ethereum-optimism
Check domain hash from simulation matches VALIDATIONS.md hash entry.
In CI we should sim tasks and check that the domain and message hash matches what's in the validations file.
This assumes that we have already added hashes to the VALIDATIONS file. This should be a separate task. Perhaps the decodAndPrint function on the AccountAccessParser lib can help with this.
Working on retrieving the domain and message hashes from a simulation in #704.
This code below (subject to change) goes into the circle ci config:
# Simulate any non-terminal tasks that will eventually be executed.
simulate_non_teminal_tasks:
circleci_ip_ranges: true
docker:
- image: <<pipeline.parameters.default_docker_image>>
environment:
FOUNDRY_PROFILE: ci
steps:
- utils/checkout-with-mise
- run:
name: simulate non terminal tasks
command: |
(cd src/improvements && just simulate-non-terminal-tasks)
- notify-failures-on-develop:
mentions: "@security-team”
This code below (subject to improvements and change) would go into src/improvements/justfile.
simulate-non-terminal-tasks:
#!/usr/bin/env bash
set -euo pipefail
root_dir=$(git rev-parse --show-toplevel)
forge build
# Later this networks list should be dynamically generated from the src/improvements/tasks directory.
networks=("eth" "sep")
for network in ${networks[@]}; do
if [ "$network" != "src/improvements/tasks/example" ]; then # skip example tasks
for task in ${root_dir}/src/improvements/tasks/${network}/*; do
${root_dir}/src/improvements/script/simulate-task.sh $task
done
fi
echo "Done simulating non-terminal tasks for network: $network"
done
Did part of the work on #736, still pending:
- Decide on a format for including hashes in VALIDATIONS.md (toml?)
- Extend scripts to all safes, not just foundation
- Exclude examples directory
- Add just simulate-non-terminal-tasks to CI with tenderly context (for the Tenderly Access Token)
Closed #736, but now #783 has all the scripts necessary. A different PR will get them on CI.