feat(deploy): Sepolia redeployment with GTokenAuthorization v2.2.0#196
Open
jhfnetboy wants to merge 16 commits into
Open
feat(deploy): Sepolia redeployment with GTokenAuthorization v2.2.0#196jhfnetboy wants to merge 16 commits into
jhfnetboy wants to merge 16 commits into
Conversation
…ings (Section 8) Records all findings from Codex + local adversarial dual-track review after PR #195 merge: 2 Critical, 7 High, 8 Medium, 6 Low/Info with UUPS-upgradeable vs redeploy fix paths. Deferred to v5.4 per user decision — no code changes in this commit.
- GTokenAuthorization (EIP-3009 gasless transfers) replaces plain GToken - deploy-core: add --non-interactive flag for Sepolia/live envs to prevent forge 1.4+ broadcast prompt blocking in non-TTY environments - verify-all.sh: update GToken verification path/args for GTokenAuthorization (constructor now takes cap + factory address) - config.sepolia.json: updated with new contract addresses (2026-05-13) - verify.sepolia.contracts-5-13.md: 12/12 contracts verified on Etherscan New Sepolia addresses: GToken (GTokenAuthorization): 0xbC17B6C319561bcA805981fC2846e4678f9114Cb Registry proxy: 0x3dfeBE636eDA211E0a783308Cf0CB31892686d67 SuperPaymaster proxy: 0x506962D17AEA6E7A15fd3479D8c4E2ABBBF91112
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4ea69e46f0
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "updateTime": "2026-05-11 19:47:00", | ||
| "xPNTsFactory": "0x0195f1f30276f1455F650207F9A1D2AAeABBEc7D" | ||
| } | ||
| {"aPNTs":"0x6859dC0b5ee1CcE829673161B7a3550CC4A25E48","blsAggregator":"0x12Ae250EF63adCEF487B5679b917011D508687AB","dvtValidator":"0x6b131ac781Adea7785d4DFfF612E5A26B37F0D0d","entryPoint":"0x0000000071727De22E5E9d8BAf0edAc6f37da032","gToken":"0xbC17B6C319561bcA805981fC2846e4678f9114Cb","paymasterFactory":"0x7647b6Db63f87C5625153CD1cD1675095E06B480","paymasterV4Impl":"0x661E02f276D2B589Fb08453E43739C3766be69Cb","pnts":"0xAc57F61ad917d8D9325cB5388B7Ec307d8644eEa","priceFeed":"0x694AA1769357215DE4FAC081bf1f309aDC325306","registry":"0x3dfeBE636eDA211E0a783308Cf0CB31892686d67","reputationSystem":"0x1290d30abD9324756258e6eE66dc11B4bC9E96de","sbt":"0x4ab7FF379e3491C27FB26F8c0a811CbD7891A1B2","simpleAccountFactory":"0x91E60e0613810449d098b0b5Ec8b51A0FE8c8985","srcHash":"07e8f377915661601beefc03be7b7c39d422d644f5e04baa8da572145bf80c78","staking":"0x4C1EA3A91eF13236F5F13a47321C83cf86EF51dF","superPaymaster":"0x506962D17AEA6E7A15fd3479D8c4E2ABBBF91112","updateTime":"2026-05-13 22:03:14","xPNTsFactory":"0x907C23F11c00221fa916c9d9b0F8169D5Bd46aC2"} No newline at end of file |
There was a problem hiding this comment.
deployments/config.sepolia.json now drops keys such as microPaymentChannel, but script/gasless-tests/test-micropayment-channel.js hard-fails when that field is absent (throw new Error('microPaymentChannel address missing...')). This makes the micropayment E2E path non-runnable immediately after this redeploy even if the channel contract is still deployed and intended to remain in use; keep unchanged service addresses in the shared config when a redeploy only rotates core contracts.
Useful? React with 👍 / 👎.
…loy record - abis/GTokenAuthorization.json: new ABI for EIP-3009 gasless transfers - abis/GToken.json: updated to GTokenAuthorization ABI (backward-compat name) - abis/abi.config.json: refreshed hashes + timestamp (17 files) - All 11 other ABIs synced from compiled output - Also synced all ABIs to ../aastar-sdk/packages/core/src/abis/ - docs/deployment/sepolia-deploy-record-2026-05-13.md: full deploy record including contract addresses, wiring, Etherscan verification (12/12), unit tests (925/925), E2E tests (21/24), 3 real gasless tx results, gas report
MPC (0x5753e9675f68221cA901e495C1696e33F552ea36) was deployed separately in a prior commit and is not part of DeployLive.s.sol. Full --force redeploy overwrote the config. MPC is token-agnostic so the old contract remains valid. TODO v5.4: add MPC deploy step to DeployLive.s.sol so --force won't drop it again.
… script
- Replaced bare `return` with `process.exit(2)` (SKIP) in all three gasless
test scripts so zero-balance paths can never produce exit 0 (false PASS).
Root cause: main().then(() => process.exit(0)) executes after a bare return,
giving the test runner exit 0 even when no UserOp was submitted.
- run-all-e2e-tests.sh: capture exit code and treat 2 as SKIPPED (yellow),
add SKIPPED counter to summary, add Phase 9 pre-flight setup call.
- setup-gasless.js (new): idempotent pre-flight script that checks and auto-
fixes all prerequisites before gasless tests run:
Step 1 – SuperPaymaster price cache (updatePrice if < 10min remaining)
Step 2 – PaymasterV4: ETH in EP, price cache via setCachedPrice if stale
(Chainlink updatedAt ≠ block.timestamp — must use setCachedPrice),
and depositFor(AA_A, aPNTs, 500) if deposit < 200 aPNTs
Step 3 – SuperPaymaster deployer operator: deposit 1000 aPNTs if < 100
Step 4 – Anni operator balance check
Step 5 – AA account token balance checks
Exit codes: 0 = all met, 1 = unrecoverable failure needing manual fix.
…sults - E2E updated to 24/24 PASS (was 21/24) after mempool cooldown retest - F2 Slash History: 8/8 (was 5/8, root cause: mempool rate limit) - G3 Credit Tier: 18/18 (was 17/20, root cause: exit-code script bug) - MicroPaymentChannel: PASS with TX 0x308180b4 (config was missing) - Add actual on-chain TX hashes for all 3 gasless tests - Add Section 11: e2e test script improvements (setup-gasless.js, exit codes)
…pport - SEPOLIA_BLS: 0x01E18f... -> 0x12Ae250... (2026-05-13 redeployment) - SEPOLIA_DVT: 0x70a06A... -> 0x6b131a... (2026-05-13 redeployment) - Add OP_BLS . OP_DVT (Isthmus/Pectra active since 2025-05-09) - Fix _isFork(): use chainId() instead of extcodesize(0x0b) (EIP-2537 precompiles have codesize=0 even when active) - OP Mainnet fork verified: chainId=10, BLSAggregator-3.2.1 responds - Sepolia DVTValidator has no validators yet (DVT net not bootstrapped) -> ISOLATED mode remains correct approach for gas benchmarks - Add CheckPrecompile.t.sol: confirms 0x0b active on OP Mainnet
Rewrote the benchmark contract to be clean and maintainable. Addresses Sepolia v5.3.2 deployment (2026-05-13) with correct contract addresses. Design decision: ISOLATED mode (mocked Registry/Staking + mocked precompiles) is the correct approach because: - DVTValidator._requireActiveValidator checks REGISTRY.hasRole + staking.roleLocks - BLSAggregator._reconstructPkAgg does the same for every signer slot - No DVT validators are registered on-chain (DVT network not yet bootstrapped) - EIP-2537 precompile costs are added analytically (_corrected_eip2537 values) Contract context (Sepolia v5.3.2, 2026-05-13): - BLSAggregator-4.1.0 @ 0x12Ae250EF63adCEF487B5679b917011D508687AB - DVTValidator @ 0x6b131ac781Adea7785d4DFfF612E5A26B37F0D0d - Registry-5.3.3 @ 0x3dfeBE636eDA211E0a783308Cf0CB31892686d67 - SuperPaymaster-5.3.2 @ 0x506962D17AEA6E7A15fd3479D8c4E2ABBBF91112 - GTokenAuthorization @ 0xbC17B6C319561bcA805981fC2846e4678f9114Cb (EIP-3009) Gas results (BLSAggregator-4.1.0, corrected with EIP-2537 analytical cost): registerBLSPublicKey : 143,850 gas verify n=3 (corrected) : 363,595 gas verify n=7 (corrected) : 430,767 gas verify n=13 (corrected) : 531,556 gas verifyAndExecute n=7 b=10 : 478,604 gas (corrected) verifyAndExecute n=7 b=100: 542,664 gas (corrected) amortized/user (b=100) : 4,403 gas CommunityFi vs multisig : ~11x reduction (1000 users/day)
…ign decisions ADR-1: BLSAggregator._reconstructPkAgg reads Registry+Staking directly - Avoids circular BLSAggregator ↔ DVTValidator dependency - Clear responsibility split: DVT owns proposal lifecycle, BLS owns trust verification - Enables governance to rotate minStake/Staking without redeploying BLSAggregator ADR-2: DVTValidator cold-start (nextProposalId=1) is expected design - Deploy script wires contracts but does not pre-register DVT nodes - Node registration is an operational step by node operators post-deployment - All SP gasless sponsorship functions work without DVT nodes registered ADR-3: Errata — Section 5.2 'known gap' was already fixed in PR #174 - _reconstructPkAgg now does real-time hasRole + roleLocks checks - revokeBLSPublicKey is still recommended cleanup but no longer the only defense
Three forge scripts for Paper7 on-chain gas data collection: 1. RegisterDVTValidator.s.sol (one-time setup) - GToken.approve(staking, 33 GT) - Registry.safeMintForRole(ROLE_DVT, owner, 30 GT stake) - DVTValidator.addValidator(owner) - BLSAggregator.setMinThreshold/setDefaultThreshold(1) - BLSAggregator.registerBLSPublicKey(owner, G1_GENERATOR, slot=1) 2. MockDVTExecution.s.sol (gas measurement) - createProposal() for batch=1/10/50/100 (succeeds, real gas) - executeWithProof() with zero G2 sig (reverts at BLS pairing, gas still measured) No DVT server needed: single-validator mode with owner EOA 3. CollectPaper7Gas.s.sol (read-only report) - Verifies all contract versions + wiring - Prints complete Paper7 gas summary Usage: export ENV=sepolia forge script RegisterDVTValidator.s.sol --broadcast -vvv forge script MockDVTExecution.s.sol --broadcast -vvv forge script CollectPaper7Gas.s.sol -vvv # After Sepolia validates: repeat with ENV=optimism
- ERC-8004 has pre-deployed singletons (no deployment needed): Sepolia IdentityRegistry: 0x8004A818BFB912233c491871b3d84c89A494BD9e Sepolia ReputationRegistry: 0x8004B663056A597Dffe9eCcC1965A193B7388713 - ValidationRegistry still under TEE community discussion, not deployed - Document human↔agent binding via ownerOf(agentId) + getAgentWallet(agentId) - P0 gap: IAgentIdentityRegistry.isRegisteredAgent() does not exist in official ERC-8004 contracts — must switch to balanceOf(account) > 0 - Gap table: interface fix (P0), setAgentRegistries on Sepolia (P1), E2E test with real addresses (P1), full bind flow (P2)
… needed Previous analysis was wrong: SuperPaymaster does NOT need to change. The fix is an ERC8004Adapter contract that wraps the real ERC-8004 IdentityRegistry and implements isRegisteredAgent() via balanceOf() > 0. Root cause of confusion: test file has its own inline mock that implements isRegisteredAgent(), so tests pass. The real ERC-8004 IdentityRegistryUpgradeable (confirmed from source) has no isRegisteredAgent() — ERC-721 only.
… architecture Records complete decision log including: - Wrong approach 1: modifying SuperPaymaster to use balanceOf - Wrong approach 2: ERC8004Adapter (solves interface gap but not data gap) - Layer 2 bug: AirAccount setAgentWallet calls 2-param but ERC-8004 needs 4-param (silent failure) - Layer 3 bug: balanceOf(agentWallet)=0 when human holds NFT (conceptual mismatch) - Final architecture: AirAccount deploys custom AgentRegistry with registerAgent() + agentToHuman mapping - Responsibility table: AirAccount writes, SuperPaymaster zero changes
…scripts - Remove stray dots before comments/NatDoc in all 3 .s.sol files - Fix block.timestamp . 3600 → block.timestamp / 3600 in MockDVTExecution - RegisterDVTValidator: use setDefaultThreshold(minThreshold) instead of 1 (contract enforces minThreshold >= 2, chain value is 3) - Update README: add --evm-version prague (required for EIP-2537 BLS precompiles) and set -a source pattern for proper env var export
DeployAnvil: deploy MockAgentIdentity/Reputation + call setAgentRegistries() in _executeWiring; save both addresses to config.anvil.json. DeployLive: conditionally call setAgentRegistries() if AGENT_IDENTITY_REGISTRY and AGENT_REPUTATION_REGISTRY env vars are set; emit clear WARN if missing; save live addresses (or address(0)) to config.<network>.json. Check08: add non-blocking agent registry check — warns with remediation command if agentIdentityRegistry == address(0), does not fail the check suite. Precondition for live environments: AirAccount team must deploy AgentRegistry and provide its address before setAgentRegistries can be called.
fanhousanbu
reviewed
May 28, 2026
Contributor
fanhousanbu
left a comment
fanhousanbu
left a comment
There was a problem hiding this comment.
Code Review — PR #196 feat(deploy): Sepolia redeployment GTokenAuthorization v2.2.0
Reviewed commit: HEAD
变更量说明
+15050 / -11835 几乎全是 abis/*.json 的格式化差异(压缩→pretty-print)。实际功能性变更只有 4 处:deploy-core(1行)、config.sepolia.json(21行地址替换)、verify-all.sh(2行)、abi.config.json(哈希更新)。建议将 abis/*.json 加入 .gitignore 改由 CI 生成,大量格式噪音掩盖实质变更,不利于 review。
WARN × 2(部署本身可合并,但需后续跟进)
[WARN-1] microPaymentChannel 配置与文档矛盾
config.sepolia.json 保留了旧 MPC 地址(0x5753e...),但部署记录文档称"MPC 未纳入部署范围",E2E 测试也有 "address missing from config" 失败。三处描述互相矛盾,请澄清:MPC 字段是应保留旧地址、更新新地址、还是删除?
[WARN-2] spImpl 从 config 删除无替代
旧版 config.spImpl(impl 地址)从配置中删除,impl 地址(0x07777B20...)仅出现在 MD 文档里。若有脚本或 SDK 依赖 config.spImpl 字段会静默失败(undefined)。请确认下游是否还需要此字段。
INFO × 3
agentIdentityRegistry/agentReputationRegistry/anniPaymaster三个字段从 config 完全删除,无弃用注释,建议加// DEPRECATED注释或在 CHANGELOG 说明- ABI 文件建议 gitignore,见上
GToken.json与GTokenAuthorization.json哈希相同(abi.config.json中3494156c...),是已知意图(向后兼容),但哈希碰撞使完整性校验无法区分两者,长期维护有隐患
安全检查 ✅
- 无私钥、助记词、API Key 提交
- 核心地址(SuperPaymaster / GToken / Registry)在 config、verify.md、deploy-record.md、PR body 四处完全一致
- EntryPoint 地址不变(
0x0000000071727De22E5E9d8BAf0edAc6f37da032) - E2E 主路径(operator 注册、用户 gasless 交易、paymaster 验证)全部通过;3 项未通过(slash、credit tier、MPC)PR body 已解释,均为已知 follow-up
结论:部署本身可以合并。WARN-1(MPC 字段)需后续 PR 跟进,WARN-2(spImpl)建议合并前澄清。
WARN 1 (microPaymentChannel config/doc mismatch): - DeployLive now writes microPaymentChannel to config; reads address from MICRO_PAYMENT_CHANNEL env var (defaults to address(0) with WARN log) - Prevents manual config key from being lost on next full redeployment WARN 2 (spImpl missing from config): - Capture spImplAddr after `new SuperPaymaster(...)` and serialize it - Required for future upgradeToAndCall() and on-chain verification; previously only UpgradeToV5_3_2.s.sol wrote this key (post-upgrade only)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
deploy-core: add--non-interactiveflag for live envs — prevents forge 1.4+ broadcast confirmation blocking in non-TTY/CI environmentsscripts/verify-all.sh: update GToken → GTokenAuthorization with correct constructor args(cap, factory)deployments/config.sepolia.json: updated with new 2026-05-13 addressesdeployments/verify.sepolia.contracts-5-13.md: 12/12 contracts verified on EtherscanNew Sepolia Addresses
0xbC17B6C319561bcA805981fC2846e4678f9114Cb0x3dfeBE636eDA211E0a783308Cf0CB31892686d670x506962D17AEA6E7A15fd3479D8c4E2ABBBF911120x4C1EA3A91eF13236F5F13a47321C83cf86EF51dF0x4ab7FF379e3491C27FB26F8c0a811CbD7891A1B2Verification
Check04_Registry,Check01_GToken,Check02_GTokenStaking,Check03_MySBT,Check07_SuperPaymaster,Check08_Wiring,VerifyV3_1_1)Test plan
./prepare-test sepoliato register test accountscd script/gasless-tests && ./run-all-tests.shfor E2E gasless tests