecked is safe:
+                // - _fee cannot be bigger than deposits[i].amount
+                // - all values are in the same range (uint96) except loop
+                // counter, which obviously cannot be bigger than uint95
+                // otherwise the function would be gassing out.
                 unchecked {
                     deposits[i].amount -= _fee;
                     totalFee += _fee;
@@ -118,6 +127,10 @@ library LibDepositing {
             state.ethDeposits[state.slotA.numEthDeposits
                 % config.ethDepositRingBufferSize] =
                 _encodeEthDeposit(feeRecipient, totalFee);
+
+            // Unchecked is safe:
+            // - uint64 can store up to ~1.8 * 1e19, which can represent 584K
+            // years if we are depositing at every second
             unchecked {
                 state.slotA.numEthDeposits++;
             }
@@ -138,6 +151,13 @@ library LibDepositing {
         view
         returns (bool)
     {
+        // Unchecked is safe:
+        // - both numEthDeposits and state.slotA.nextEthDepositToProcess are
+        // indexes. One is tracking all deposits (numEthDeposits: unprocessed)
+        // and the next to be processed, so nextEthDepositToProcess cannot be
+        // bigger than numEthDeposits
+        // - ethDepositRingBufferSize cannot be 0 by default (validity checked
+        // in LibVerifying)
         unchecked {
             return amount >= config.ethDepositMinAmount
                 && amount <= config.ethDepositMaxAmount

packages/protocol/contracts/L1/libs/LibProposing.sol

@@ -83,6 +83,7 @@ library LibProposing {
 
         TaikoToken tt = TaikoToken(resolver.resolve("taiko_token", false));
         if (state.taikoTokenBalances[assignment.prover] >= config.proofBond) {
+            // Safe, see the above constraint
             unchecked {
                 state.taikoTokenBalances[assignment.prover] -= config.proofBond;
             }
@@ -127,6 +128,11 @@ library LibProposing {
         uint256 reward;
         if (config.proposerRewardPerSecond > 0 && config.proposerRewardMax > 0)
         {
+            // Unchecked is safe:
+            // - block.timestamp is always greater than block.proposedAt
+            // (proposed in the past)
+            // - 1x state.taikoTokenBalances[addr] uint256 could theoretically
+            // store the whole token supply
             unchecked {
                 uint256 blockTime = block.timestamp
                     - state.blocks[(b.numBlocks - 1) % config.blockRingBufferSize]
@@ -152,6 +158,10 @@ library LibProposing {
         }
 
         // Init the metadata
+        // Unchecked is safe:
+        // - equation is done among same variable types
+        // - incrementation (state.slotB.numBlocks++) is fine for 584K years if
+        // we propose at every second
         unchecked {
             meta.id = b.numBlocks;
             meta.timestamp = uint64(block.timestamp);
@@ -175,13 +185,14 @@ library LibProposing {
             // Init the block
             TaikoData.Block storage blk =
                 state.blocks[b.numBlocks % config.blockRingBufferSize];
+
             blk.metaHash = LibUtils.hashMetadata(meta);
             blk.prover = assignment.prover;
+            blk.proofBond = config.proofBond;
+            blk.blockId = meta.id;
             blk.proposedAt = meta.timestamp;
             blk.nextTransitionId = 1;
             blk.verifiedTransitionId = 0;
-            blk.blockId = meta.id;
-            blk.proofBond = config.proofBond;
             blk.proofWindow = config.proofWindow;
 
             emit BlockProposed({

packages/protocol/contracts/L1/libs/LibProving.sol

@@ -84,12 +84,15 @@ library LibProving {
         }
 
         TaikoData.Transition storage tz;
-        uint16 tid =
+        uint32 tid =
             LibUtils.getTransitionId(state, blk, blockId, evidence.parentHash);
 
         if (tid == 0) {
             tid = blk.nextTransitionId;
 
+            // Unchecked is safe:
+            // - Not realistic 2**32 different fork choice per block will be
+            // proven and none of them is valid
             unchecked {
                 ++blk.nextTransitionId;
             }
@@ -152,7 +155,7 @@ library LibProving {
             state.blocks[blockId % config.blockRingBufferSize];
         if (blk.blockId != blockId) revert L1_BLOCK_ID_MISMATCH();
 
-        uint16 tid = LibUtils.getTransitionId(state, blk, blockId, parentHash);
+        uint32 tid = LibUtils.getTransitionId(state, blk, blockId, parentHash);
         if (tid == 0) revert L1_TRANSITION_NOT_FOUND();
 
         tz = state.transitions[blockId][tid];
@@ -164,6 +167,13 @@ library LibProving {
         returns (bytes32 instance)
     {
         if (evidence.prover == LibUtils.ORACLE_PROVER) return 0;
-        else return keccak256(abi.encode(evidence));
+        else return keccak256(abi.encode(
+            evidence.metaHash,
+            evidence.parentHash,
+            evidence.blockHash,
+            evidence.signalRoot,
+            evidence.graffiti,
+            evidence.prover
+        ));
     }
 }

packages/protocol/contracts/L1/libs/LibTaikoToken.sol

@@ -25,7 +25,7 @@ library LibTaikoToken {
     {
         uint256 balance = state.taikoTokenBalances[msg.sender];
         if (balance < amount) revert L1_INSUFFICIENT_TOKEN();
-
+        // Unchecked is safe per above check
         unchecked {
             state.taikoTokenBalances[msg.sender] -= amount;
         }

packages/protocol/contracts/L1/libs/LibUtils.sol

@@ -40,7 +40,7 @@ library LibUtils {
     )
         internal
         view
-        returns (uint16 tid)
+        returns (uint32 tid)
     {
         if (state.transitions[blk.blockId][1].key == parentHash) {
             tid = 1;

packages/protocol/contracts/L1/libs/LibVerifying.sol

@@ -62,6 +62,10 @@ library LibVerifying {
                     >= type(uint96).max / config.ethDepositMaxCountPerBlock
         ) revert L1_INVALID_CONFIG();
 
+        // Unchecked is safe:
+        // - assignment is within ranges
+        // - block.timestamp will still be within uint64 range for the next
+        // 500K+ years.
         unchecked {
             uint64 timeNow = uint64(block.timestamp);
 
@@ -105,7 +109,7 @@ library LibVerifying {
             state.blocks[blockId % config.blockRingBufferSize];
         if (blk.blockId != blockId) revert L1_BLOCK_ID_MISMATCH();
 
-        uint16 tid = blk.verifiedTransitionId;
+        uint32 tid = blk.verifiedTransitionId;
         if (tid == 0) revert L1_UNEXPECTED_TRANSITION_ID();
 
         bytes32 blockHash = state.transitions[blockId][tid].blockHash;
@@ -114,6 +118,11 @@ library LibVerifying {
         TaikoData.Transition memory tz;
 
         uint64 processed;
+
+        // Unchecked is safe:
+        // - assignment is within ranges
+        // - blockId and processed values incremented will still be OK in the
+        // next 584K years if we verifying one block per every second
         unchecked {
             ++blockId;
 

packages/protocol/contracts/L2/TaikoL2.sol

@@ -277,6 +277,8 @@ contract TaikoL2 is EssentialContract, TaikoL2Signer, ICrossChainSync {
         returns (bytes32 prevPIH, bytes32 currPIH)
     {
         bytes32[256] memory inputs;
+
+        // Unchecked is safe because it cannot overflow.
         unchecked {
             // Put the previous 255 blockhashes (excluding the parent's) into a
             // ring buffer.
@@ -307,6 +309,10 @@ contract TaikoL2 is EssentialContract, TaikoL2Signer, ICrossChainSync {
         view
         returns (uint256 _basefee, uint64 _gasExcess)
     {
+        // Unchecked is safe because:
+        // - gasExcess is capped at uint64 max ever, so multiplying with a
+        // uint32 value is safe
+        // - 'excess' is bigger than 'issued'
         unchecked {
             uint256 issued = timeSinceParent * config.gasIssuedPerSecond;
             uint256 excess = (uint256(gasExcess) + parentGasUsed).max(issued);

packages/protocol/contracts/actors_privileges_deployments.md

@@ -0,0 +1,67 @@
+# Actors, Privileges, and Upgradeable Procedures Documentation
+
+## Introduction
+
+This document provides a comprehensive overview of the actors involved in the smart contract system and outlines their respective privileges and roles.
+Different `roles` (we call them `domain`) are granted via `AddressManager` contract's `setAddress()` function. Idea is very similar Optimism's `AddressManager` except that we use the `chainId + domainName` as the key for a given address. We need so, because for bridging purposes, the destination chain's bridge address needs to be inculded signaling the messgae hash is tamper-proof.
+Every contract which needs some role-based authentication, needs to inherit from `AddressResolver` contract, which will serve as a 'middleman/lookup' by querying the `AddressManager` per given address is allowed to act on behalf of that domain or not.
+
+## 1. Domains (≈role per chainId)
+
+In the context of the smart contract system, various actors play distinct roles. Each actor is associated with specific responsibilities and privileges within the system. When there is a modifier called `onlyFromNamed` or `onlyFromNamed2`, it means we are checking access through the before mentioned contracts (`AddressResolver` and `AddressManager`), and one function maximum allows up to 2 domains (right now, but it might change when e.g.`DAO` is set up) can be given access.
+
+### 1.1 Taiko
+
+- **Role**: This domain role is given to TaikoL1 smart contract.
+- **Privileges**:
+  - Possibility to mint/burn the taiko token
+  - Possibility to mint/burn erc20 tokens (I think we should remove this privilege)
+
+### 1.2 Bridge
+
+- **Role**: This domain role is given to Bridge smart contracts (both chains).
+- **Privileges**:
+  - The right to trigger transfering/minting the tokens (on destination chain) (be it ERC20, ERC721, ERC1155) from the vault contracts
+  - The right to trigger releasing the custodied assets on the source chain (if bridging is not successful)
+
+### 1.3 ERCXXX_Vault
+
+- **Role**: This role is givne to respective token vault contracts (ERC20, ERC721, ERC1155)
+- **Privileges**:
+  - Part of token briding, the possibility to burn and mint the respective standard tokens (no autotelic minting/burning)
+
+## 2. Different access modifiers
+
+Beside the `onlyFromNamed` or `onlyFromNamed2` modifiers, we have others such as:
+
+### 2.1 onlyOwner
+
+- **Description**: Only owner can be granted access.
+- **Associated contracts**: TaikoToken, AddressManager, EtherVault
+
+### 2.2 onlyAuthorized
+
+- **Description**: Only authorized (by owner) can be granted access - the address shall be a smart contract. (`Bridge` in our case)
+- **Associated Actors**: EtherVault
+
+## 3. Upgradeable Procedures
+
+The smart contract system incorporates upgradeable procedures to ensure flexibility and security. These procedures adhere to the following principles:
+
+### 3.1 Deployment Scripts
+
+- Deployment scripts are visible in the `packages/protocol/scripts` folder, encompassing both deployment and upgrade scripts for easy reference and replication.
+
+### 3.2 Transparent Upgradeability
+
+- Upgradeability is based on the Transparent Upgradeability Proxy by OpenZeppelin, ensuring that contract upgrades are secure and transparent to all stakeholders.
+
+### 3.3 Ownership Transition
+
+- Currently, on testnets, some privileges (like `onlyOwner`) are assigned to externally owned accounts (EOAs) for easier testing. However, it is essential to note that `TimeLockController` contracts will be the owners at a later stage.
+
+## Conclusion
+
+Clear documentation of actors and their privileges, combined with robust upgradeable procedures, is essential for smart contract systems, especially for based rollups. This documentation ensures that all stakeholders understand their roles and responsibilities within the system and guarantees its adaptability and security over time.
+
+Please ensure that this document is kept up to date as changes are made to the smart contract system and its actors or privileges.

packages/protocol/contracts/libs/Lib1559Math.sol

@@ -13,6 +13,11 @@ import { SafeCastUpgradeable } from
 /// @title Lib1559Math
 /// @dev This library provides utilities related to the L2 EIP-1559
 /// implementation.
+/// See formulas described in the whitepaper
+/// https://taikoxyz.github.io/taiko-mono/taiko-whitepaper.pdf
+/// From section:  "9.6. Rate Limiting using EIP-1559."
+/// Additional info about the arithmetic formula:
+/// https://github.com/taikoxyz/taiko-mono/blob/main/packages/protocol/docs/L2EIP1559.md
 library Lib1559Math {
     using SafeCastUpgradeable for uint256;