From b7bead1b49581622020bce9795f1eb58b572d407 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 16:30:44 -0400 Subject: [PATCH 01/12] chore(sepolia): add incident multisig signer task Set up a Sepolia safe-management task for adding and removing multiple Incident Multisig signers with placeholder owner diffs. Co-authored-by: Codex --- .../2026-05-13-incident-multisig-signers/.env | 14 ++ .../FACILITATOR.md | 22 +++ .../Makefile | 30 ++++ .../OwnerDiff.json | 12 ++ .../README.md | 54 ++++++++ .../foundry.toml | 23 +++ .../script/UpdateSigners.s.sol | 131 ++++++++++++++++++ 7 files changed, 286 insertions(+) create mode 100644 sepolia/2026-05-13-incident-multisig-signers/.env create mode 100644 sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md create mode 100644 sepolia/2026-05-13-incident-multisig-signers/Makefile create mode 100644 sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json create mode 100644 sepolia/2026-05-13-incident-multisig-signers/README.md create mode 100644 sepolia/2026-05-13-incident-multisig-signers/foundry.toml create mode 100644 sepolia/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol diff --git a/sepolia/2026-05-13-incident-multisig-signers/.env b/sepolia/2026-05-13-incident-multisig-signers/.env new file mode 100644 index 00000000..1f0f7d6e --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/.env @@ -0,0 +1,14 @@ +# Required: Git commit hash for https://github.com/base/contracts +BASE_CONTRACTS_COMMIT=be7c7a642e430fa64b04b63203839f8c81f48466 + +# Network-specific addresses are automatically loaded from {network}/.env via include ../.env + +# Required: Address of the Gnosis Safe whose signers will be updated +OWNER_SAFE=0x646132A1667ca7aD00d36616AFBA1A28116C770A + +# Required: Address of a signer on OWNER_SAFE (used for simulation) +# Must also match the sender defined in validations/base-signer.json +SENDER=TODO + +# Enable state diff recording for validation +RECORD_STATE_DIFF=true diff --git a/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md b/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md new file mode 100644 index 00000000..f3a0b84b --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md @@ -0,0 +1,22 @@ +# Facilitator Guide + +Guide for facilitators managing this task. + +## Task Origin Signing + +After setting up the task, generate cryptographic attestations (sigstore bundles) to prove who created and facilitated the task. These signatures are stored in `/signatures//`. + +### Task creator (run after task setup): +```bash +make sign-as-task-creator +``` + +### Base facilitator: +```bash +make sign-as-base-facilitator +``` + +### Security Council facilitator: +```bash +make sign-as-sc-facilitator +``` diff --git a/sepolia/2026-05-13-incident-multisig-signers/Makefile b/sepolia/2026-05-13-incident-multisig-signers/Makefile new file mode 100644 index 00000000..2b74b434 --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/Makefile @@ -0,0 +1,30 @@ +include ../../Makefile +include ../../Multisig.mk +include ../.env +include .env + +RPC_URL = $(L1_RPC_URL) +SCRIPT_NAME = UpdateSigners + +# Validate required configuration before execution +.PHONY: validate-config +validate-config: + @test -n "$(BASE_CONTRACTS_COMMIT)" -a "$(BASE_CONTRACTS_COMMIT)" != "TODO" || (echo "BASE_CONTRACTS_COMMIT required" && exit 1) + @test -n "$(OWNER_SAFE)" -a "$(OWNER_SAFE)" != "TODO" || (echo "OWNER_SAFE required" && exit 1) + @test -n "$(SENDER)" -a "$(SENDER)" != "TODO" || (echo "SENDER required" && exit 1) + @echo "Configuration validated successfully" + +.PHONY: deps +deps: new-forge-deps + +.PHONY: new-forge-deps +new-forge-deps: + forge install --no-git safe-global/safe-smart-account@186a21a74b327f17fc41217a927dea7064f74604 + +.PHONY: gen-validation +gen-validation: validate-config deps-signer-tool + $(call GEN_VALIDATION,$(SCRIPT_NAME),,$(SENDER),base-signer.json,) + +.PHONY: execute +execute: validate-config + $(call MULTISIG_EXECUTE,$(SIGNATURES)) diff --git a/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json b/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json new file mode 100644 index 00000000..6ad463ec --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json @@ -0,0 +1,12 @@ +{ + "OwnersToAdd": [ + "0x1111111111111111111111111111111111111111", + "0x2222222222222222222222222222222222222222", + "0x3333333333333333333333333333333333333333" + ], + "OwnersToRemove": [ + "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "0xBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", + "0xCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC" + ] +} diff --git a/sepolia/2026-05-13-incident-multisig-signers/README.md b/sepolia/2026-05-13-incident-multisig-signers/README.md new file mode 100644 index 00000000..c2c5b440 --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/README.md @@ -0,0 +1,54 @@ +# Update Sepolia Incident Multisig Signers + +Status: TODO + +## Description + +We wish to update the owners of our [Incident Multisig](https://sepolia.etherscan.io/address/0x646132A1667ca7aD00d36616AFBA1A28116C770A) on Sepolia to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. + +Before generating validations, replace the placeholder addresses in [OwnerDiff.json](./OwnerDiff.json) and set `SENDER` in [.env](./.env) to a current signer of the Incident Multisig. + +## Install dependencies + +### 1. Update foundry + +```bash +foundryup +``` + +### 2. Install Node.js if needed + +First, check if you have node installed + +```bash +node --version +``` + +If you see a version output from the above command, you can move on. Otherwise, install node + +```bash +brew install node +``` + +## Approving Signers Update + +### 1. Update repo: + +```bash +cd contract-deployments +git pull +``` + +### 2. Run the signing tool (NOTE: do not enter the task directory. Run this command from the project's root). + +```bash +make sign-task +``` + +### 3. Open the UI at [http://localhost:3000](http://localhost:3000) + +Be sure to select the correct task from the list of available tasks to sign. + +### 4. Send signature to facilitator + +You may now kill the Signer Tool process in your terminal window by running `Ctrl + C`. diff --git a/sepolia/2026-05-13-incident-multisig-signers/foundry.toml b/sepolia/2026-05-13-incident-multisig-signers/foundry.toml new file mode 100644 index 00000000..5b8fe4ae --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/foundry.toml @@ -0,0 +1,23 @@ +[profile.default] +src = 'src' +out = 'out' +libs = ['lib'] +broadcast = 'records' +fs_permissions = [{ access = "read-write", path = "./" }] +optimizer = true +optimizer_runs = 999999 +solc_version = "0.8.15" +via-ir = false +remappings = [ + '@eth-optimism-bedrock/=lib/optimism/packages/contracts-bedrock/', + '@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts', + '@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts', + '@rari-capital/solmate/=lib/solmate/', + '@base-contracts/=lib/contracts', + '@solady/=lib/solady/src/', +] + +[lint] +lint_on_build = false + +# See more config options https://github.com/foundry-rs/foundry/tree/master/config diff --git a/sepolia/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol b/sepolia/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol new file mode 100644 index 00000000..958b42a3 --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol @@ -0,0 +1,131 @@ +// SPDX-License-Identifier: MIT +pragma solidity 0.8.15; + +import {Vm} from "forge-std/Vm.sol"; +import {stdJson} from "forge-std/StdJson.sol"; +import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; + +import {MultisigScript} from "@base-contracts/script/universal/MultisigScript.sol"; +import {GnosisSafe} from "safe-smart-account/GnosisSafe.sol"; +import {OwnerManager} from "safe-smart-account/base/OwnerManager.sol"; +import {Enum} from "@base-contracts/script/universal/IGnosisSafe.sol"; + +contract UpdateSigners is MultisigScript { + using stdJson for string; + + address public constant SENTINEL_OWNERS = address(0x1); + + address public immutable OWNER_SAFE; + uint256 public immutable THRESHOLD; + address[] public EXISTING_OWNERS; + + address[] public OWNERS_TO_ADD; + address[] public OWNERS_TO_REMOVE; + + mapping(address => address) public ownerToPrevOwner; + mapping(address => address) public ownerToNextOwner; + mapping(address => bool) public expectedOwner; + + constructor() { + OWNER_SAFE = vm.envAddress("OWNER_SAFE"); + + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + THRESHOLD = ownerSafe.getThreshold(); + EXISTING_OWNERS = ownerSafe.getOwners(); + + string memory rootPath = vm.projectRoot(); + string memory path = string.concat(rootPath, "/OwnerDiff.json"); + string memory jsonData = vm.readFile(path); + + OWNERS_TO_ADD = abi.decode(jsonData.parseRaw(".OwnersToAdd"), (address[])); + OWNERS_TO_REMOVE = abi.decode(jsonData.parseRaw(".OwnersToRemove"), (address[])); + } + + function setUp() external { + require(OWNERS_TO_ADD.length > 0, "Precheck 00"); + require(OWNERS_TO_REMOVE.length > 0, "Precheck 01"); + + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + address prevOwner = SENTINEL_OWNERS; + + for (uint256 i = OWNERS_TO_ADD.length; i > 0; i--) { + uint256 index = i - 1; + // Make sure owners to add are not already owners + require(!ownerSafe.isOwner(OWNERS_TO_ADD[index]), "Precheck 03"); + // Prevent duplicates + require(!expectedOwner[OWNERS_TO_ADD[index]], "Precheck 04"); + + ownerToPrevOwner[OWNERS_TO_ADD[index]] = prevOwner; + ownerToNextOwner[prevOwner] = OWNERS_TO_ADD[index]; + prevOwner = OWNERS_TO_ADD[index]; + expectedOwner[OWNERS_TO_ADD[index]] = true; + } + + for (uint256 i; i < EXISTING_OWNERS.length; i++) { + ownerToPrevOwner[EXISTING_OWNERS[i]] = prevOwner; + ownerToNextOwner[prevOwner] = EXISTING_OWNERS[i]; + prevOwner = EXISTING_OWNERS[i]; + expectedOwner[EXISTING_OWNERS[i]] = true; + } + + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + // Make sure owners to remove are owners + require(ownerSafe.isOwner(OWNERS_TO_REMOVE[i]), "Precheck 05"); + // Prevent duplicates + require(expectedOwner[OWNERS_TO_REMOVE[i]], "Precheck 06"); + expectedOwner[OWNERS_TO_REMOVE[i]] = false; + + // Remove from linked list to keep ownerToPrevOwner up to date + // Note: This works as long as the order of OWNERS_TO_REMOVE does not change during `_buildCalls()` + address nextOwner = ownerToNextOwner[OWNERS_TO_REMOVE[i]]; + address prevPtr = ownerToPrevOwner[OWNERS_TO_REMOVE[i]]; + ownerToPrevOwner[nextOwner] = prevPtr; + ownerToNextOwner[prevPtr] = nextOwner; + } + } + + function _postCheck(Vm.AccountAccess[] memory, Simulation.Payload memory) internal view override { + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + address[] memory postCheckOwners = ownerSafe.getOwners(); + uint256 postCheckThreshold = ownerSafe.getThreshold(); + + uint256 expectedLength = EXISTING_OWNERS.length + OWNERS_TO_ADD.length - OWNERS_TO_REMOVE.length; + + require(postCheckThreshold == THRESHOLD, "Postcheck 00"); + require(postCheckOwners.length == expectedLength, "Postcheck 01"); + + for (uint256 i; i < postCheckOwners.length; i++) { + require(expectedOwner[postCheckOwners[i]], "Postcheck 02"); + } + } + + function _buildCalls() internal view override returns (Call[] memory) { + Call[] memory calls = new Call[](OWNERS_TO_ADD.length + OWNERS_TO_REMOVE.length); + + for (uint256 i; i < OWNERS_TO_ADD.length; i++) { + calls[i] = Call({ + operation: Enum.Operation.Call, + target: OWNER_SAFE, + data: abi.encodeCall(OwnerManager.addOwnerWithThreshold, (OWNERS_TO_ADD[i], THRESHOLD)), + value: 0 + }); + } + + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + calls[OWNERS_TO_ADD.length + i] = Call({ + operation: Enum.Operation.Call, + target: OWNER_SAFE, + data: abi.encodeCall( + OwnerManager.removeOwner, (ownerToPrevOwner[OWNERS_TO_REMOVE[i]], OWNERS_TO_REMOVE[i], THRESHOLD) + ), + value: 0 + }); + } + + return calls; + } + + function _ownerSafe() internal view override returns (address) { + return OWNER_SAFE; + } +} From 99936ac87f367d8b73f175379a27f2de763dd752 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 16:40:06 -0400 Subject: [PATCH 02/12] chore(sepolia): update incident task contracts commit Use the latest base/contracts commit and trim explicit Foundry remappings to the remaining base-contracts alias. Update imports for the latest base/contracts scripts directory layout. Co-authored-by: Codex --- sepolia/2026-05-13-incident-multisig-signers/.env | 2 +- sepolia/2026-05-13-incident-multisig-signers/foundry.toml | 7 +------ .../script/UpdateSigners.s.sol | 6 +++--- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/sepolia/2026-05-13-incident-multisig-signers/.env b/sepolia/2026-05-13-incident-multisig-signers/.env index 1f0f7d6e..258c15e7 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/.env +++ b/sepolia/2026-05-13-incident-multisig-signers/.env @@ -1,5 +1,5 @@ # Required: Git commit hash for https://github.com/base/contracts -BASE_CONTRACTS_COMMIT=be7c7a642e430fa64b04b63203839f8c81f48466 +BASE_CONTRACTS_COMMIT=8b5baf316c8dd1011b8b0dcfa9f6eac5a0f216e5 # Network-specific addresses are automatically loaded from {network}/.env via include ../.env diff --git a/sepolia/2026-05-13-incident-multisig-signers/foundry.toml b/sepolia/2026-05-13-incident-multisig-signers/foundry.toml index 5b8fe4ae..66c234aa 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/foundry.toml +++ b/sepolia/2026-05-13-incident-multisig-signers/foundry.toml @@ -9,12 +9,7 @@ optimizer_runs = 999999 solc_version = "0.8.15" via-ir = false remappings = [ - '@eth-optimism-bedrock/=lib/optimism/packages/contracts-bedrock/', - '@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts', - '@openzeppelin/contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts', - '@rari-capital/solmate/=lib/solmate/', - '@base-contracts/=lib/contracts', - '@solady/=lib/solady/src/', + '@base-contracts/=lib/contracts/', ] [lint] diff --git a/sepolia/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol b/sepolia/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol index 958b42a3..65b7fbb1 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol +++ b/sepolia/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol @@ -3,12 +3,12 @@ pragma solidity 0.8.15; import {Vm} from "forge-std/Vm.sol"; import {stdJson} from "forge-std/StdJson.sol"; -import {Simulation} from "@base-contracts/script/universal/Simulation.sol"; +import {Simulation} from "@base-contracts/scripts/universal/Simulation.sol"; -import {MultisigScript} from "@base-contracts/script/universal/MultisigScript.sol"; +import {MultisigScript} from "@base-contracts/scripts/universal/MultisigScript.sol"; import {GnosisSafe} from "safe-smart-account/GnosisSafe.sol"; import {OwnerManager} from "safe-smart-account/base/OwnerManager.sol"; -import {Enum} from "@base-contracts/script/universal/IGnosisSafe.sol"; +import {Enum} from "@base-contracts/scripts/universal/IGnosisSafe.sol"; contract UpdateSigners is MultisigScript { using stdJson for string; From 94e8ddbdd12d87272ed2d1f308d115fb03e8c36a Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 16:46:44 -0400 Subject: [PATCH 03/12] chore(sepolia): fill incident multisig signer diff Replace placeholder Sepolia Incident Multisig owner add and remove entries with the requested signer addresses. Co-authored-by: Codex --- .../OwnerDiff.json | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json b/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json index 6ad463ec..ffbc4125 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json +++ b/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json @@ -1,12 +1,13 @@ { "OwnersToAdd": [ - "0x1111111111111111111111111111111111111111", - "0x2222222222222222222222222222222222222222", - "0x3333333333333333333333333333333333333333" + "0x623942f433Ee569Df78Dceac754C2ed3A3343A80", + "0xE167153964d4ba0819E1Ad56172F3329cD5A0263", + "0x98eac95c208b74d31550fda9dd3ad62c5d462df9" ], "OwnersToRemove": [ - "0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "0xBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB", - "0xCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC" + "0x931E24B032511d8dD029AedeB44837FAc251f3d8", + "0xE45AC81eA7f53dea5f0bd6Caa0733DD5c02d3b60", + "0x7f10098BD53519c739cA8A404afE127647D94774", + "0xEE316Db0eDaee45347DfC498795a01311F085225" ] } From 4359a2fe8c7eab22b703713b366a3fdd68bbda3a Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 16:56:43 -0400 Subject: [PATCH 04/12] chore(sepolia): set incident task sender Set the Sepolia Incident Multisig task sender to a current owner that is not removed by the task. Co-authored-by: Codex --- sepolia/2026-05-13-incident-multisig-signers/.env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sepolia/2026-05-13-incident-multisig-signers/.env b/sepolia/2026-05-13-incident-multisig-signers/.env index 258c15e7..2ff2ca62 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/.env +++ b/sepolia/2026-05-13-incident-multisig-signers/.env @@ -8,7 +8,7 @@ OWNER_SAFE=0x646132A1667ca7aD00d36616AFBA1A28116C770A # Required: Address of a signer on OWNER_SAFE (used for simulation) # Must also match the sender defined in validations/base-signer.json -SENDER=TODO +SENDER=0x644d0F5c2C55A4679b4BFe057B87ba203AF9aC0D # Enable state diff recording for validation RECORD_STATE_DIFF=true From db97b56fcf69b48a2c56369f7e31e6e26b92f61b Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 17:09:35 -0400 Subject: [PATCH 05/12] chore(sepolia): ready incident signer task docs Set the task docs to ready-to-sign and include facilitator validation and execution guidance. Co-authored-by: Codex --- .../2026-05-13-incident-multisig-signers/.env | 2 +- .../FACILITATOR.md | 42 ++++++++++++++++++- .../OwnerDiff.json | 2 +- .../README.md | 8 ++-- 4 files changed, 47 insertions(+), 7 deletions(-) diff --git a/sepolia/2026-05-13-incident-multisig-signers/.env b/sepolia/2026-05-13-incident-multisig-signers/.env index 2ff2ca62..73a2d238 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/.env +++ b/sepolia/2026-05-13-incident-multisig-signers/.env @@ -4,7 +4,7 @@ BASE_CONTRACTS_COMMIT=8b5baf316c8dd1011b8b0dcfa9f6eac5a0f216e5 # Network-specific addresses are automatically loaded from {network}/.env via include ../.env # Required: Address of the Gnosis Safe whose signers will be updated -OWNER_SAFE=0x646132A1667ca7aD00d36616AFBA1A28116C770A +OWNER_SAFE=0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f # Required: Address of a signer on OWNER_SAFE (used for simulation) # Must also match the sender defined in validations/base-signer.json diff --git a/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md b/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md index f3a0b84b..76fcadcb 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md +++ b/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md @@ -1,10 +1,10 @@ # Facilitator Guide -Guide for facilitators managing this task. +Guide for facilitators managing the Sepolia Incident Multisig signer update. ## Task Origin Signing -After setting up the task, generate cryptographic attestations (sigstore bundles) to prove who created and facilitated the task. These signatures are stored in `/signatures//`. +After setting up the task, generate cryptographic attestations (sigstore bundles) to prove who created and facilitated the task. These signatures are stored in `sepolia/signatures/2026-05-13-incident-multisig-signers/`. ### Task creator (run after task setup): ```bash @@ -20,3 +20,41 @@ make sign-as-base-facilitator ```bash make sign-as-sc-facilitator ``` + +## Generate Validation File + +Run this after any change to [OwnerDiff.json](./OwnerDiff.json), [.env](./.env), or [script/UpdateSigners.s.sol](./script/UpdateSigners.s.sol). + +```bash +cd contract-deployments +git pull +cd sepolia/2026-05-13-incident-multisig-signers +make deps +make gen-validation +``` + +This produces `validations/base-signer.json`. Check that the `cmd` field uses: + +```text +--sender 0x644d0F5c2C55A4679b4BFe057B87ba203AF9aC0D +``` + +## Collect Signatures + +Ask signers to follow [README.md](./README.md). They should run `make sign-task` from the repo root and select `sepolia/2026-05-13-incident-multisig-signers` in the signing UI. + +## Execute + +After collecting enough signatures: + +```bash +cd contract-deployments +git pull +cd sepolia/2026-05-13-incident-multisig-signers +make deps +SIGNATURES=AAABBBCCC make execute +``` + +Replace `AAABBBCCC` with the concatenated signatures collected from signers. + +After execution, update [README.md](./README.md) status to `EXECUTED` with the transaction link and check in any generated execution records. diff --git a/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json b/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json index ffbc4125..3edc6cac 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json +++ b/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json @@ -2,7 +2,7 @@ "OwnersToAdd": [ "0x623942f433Ee569Df78Dceac754C2ed3A3343A80", "0xE167153964d4ba0819E1Ad56172F3329cD5A0263", - "0x98eac95c208b74d31550fda9dd3ad62c5d462df9" + "0x98EAC95c208b74d31550fDA9dD3AD62C5d462DF9" ], "OwnersToRemove": [ "0x931E24B032511d8dD029AedeB44837FAc251f3d8", diff --git a/sepolia/2026-05-13-incident-multisig-signers/README.md b/sepolia/2026-05-13-incident-multisig-signers/README.md index c2c5b440..d7851632 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/README.md +++ b/sepolia/2026-05-13-incident-multisig-signers/README.md @@ -1,12 +1,12 @@ # Update Sepolia Incident Multisig Signers -Status: TODO +Status: READY TO SIGN ## Description -We wish to update the owners of our [Incident Multisig](https://sepolia.etherscan.io/address/0x646132A1667ca7aD00d36616AFBA1A28116C770A) on Sepolia to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. +We wish to update the owners of our [Incident Multisig](https://sepolia.etherscan.io/address/0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f) on Sepolia to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. -Before generating validations, replace the placeholder addresses in [OwnerDiff.json](./OwnerDiff.json) and set `SENDER` in [.env](./.env) to a current signer of the Incident Multisig. +The signer changes are configured in [OwnerDiff.json](./OwnerDiff.json), and the simulation sender is configured in [.env](./.env). ## Install dependencies @@ -49,6 +49,8 @@ make sign-task Be sure to select the correct task from the list of available tasks to sign. +Task name: `sepolia/2026-05-13-incident-multisig-signers` + ### 4. Send signature to facilitator You may now kill the Signer Tool process in your terminal window by running `Ctrl + C`. From fc5e980e3dbcfcf8baa95973d85bf8bc6d7a06b0 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 17:18:24 -0400 Subject: [PATCH 06/12] fix(sepolia): target coordinator incident multisig Restore the Sepolia task to the intended incident multisig and set the Foundry EVM to Shanghai so the newer Safe proxy bytecode simulates correctly. Co-authored-by: Codex --- sepolia/2026-05-13-incident-multisig-signers/.env | 2 +- sepolia/2026-05-13-incident-multisig-signers/README.md | 2 +- sepolia/2026-05-13-incident-multisig-signers/foundry.toml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/sepolia/2026-05-13-incident-multisig-signers/.env b/sepolia/2026-05-13-incident-multisig-signers/.env index 73a2d238..2ff2ca62 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/.env +++ b/sepolia/2026-05-13-incident-multisig-signers/.env @@ -4,7 +4,7 @@ BASE_CONTRACTS_COMMIT=8b5baf316c8dd1011b8b0dcfa9f6eac5a0f216e5 # Network-specific addresses are automatically loaded from {network}/.env via include ../.env # Required: Address of the Gnosis Safe whose signers will be updated -OWNER_SAFE=0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f +OWNER_SAFE=0x646132A1667ca7aD00d36616AFBA1A28116C770A # Required: Address of a signer on OWNER_SAFE (used for simulation) # Must also match the sender defined in validations/base-signer.json diff --git a/sepolia/2026-05-13-incident-multisig-signers/README.md b/sepolia/2026-05-13-incident-multisig-signers/README.md index d7851632..fdd24b58 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/README.md +++ b/sepolia/2026-05-13-incident-multisig-signers/README.md @@ -4,7 +4,7 @@ Status: READY TO SIGN ## Description -We wish to update the owners of our [Incident Multisig](https://sepolia.etherscan.io/address/0x5dfEB066334B67355A15dc9b67317fD2a2e1f77f) on Sepolia to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. +We wish to update the owners of our [Incident Multisig](https://sepolia.etherscan.io/address/0x646132A1667ca7aD00d36616AFBA1A28116C770A) on Sepolia to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. The signer changes are configured in [OwnerDiff.json](./OwnerDiff.json), and the simulation sender is configured in [.env](./.env). diff --git a/sepolia/2026-05-13-incident-multisig-signers/foundry.toml b/sepolia/2026-05-13-incident-multisig-signers/foundry.toml index 66c234aa..c1d7c3e8 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/foundry.toml +++ b/sepolia/2026-05-13-incident-multisig-signers/foundry.toml @@ -8,6 +8,7 @@ optimizer = true optimizer_runs = 999999 solc_version = "0.8.15" via-ir = false +evm_version = "shanghai" remappings = [ '@base-contracts/=lib/contracts/', ] From a0b37716f009c0d712e492a847e88b45b921fe67 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 17:24:44 -0400 Subject: [PATCH 07/12] Add Sepolia incident multisig owner Co-authored-by: Codex --- sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json b/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json index 3edc6cac..c024cd44 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json +++ b/sepolia/2026-05-13-incident-multisig-signers/OwnerDiff.json @@ -2,7 +2,8 @@ "OwnersToAdd": [ "0x623942f433Ee569Df78Dceac754C2ed3A3343A80", "0xE167153964d4ba0819E1Ad56172F3329cD5A0263", - "0x98EAC95c208b74d31550fDA9dD3AD62C5d462DF9" + "0x98EAC95c208b74d31550fDA9dD3AD62C5d462DF9", + "0x821Ff2A3fB66B008fA668B40Eca9d3535B246575" ], "OwnersToRemove": [ "0x931E24B032511d8dD029AedeB44837FAc251f3d8", From 443658a78c033eb1e4ed43506197bf6a3946c6d3 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 17:26:59 -0400 Subject: [PATCH 08/12] Remove Sepolia task config validation Co-authored-by: Codex --- .../2026-05-13-incident-multisig-signers/Makefile | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/sepolia/2026-05-13-incident-multisig-signers/Makefile b/sepolia/2026-05-13-incident-multisig-signers/Makefile index 2b74b434..3b45ac37 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/Makefile +++ b/sepolia/2026-05-13-incident-multisig-signers/Makefile @@ -6,14 +6,6 @@ include .env RPC_URL = $(L1_RPC_URL) SCRIPT_NAME = UpdateSigners -# Validate required configuration before execution -.PHONY: validate-config -validate-config: - @test -n "$(BASE_CONTRACTS_COMMIT)" -a "$(BASE_CONTRACTS_COMMIT)" != "TODO" || (echo "BASE_CONTRACTS_COMMIT required" && exit 1) - @test -n "$(OWNER_SAFE)" -a "$(OWNER_SAFE)" != "TODO" || (echo "OWNER_SAFE required" && exit 1) - @test -n "$(SENDER)" -a "$(SENDER)" != "TODO" || (echo "SENDER required" && exit 1) - @echo "Configuration validated successfully" - .PHONY: deps deps: new-forge-deps @@ -22,9 +14,9 @@ new-forge-deps: forge install --no-git safe-global/safe-smart-account@186a21a74b327f17fc41217a927dea7064f74604 .PHONY: gen-validation -gen-validation: validate-config deps-signer-tool +gen-validation: deps-signer-tool $(call GEN_VALIDATION,$(SCRIPT_NAME),,$(SENDER),base-signer.json,) .PHONY: execute -execute: validate-config +execute: $(call MULTISIG_EXECUTE,$(SIGNATURES)) From d6d1965c4507f33e345b271f16a3ed2885d8c239 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 17:27:57 -0400 Subject: [PATCH 09/12] Update Sepolia signer tool pin Co-authored-by: Codex --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 038b78c6..b58a7449 100644 --- a/Makefile +++ b/Makefile @@ -143,7 +143,7 @@ checkout-base-contracts-commit: ## # Task Signer Tool ## -SIGNER_TOOL_COMMIT=db50e4234a5475a3f109e61a83fd047924916b41 +SIGNER_TOOL_COMMIT=43c55040fee45ec90a33400b10215f1756687ad7 SIGNER_TOOL_PATH=signer-tool .PHONY: checkout-signer-tool From 3c7c9dff5ecfe8f21a421465834dacbf3fae9180 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 17:50:40 -0400 Subject: [PATCH 10/12] Add Sepolia incident multisig validation Co-authored-by: Codex --- .../validations/base-signer.json | 138 ++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 sepolia/2026-05-13-incident-multisig-signers/validations/base-signer.json diff --git a/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer.json b/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer.json new file mode 100644 index 00000000..0e7d8b2b --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer.json @@ -0,0 +1,138 @@ +{ + "cmd": "forge script --rpc-url https://ethereum-full-sepolia-k8s-dev.cbhq.net UpdateSigners --sig sign(address[]) [] --sender 0x644d0F5c2C55A4679b4BFe057B87ba203AF9aC0D", + "ledgerId": 1, + "rpcUrl": "https://ethereum-full-sepolia-k8s-dev.cbhq.net", + "skipTaskOriginValidation": true, + "expectedDomainAndMessageHashes": { + "address": "0x646132A1667ca7aD00d36616AFBA1A28116C770A", + "domainHash": "0x1d3f2566fd7b1bf017258b03d4d4d435d326d9cb051d5b7993d7c65e7ec78d0e", + "messageHash": "0xcead25b8f84d43216e51a4ad43bb1b6d002bc59799bae195b93e6c8b55cfcea9" + }, + "stateOverrides": [ + { + "name": "CB Coordinator Safe - Sepolia", + "address": "0x646132A1667ca7aD00d36616AFBA1A28116C770A", + "overrides": [ + { + "key": "0x0000000000000000000000000000000000000000000000000000000000000004", + "value": "0x0000000000000000000000000000000000000000000000000000000000000001", + "description": "Override the threshold to 1 so the transaction simulation can occur.", + "allowDifference": false + }, + { + "key": "0xdd45035935b741eae52e5412de19d5afed0cf9018bc026b246bbdcef17abee98", + "value": "0x0000000000000000000000000000000000000000000000000000000000000001", + "description": "Simulates an approval from msg.sender in order for the task simulation to succeed.", + "allowDifference": false + } + ] + } + ], + "stateChanges": [ + { + "name": "CB Coordinator Safe - Sepolia", + "address": "0x646132A1667ca7aD00d36616AFBA1A28116C770A", + "changes": [ + { + "key": "0x0000000000000000000000000000000000000000000000000000000000000004", + "before": "0x0000000000000000000000000000000000000000000000000000000000000001", + "after": "0x0000000000000000000000000000000000000000000000000000000000000003", + "description": "Sets the Safe threshold to 3, preserving the existing 3-of-13 execution threshold after the validation override.", + "allowDifference": false + }, + { + "key": "0x0000000000000000000000000000000000000000000000000000000000000005", + "before": "0x0000000000000000000000000000000000000000000000000000000000000015", + "after": "0x0000000000000000000000000000000000000000000000000000000000000016", + "description": "Increments the nonce", + "allowDifference": false + }, + { + "key": "0x04f5b49ecc01681da29e79068c15efdb3abde943719f9854b44138e483921ad2", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x000000000000000000000000623942f433ee569df78dceac754c2ed3a3343a80", + "description": "Adds `0xE167153964d4ba0819E1Ad56172F3329cD5A0263` to the owners mapping and points it to `0x623942f433Ee569Df78Dceac754C2ed3A3343A80`.", + "allowDifference": false + }, + { + "key": "0x1faa07ea6a4832ac192fb7e2cbd607c53ad1016be862a14dc26d02378418c601", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x000000000000000000000000644d0f5c2c55a4679b4bfe057b87ba203af9ac0d", + "description": "Adds `0x623942f433Ee569Df78Dceac754C2ed3A3343A80` to the owners mapping and points it to the previous head owner `0x644d0F5c2C55A4679b4BFe057B87ba203AF9aC0D`.", + "allowDifference": false + }, + { + "key": "0x4bf34efa2cf5d17da7425df2ee4f6191d734167ae5ba396b1eaa05b9d92099f6", + "before": "0x000000000000000000000000b2d9a52e76841279ef0372c534c539a4f68f8c0b", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Removes `0xEE316Db0eDaee45347DfC498795a01311F085225` from the owners mapping.", + "allowDifference": false + }, + { + "key": "0x789d0a937d11245f00c7805a1652391bdbf3de0209dd993a5d6bc0ea4964bd5e", + "before": "0x000000000000000000000000e45ac81ea7f53dea5f0bd6caa0733dd5c02d3b60", + "after": "0x0000000000000000000000000cf2f86c3338993ce10f74d6f4b095712c7efe26", + "description": "Updates `0xEdecf2C444559210a865a22aCFc6A2a25590Ab1b` to skip removed owners `0xE45AC81eA7f53dea5f0bd6Caa0733DD5c02d3b60` and `0x931E24B032511d8dD029AedeB44837FAc251f3d8`, pointing it to `0x0CF2F86C3338993ce10F74d6f4B095712c7efe26`.", + "allowDifference": false + }, + { + "key": "0x7a83097f5b56a04accdbc8d4b0501bec3106db0d2c2ea1a63e7cbbf0fa91372d", + "before": "0x0000000000000000000000007f10098bd53519c739ca8a404afe127647d94774", + "after": "0x000000000000000000000000edecf2c444559210a865a22acfc6a2a25590ab1b", + "description": "Updates `0x9986ccaf9E3DE0fFEF82a0f7fA3a06D5aFe07252` to skip removed owner `0x7f10098BD53519c739cA8A404afE127647D94774`, pointing it to `0xEdecf2C444559210a865a22aCFc6A2a25590Ab1b`.", + "allowDifference": false + }, + { + "key": "0x82f9f6d76f17715407982421d7a2ab9a5f6be8ac439648a288d69f6e86af9c2b", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x000000000000000000000000e167153964d4ba0819e1ad56172f3329cd5a0263", + "description": "Adds `0x98EAC95c208b74d31550fDA9dD3AD62C5d462DF9` to the owners mapping and points it to `0xE167153964d4ba0819E1Ad56172F3329cD5A0263`.", + "allowDifference": false + }, + { + "key": "0xb06fd2848181e1497bbaa80b8d007c335c7806a2e47211a7bba7a9af63e0ca64", + "before": "0x000000000000000000000000931e24b032511d8dd029aedeb44837fac251f3d8", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Removes `0xE45AC81eA7f53dea5f0bd6Caa0733DD5c02d3b60` from the owners mapping.", + "allowDifference": false + }, + { + "key": "0xb7148df08fba2104e13e2db097b95b457295019a50d577cc90c6010aba3100d1", + "before": "0x0000000000000000000000000cf2f86c3338993ce10f74d6f4b095712c7efe26", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Removes `0x931E24B032511d8dD029AedeB44837FAc251f3d8` from the owners mapping.", + "allowDifference": false + }, + { + "key": "0xc737cf9e0b995a0b7c95319fd1b2a1daedbcafc9b244731b97e04bbf2a8067f3", + "before": "0x000000000000000000000000edecf2c444559210a865a22acfc6a2a25590ab1b", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Removes `0x7f10098BD53519c739cA8A404afE127647D94774` from the owners mapping.", + "allowDifference": false + }, + { + "key": "0xd75ac7000e645bb681b0252efd6e2374a16914e40d01873d738e67eba9190a29", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x00000000000000000000000098eac95c208b74d31550fda9dd3ad62c5d462df9", + "description": "Adds `0x821Ff2A3fB66B008fA668B40Eca9d3535B246575` to the owners mapping and points it to `0x98EAC95c208b74d31550fDA9dD3AD62C5d462DF9`.", + "allowDifference": false + }, + { + "key": "0xdd723b4c2a66aea3d2ac26f837bd1e7dea4ce6cca7e4fa76af2185076784453f", + "before": "0x000000000000000000000000ee316db0edaee45347dfc498795a01311f085225", + "after": "0x000000000000000000000000b2d9a52e76841279ef0372c534c539a4f68f8c0b", + "description": "Updates `0x420c8fE1dDb0593c71487445576c87c17f177179` to skip removed owner `0xEE316Db0eDaee45347DfC498795a01311F085225`, pointing it to `0xb2d9a52e76841279EF0372c534C539a4f68f8C0B`.", + "allowDifference": false + }, + { + "key": "0xe90b7bceb6e7df5418fb78d8ee546e97c83a08bbccc01a0644d599ccd2a7c2e0", + "before": "0x000000000000000000000000644d0f5c2c55a4679b4bfe057b87ba203af9ac0d", + "after": "0x000000000000000000000000821ff2a3fb66b008fa668b40eca9d3535b246575", + "description": "Sets the head of the owners linked list to newly added owner `0x821Ff2A3fB66B008fA668B40Eca9d3535B246575`.", + "allowDifference": false + } + ] + } + ], + "balanceChanges": [] +} From db412e44f7013616ba9591e2c083c6bfea33b794 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 18:22:15 -0400 Subject: [PATCH 11/12] Add Sepolia Safe B signer update Add the secondary Safe B address, validation generation, execution target, and generated validation artifact for the Sepolia incident multisig signer task. Co-authored-by: Codex --- .../2026-05-13-incident-multisig-signers/.env | 1 + .../FACILITATOR.md | 19 +++ .../Makefile | 8 ++ .../README.md | 7 +- .../validations/base-signer-safe-b.json | 125 ++++++++++++++++++ 5 files changed, 159 insertions(+), 1 deletion(-) create mode 100644 sepolia/2026-05-13-incident-multisig-signers/validations/base-signer-safe-b.json diff --git a/sepolia/2026-05-13-incident-multisig-signers/.env b/sepolia/2026-05-13-incident-multisig-signers/.env index 2ff2ca62..f19c64a2 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/.env +++ b/sepolia/2026-05-13-incident-multisig-signers/.env @@ -5,6 +5,7 @@ BASE_CONTRACTS_COMMIT=8b5baf316c8dd1011b8b0dcfa9f6eac5a0f216e5 # Required: Address of the Gnosis Safe whose signers will be updated OWNER_SAFE=0x646132A1667ca7aD00d36616AFBA1A28116C770A +SECONDARY_SAFE=0x6AF0674791925f767060Dd52f7fB20984E8639d8 # Required: Address of a signer on OWNER_SAFE (used for simulation) # Must also match the sender defined in validations/base-signer.json diff --git a/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md b/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md index 76fcadcb..24572b00 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md +++ b/sepolia/2026-05-13-incident-multisig-signers/FACILITATOR.md @@ -39,6 +39,19 @@ This produces `validations/base-signer.json`. Check that the `cmd` field uses: --sender 0x644d0F5c2C55A4679b4BFe057B87ba203AF9aC0D ``` +Then generate the Safe B validation: + +```bash +make gen-validation-secondary +``` + +This produces `validations/base-signer-safe-b.json`. Check that the `cmd` field uses: + +```text +OWNER_SAFE=0x6AF0674791925f767060Dd52f7fB20984E8639d8 +--sender 0x644d0F5c2C55A4679b4BFe057B87ba203AF9aC0D +``` + ## Collect Signatures Ask signers to follow [README.md](./README.md). They should run `make sign-task` from the repo root and select `sepolia/2026-05-13-incident-multisig-signers` in the signing UI. @@ -57,4 +70,10 @@ SIGNATURES=AAABBBCCC make execute Replace `AAABBBCCC` with the concatenated signatures collected from signers. +To execute the Safe B update, use: + +```bash +SIGNATURES=AAABBBCCC make execute-secondary +``` + After execution, update [README.md](./README.md) status to `EXECUTED` with the transaction link and check in any generated execution records. diff --git a/sepolia/2026-05-13-incident-multisig-signers/Makefile b/sepolia/2026-05-13-incident-multisig-signers/Makefile index 3b45ac37..904296bc 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/Makefile +++ b/sepolia/2026-05-13-incident-multisig-signers/Makefile @@ -17,6 +17,14 @@ new-forge-deps: gen-validation: deps-signer-tool $(call GEN_VALIDATION,$(SCRIPT_NAME),,$(SENDER),base-signer.json,) +.PHONY: gen-validation-secondary +gen-validation-secondary: deps-signer-tool + $(call GEN_VALIDATION,$(SCRIPT_NAME),,$(SENDER),base-signer-safe-b.json,OWNER_SAFE=$(SECONDARY_SAFE)) + .PHONY: execute execute: $(call MULTISIG_EXECUTE,$(SIGNATURES)) + +.PHONY: execute-secondary +execute-secondary: + OWNER_SAFE=$(SECONDARY_SAFE) $(call MULTISIG_EXECUTE,$(SIGNATURES)) diff --git a/sepolia/2026-05-13-incident-multisig-signers/README.md b/sepolia/2026-05-13-incident-multisig-signers/README.md index fdd24b58..7ec027a7 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/README.md +++ b/sepolia/2026-05-13-incident-multisig-signers/README.md @@ -4,7 +4,7 @@ Status: READY TO SIGN ## Description -We wish to update the owners of our [Incident Multisig](https://sepolia.etherscan.io/address/0x646132A1667ca7aD00d36616AFBA1A28116C770A) on Sepolia to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. +We wish to update the owners of our [Incident Multisig](https://sepolia.etherscan.io/address/0x646132A1667ca7aD00d36616AFBA1A28116C770A) and [Safe B](https://sepolia.etherscan.io/address/0x6AF0674791925f767060Dd52f7fB20984E8639d8) on Sepolia to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file and apply to both safes. The signer changes are configured in [OwnerDiff.json](./OwnerDiff.json), and the simulation sender is configured in [.env](./.env). @@ -51,6 +51,11 @@ Be sure to select the correct task from the list of available tasks to sign. Task name: `sepolia/2026-05-13-incident-multisig-signers` +Then select the Safe for which you would like to sign: + +- Incident Multisig: `validations/base-signer.json` +- Safe B: `validations/base-signer-safe-b.json` + ### 4. Send signature to facilitator You may now kill the Signer Tool process in your terminal window by running `Ctrl + C`. diff --git a/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer-safe-b.json b/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer-safe-b.json new file mode 100644 index 00000000..4610b0de --- /dev/null +++ b/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer-safe-b.json @@ -0,0 +1,125 @@ +{ + "cmd": "OWNER_SAFE=0x6AF0674791925f767060Dd52f7fB20984E8639d8 forge script --rpc-url https://ethereum-full-sepolia-k8s-dev.cbhq.net UpdateSigners --sig sign(address[]) [] --sender 0x644d0F5c2C55A4679b4BFe057B87ba203AF9aC0D", + "ledgerId": 1, + "rpcUrl": "https://ethereum-full-sepolia-k8s-dev.cbhq.net", + "expectedDomainAndMessageHashes": { + "address": "0x6AF0674791925f767060Dd52f7fB20984E8639d8", + "domainHash": "0x6f25427e79742a1eb82c103e2bf43c85fc59509274ec258ad6ed841c4a0048aa", + "messageHash": "0x9ba366d3cab6734fd1c8ebd67a8c803bd7fd844806d1a5b476a637d4b85971c3" + }, + "stateOverrides": [ + { + "name": "Mock OP Safe / Mock Security Council - Sepolia", + "address": "0x6AF0674791925f767060Dd52f7fB20984E8639d8", + "overrides": [ + { + "key": "0xfbb6102fe3ef75c822ab164e1a0b85841a7127f0b680cefeb13077ff233cb16e", + "value": "0x0000000000000000000000000000000000000000000000000000000000000001", + "description": "Simulates an approval from msg.sender in order for the task simulation to succeed.", + "allowDifference": false + } + ] + } + ], + "stateChanges": [ + { + "name": "Mock OP Safe / Mock Security Council - Sepolia", + "address": "0x6AF0674791925f767060Dd52f7fB20984E8639d8", + "changes": [ + { + "key": "0x0000000000000000000000000000000000000000000000000000000000000005", + "before": "0x0000000000000000000000000000000000000000000000000000000000000020", + "after": "0x0000000000000000000000000000000000000000000000000000000000000021", + "description": "Increments the nonce", + "allowDifference": false + }, + { + "key": "0x04f5b49ecc01681da29e79068c15efdb3abde943719f9854b44138e483921ad2", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x000000000000000000000000623942f433ee569df78dceac754c2ed3a3343a80", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0x1faa07ea6a4832ac192fb7e2cbd607c53ad1016be862a14dc26d02378418c601", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x0000000000000000000000006e427c3212c0b63be0c382f97715d49b011bff33", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0x4bf34efa2cf5d17da7425df2ee4f6191d734167ae5ba396b1eaa05b9d92099f6", + "before": "0x000000000000000000000000420c8fe1ddb0593c71487445576c87c17f177179", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0x50acbb719f16147a2c8ee75d12507825fd23cf8249e700977d21095d26e2750b", + "before": "0x000000000000000000000000931e24b032511d8dd029aedeb44837fac251f3d8", + "after": "0x000000000000000000000000edecf2c444559210a865a22acfc6a2a25590ab1b", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0x563d4ddf297b5a92e03dce553dc56572bfee245f134f6db63397742b674f94dd", + "before": "0x000000000000000000000000ee316db0edaee45347dfc498795a01311f085225", + "after": "0x000000000000000000000000420c8fe1ddb0593c71487445576c87c17f177179", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0x789d0a937d11245f00c7805a1652391bdbf3de0209dd993a5d6bc0ea4964bd5e", + "before": "0x0000000000000000000000007f10098bd53519c739ca8a404afe127647d94774", + "after": "0x0000000000000000000000009986ccaf9e3de0ffef82a0f7fa3a06d5afe07252", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0x82f9f6d76f17715407982421d7a2ab9a5f6be8ac439648a288d69f6e86af9c2b", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x000000000000000000000000e167153964d4ba0819e1ad56172f3329cd5a0263", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0xb06fd2848181e1497bbaa80b8d007c335c7806a2e47211a7bba7a9af63e0ca64", + "before": "0x000000000000000000000000edecf2c444559210a865a22acfc6a2a25590ab1b", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0xb7148df08fba2104e13e2db097b95b457295019a50d577cc90c6010aba3100d1", + "before": "0x000000000000000000000000e45ac81ea7f53dea5f0bd6caa0733dd5c02d3b60", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0xc737cf9e0b995a0b7c95319fd1b2a1daedbcafc9b244731b97e04bbf2a8067f3", + "before": "0x0000000000000000000000009986ccaf9e3de0ffef82a0f7fa3a06d5afe07252", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0xd75ac7000e645bb681b0252efd6e2374a16914e40d01873d738e67eba9190a29", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x00000000000000000000000098eac95c208b74d31550fda9dd3ad62c5d462df9", + "description": "Updates the owners mapping", + "allowDifference": false + }, + { + "key": "0xe90b7bceb6e7df5418fb78d8ee546e97c83a08bbccc01a0644d599ccd2a7c2e0", + "before": "0x0000000000000000000000006e427c3212c0b63be0c382f97715d49b011bff33", + "after": "0x000000000000000000000000821ff2a3fb66b008fa668b40eca9d3535b246575", + "description": "Sets the head of the owners linked list", + "allowDifference": false + } + ] + } + ], + "balanceChanges": [], + "skipTaskOriginValidation": true +} From 88ec11997b355f056591178ab53d6046fdabb998 Mon Sep 17 00:00:00 2001 From: Jack Chuma Date: Wed, 13 May 2026 18:34:12 -0400 Subject: [PATCH 12/12] docs: clarify safe b validation descriptions Co-authored-by: Codex --- .../validations/base-signer-safe-b.json | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer-safe-b.json b/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer-safe-b.json index 4610b0de..247d6216 100644 --- a/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer-safe-b.json +++ b/sepolia/2026-05-13-incident-multisig-signers/validations/base-signer-safe-b.json @@ -37,84 +37,84 @@ "key": "0x04f5b49ecc01681da29e79068c15efdb3abde943719f9854b44138e483921ad2", "before": "0x0000000000000000000000000000000000000000000000000000000000000000", "after": "0x000000000000000000000000623942f433ee569df78dceac754c2ed3a3343a80", - "description": "Updates the owners mapping", + "description": "Adds `0xE167153964d4ba0819E1Ad56172F3329cD5A0263` to the owners mapping and points it to `0x623942f433Ee569Df78Dceac754C2ed3A3343A80`.", "allowDifference": false }, { "key": "0x1faa07ea6a4832ac192fb7e2cbd607c53ad1016be862a14dc26d02378418c601", "before": "0x0000000000000000000000000000000000000000000000000000000000000000", "after": "0x0000000000000000000000006e427c3212c0b63be0c382f97715d49b011bff33", - "description": "Updates the owners mapping", + "description": "Adds `0x623942f433Ee569Df78Dceac754C2ed3A3343A80` to the owners mapping and points it to the previous head owner `0x6e427c3212C0b63BE0C382F97715D49b011bFF33`.", "allowDifference": false }, { "key": "0x4bf34efa2cf5d17da7425df2ee4f6191d734167ae5ba396b1eaa05b9d92099f6", "before": "0x000000000000000000000000420c8fe1ddb0593c71487445576c87c17f177179", "after": "0x0000000000000000000000000000000000000000000000000000000000000000", - "description": "Updates the owners mapping", + "description": "Removes `0xEE316Db0eDaee45347DfC498795a01311F085225` from the owners mapping.", "allowDifference": false }, { "key": "0x50acbb719f16147a2c8ee75d12507825fd23cf8249e700977d21095d26e2750b", "before": "0x000000000000000000000000931e24b032511d8dd029aedeb44837fac251f3d8", "after": "0x000000000000000000000000edecf2c444559210a865a22acfc6a2a25590ab1b", - "description": "Updates the owners mapping", + "description": "Updates `0x0CF2F86C3338993ce10F74d6f4B095712c7efe26` to skip removed owners `0x931E24B032511d8dD029AedeB44837FAc251f3d8` and `0xE45AC81eA7f53dea5f0bd6Caa0733DD5c02d3b60`, pointing it to `0xEdecf2c444559210a865a22acfc6A2a25590Ab1b`.", "allowDifference": false }, { "key": "0x563d4ddf297b5a92e03dce553dc56572bfee245f134f6db63397742b674f94dd", "before": "0x000000000000000000000000ee316db0edaee45347dfc498795a01311f085225", "after": "0x000000000000000000000000420c8fe1ddb0593c71487445576c87c17f177179", - "description": "Updates the owners mapping", + "description": "Updates `0xb2d9a52e76841279EF0372c534C539a4f68f8C0B` to skip removed owner `0xEE316Db0eDaee45347DfC498795a01311F085225`, pointing it to `0x420c8fE1dDb0593c71487445576c87c17f177179`.", "allowDifference": false }, { "key": "0x789d0a937d11245f00c7805a1652391bdbf3de0209dd993a5d6bc0ea4964bd5e", "before": "0x0000000000000000000000007f10098bd53519c739ca8a404afe127647d94774", "after": "0x0000000000000000000000009986ccaf9e3de0ffef82a0f7fa3a06d5afe07252", - "description": "Updates the owners mapping", + "description": "Updates `0xEdecf2c444559210a865a22acfc6A2a25590Ab1b` to skip removed owner `0x7f10098BD53519c739cA8A404afE127647D94774`, pointing it to `0x9986ccaf9E3DE0fFEF82a0f7fA3a06D5aFe07252`.", "allowDifference": false }, { "key": "0x82f9f6d76f17715407982421d7a2ab9a5f6be8ac439648a288d69f6e86af9c2b", "before": "0x0000000000000000000000000000000000000000000000000000000000000000", "after": "0x000000000000000000000000e167153964d4ba0819e1ad56172f3329cd5a0263", - "description": "Updates the owners mapping", + "description": "Adds `0x98EAC95c208b74d31550fDA9dD3AD62C5d462DF9` to the owners mapping and points it to `0xE167153964d4ba0819E1Ad56172F3329cD5A0263`.", "allowDifference": false }, { "key": "0xb06fd2848181e1497bbaa80b8d007c335c7806a2e47211a7bba7a9af63e0ca64", "before": "0x000000000000000000000000edecf2c444559210a865a22acfc6a2a25590ab1b", "after": "0x0000000000000000000000000000000000000000000000000000000000000000", - "description": "Updates the owners mapping", + "description": "Removes `0xE45AC81eA7f53dea5f0bd6Caa0733DD5c02d3b60` from the owners mapping.", "allowDifference": false }, { "key": "0xb7148df08fba2104e13e2db097b95b457295019a50d577cc90c6010aba3100d1", "before": "0x000000000000000000000000e45ac81ea7f53dea5f0bd6caa0733dd5c02d3b60", "after": "0x0000000000000000000000000000000000000000000000000000000000000000", - "description": "Updates the owners mapping", + "description": "Removes `0x931E24B032511d8dD029AedeB44837FAc251f3d8` from the owners mapping.", "allowDifference": false }, { "key": "0xc737cf9e0b995a0b7c95319fd1b2a1daedbcafc9b244731b97e04bbf2a8067f3", "before": "0x0000000000000000000000009986ccaf9e3de0ffef82a0f7fa3a06d5afe07252", "after": "0x0000000000000000000000000000000000000000000000000000000000000000", - "description": "Updates the owners mapping", + "description": "Removes `0x7f10098BD53519c739cA8A404afE127647D94774` from the owners mapping.", "allowDifference": false }, { "key": "0xd75ac7000e645bb681b0252efd6e2374a16914e40d01873d738e67eba9190a29", "before": "0x0000000000000000000000000000000000000000000000000000000000000000", "after": "0x00000000000000000000000098eac95c208b74d31550fda9dd3ad62c5d462df9", - "description": "Updates the owners mapping", + "description": "Adds `0x821Ff2A3fB66B008fA668B40Eca9d3535B246575` to the owners mapping and points it to `0x98EAC95c208b74d31550fDA9dD3AD62C5d462DF9`.", "allowDifference": false }, { "key": "0xe90b7bceb6e7df5418fb78d8ee546e97c83a08bbccc01a0644d599ccd2a7c2e0", "before": "0x0000000000000000000000006e427c3212c0b63be0c382f97715d49b011bff33", "after": "0x000000000000000000000000821ff2a3fb66b008fa668b40eca9d3535b246575", - "description": "Sets the head of the owners linked list", + "description": "Sets the head of the owners linked list to newly added owner `0x821Ff2A3fB66B008fA668B40Eca9d3535B246575`.", "allowDifference": false } ]