diff --git a/Makefile b/Makefile index 038b78c6..b58a7449 100644 --- a/Makefile +++ b/Makefile @@ -143,7 +143,7 @@ checkout-base-contracts-commit: ## # Task Signer Tool ## -SIGNER_TOOL_COMMIT=db50e4234a5475a3f109e61a83fd047924916b41 +SIGNER_TOOL_COMMIT=43c55040fee45ec90a33400b10215f1756687ad7 SIGNER_TOOL_PATH=signer-tool .PHONY: checkout-signer-tool diff --git a/mainnet/2026-05-13-incident-multisig-signers/.env b/mainnet/2026-05-13-incident-multisig-signers/.env new file mode 100644 index 00000000..1503ac51 --- /dev/null +++ b/mainnet/2026-05-13-incident-multisig-signers/.env @@ -0,0 +1,14 @@ +# Required: Git commit hash for https://github.com/base/contracts +BASE_CONTRACTS_COMMIT=8b5baf316c8dd1011b8b0dcfa9f6eac5a0f216e5 + +# Network-specific addresses are automatically loaded from {network}/.env via include ../.env + +# Required: Address of the Gnosis Safe whose signers will be updated +OWNER_SAFE=0x14536667Cd30e52C0b458BaACcB9faDA7046E056 + +# Required: Address of a signer on OWNER_SAFE (used for simulation) +# Must also match the sender defined in validations/base-signer.json +SENDER=0x1841CB3C2ce6870D0417844C817849da64E6e937 + +# Enable state diff recording for validation +RECORD_STATE_DIFF=true diff --git a/mainnet/2026-05-13-incident-multisig-signers/FACILITATOR.md b/mainnet/2026-05-13-incident-multisig-signers/FACILITATOR.md new file mode 100644 index 00000000..7a1d00f7 --- /dev/null +++ b/mainnet/2026-05-13-incident-multisig-signers/FACILITATOR.md @@ -0,0 +1,60 @@ +# Facilitator Guide + +Guide for facilitators managing the mainnet Incident Multisig signer update. + +## Task Origin Signing + +After setting up the task, generate cryptographic attestations (sigstore bundles) to prove who created and facilitated the task. These signatures are stored in `mainnet/signatures/2026-05-13-incident-multisig-signers/`. + +### Task creator (run after task setup): +```bash +make sign-as-task-creator +``` + +### Base facilitator: +```bash +make sign-as-base-facilitator +``` + +### Security Council facilitator: +```bash +make sign-as-sc-facilitator +``` + +## Generate Validation File + +Run this after any change to [OwnerDiff.json](./OwnerDiff.json), [.env](./.env), or [script/UpdateSigners.s.sol](./script/UpdateSigners.s.sol). + +```bash +cd contract-deployments +git pull +cd mainnet/2026-05-13-incident-multisig-signers +make deps +make gen-validation +``` + +This produces `validations/base-signer.json`. Check that the `cmd` field uses: + +```text +--sender 0x1841CB3C2ce6870D0417844C817849da64E6e937 +``` + +## Collect Signatures + +Ask signers to follow [README.md](./README.md). They should run `make sign-task` from the repo root and select `mainnet/2026-05-13-incident-multisig-signers` in the signing UI. + +## Execute + +After collecting enough signatures: + +```bash +cd contract-deployments +git pull +cd mainnet/2026-05-13-incident-multisig-signers +make deps +SIGNATURES=AAABBBCCC make execute +``` + +Replace `AAABBBCCC` with the concatenated signatures collected from signers. + +After execution, update [README.md](./README.md) status to `EXECUTED` with the transaction link and check in any generated execution records. diff --git a/mainnet/2026-05-13-incident-multisig-signers/Makefile b/mainnet/2026-05-13-incident-multisig-signers/Makefile new file mode 100644 index 00000000..3b45ac37 --- /dev/null +++ b/mainnet/2026-05-13-incident-multisig-signers/Makefile @@ -0,0 +1,22 @@ +include ../../Makefile +include ../../Multisig.mk +include ../.env +include .env + +RPC_URL = $(L1_RPC_URL) +SCRIPT_NAME = UpdateSigners + +.PHONY: deps +deps: new-forge-deps + +.PHONY: new-forge-deps +new-forge-deps: + forge install --no-git safe-global/safe-smart-account@186a21a74b327f17fc41217a927dea7064f74604 + +.PHONY: gen-validation +gen-validation: deps-signer-tool + $(call GEN_VALIDATION,$(SCRIPT_NAME),,$(SENDER),base-signer.json,) + +.PHONY: execute +execute: + $(call MULTISIG_EXECUTE,$(SIGNATURES)) diff --git a/mainnet/2026-05-13-incident-multisig-signers/OwnerDiff.json b/mainnet/2026-05-13-incident-multisig-signers/OwnerDiff.json new file mode 100644 index 00000000..321fe604 --- /dev/null +++ b/mainnet/2026-05-13-incident-multisig-signers/OwnerDiff.json @@ -0,0 +1,14 @@ +{ + "OwnersToAdd": [ + "0x082Cc00d1031a57d53496aBf6dAD8A6247159452", + "0x0c1Ea3aCA9fc2cFa3640fec98a3214A849715b43", + "0x8faB0B6b31A0b50A2c3d1FFBE6C0e1125699aE9d", + "0xD56C6462DC3A943596c7a54d6B0Dba404490E206" + ], + "OwnersToRemove": [ + "0x4427683AA1f0ff25ccDC4a5Db83010c1DE9b5fF4", + "0xA31E1c38d5c37D8ECd0e94C80C0F7FD624d009A3", + "0x24c3AE1AeDB8142D32BB6d3B988f5910F272D53b", + "0x5468985B560D966dEDEa2DAF493f5756101137DC" + ] +} diff --git a/mainnet/2026-05-13-incident-multisig-signers/README.md b/mainnet/2026-05-13-incident-multisig-signers/README.md new file mode 100644 index 00000000..46d4a2f2 --- /dev/null +++ b/mainnet/2026-05-13-incident-multisig-signers/README.md @@ -0,0 +1,56 @@ +# Update Mainnet Incident Multisig Signers + +Status: READY TO SIGN + +## Description + +We wish to update the owners of our [Incident Multisig](https://etherscan.io/address/0x14536667Cd30e52C0b458BaACcB9faDA7046E056) on Mainnet to be consistent with the current state of our Base Chain Eng team. This involves removing signers that are no longer closely involved with the team, and adding new team members as signers. The exact signer changes are outlined in the [OwnerDiff.json](./OwnerDiff.json) file. + +The signer changes are configured in [OwnerDiff.json](./OwnerDiff.json), and the simulation sender is configured in [.env](./.env). + +## Install dependencies + +### 1. Update foundry + +```bash +foundryup +``` + +### 2. Install Node.js if needed + +First, check if you have node installed + +```bash +node --version +``` + +If you see a version output from the above command, you can move on. Otherwise, install node + +```bash +brew install node +``` + +## Approving Signers Update + +### 1. Update repo: + +```bash +cd contract-deployments +git pull +``` + +### 2. Run the signing tool (NOTE: do not enter the task directory. Run this command from the project's root). + +```bash +make sign-task +``` + +### 3. Open the UI at [http://localhost:3000](http://localhost:3000) + +Be sure to select the correct task from the list of available tasks to sign. + +Task name: `mainnet/2026-05-13-incident-multisig-signers` + +### 4. Send signature to facilitator + +You may now kill the Signer Tool process in your terminal window by running `Ctrl + C`. diff --git a/mainnet/2026-05-13-incident-multisig-signers/foundry.toml b/mainnet/2026-05-13-incident-multisig-signers/foundry.toml new file mode 100644 index 00000000..66c234aa --- /dev/null +++ b/mainnet/2026-05-13-incident-multisig-signers/foundry.toml @@ -0,0 +1,18 @@ +[profile.default] +src = 'src' +out = 'out' +libs = ['lib'] +broadcast = 'records' +fs_permissions = [{ access = "read-write", path = "./" }] +optimizer = true +optimizer_runs = 999999 +solc_version = "0.8.15" +via-ir = false +remappings = [ + '@base-contracts/=lib/contracts/', +] + +[lint] +lint_on_build = false + +# See more config options https://github.com/foundry-rs/foundry/tree/master/config diff --git a/mainnet/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol b/mainnet/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol new file mode 100644 index 00000000..65b7fbb1 --- /dev/null +++ b/mainnet/2026-05-13-incident-multisig-signers/script/UpdateSigners.s.sol @@ -0,0 +1,131 @@ +// SPDX-License-Identifier: MIT +pragma solidity 0.8.15; + +import {Vm} from "forge-std/Vm.sol"; +import {stdJson} from "forge-std/StdJson.sol"; +import {Simulation} from "@base-contracts/scripts/universal/Simulation.sol"; + +import {MultisigScript} from "@base-contracts/scripts/universal/MultisigScript.sol"; +import {GnosisSafe} from "safe-smart-account/GnosisSafe.sol"; +import {OwnerManager} from "safe-smart-account/base/OwnerManager.sol"; +import {Enum} from "@base-contracts/scripts/universal/IGnosisSafe.sol"; + +contract UpdateSigners is MultisigScript { + using stdJson for string; + + address public constant SENTINEL_OWNERS = address(0x1); + + address public immutable OWNER_SAFE; + uint256 public immutable THRESHOLD; + address[] public EXISTING_OWNERS; + + address[] public OWNERS_TO_ADD; + address[] public OWNERS_TO_REMOVE; + + mapping(address => address) public ownerToPrevOwner; + mapping(address => address) public ownerToNextOwner; + mapping(address => bool) public expectedOwner; + + constructor() { + OWNER_SAFE = vm.envAddress("OWNER_SAFE"); + + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + THRESHOLD = ownerSafe.getThreshold(); + EXISTING_OWNERS = ownerSafe.getOwners(); + + string memory rootPath = vm.projectRoot(); + string memory path = string.concat(rootPath, "/OwnerDiff.json"); + string memory jsonData = vm.readFile(path); + + OWNERS_TO_ADD = abi.decode(jsonData.parseRaw(".OwnersToAdd"), (address[])); + OWNERS_TO_REMOVE = abi.decode(jsonData.parseRaw(".OwnersToRemove"), (address[])); + } + + function setUp() external { + require(OWNERS_TO_ADD.length > 0, "Precheck 00"); + require(OWNERS_TO_REMOVE.length > 0, "Precheck 01"); + + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + address prevOwner = SENTINEL_OWNERS; + + for (uint256 i = OWNERS_TO_ADD.length; i > 0; i--) { + uint256 index = i - 1; + // Make sure owners to add are not already owners + require(!ownerSafe.isOwner(OWNERS_TO_ADD[index]), "Precheck 03"); + // Prevent duplicates + require(!expectedOwner[OWNERS_TO_ADD[index]], "Precheck 04"); + + ownerToPrevOwner[OWNERS_TO_ADD[index]] = prevOwner; + ownerToNextOwner[prevOwner] = OWNERS_TO_ADD[index]; + prevOwner = OWNERS_TO_ADD[index]; + expectedOwner[OWNERS_TO_ADD[index]] = true; + } + + for (uint256 i; i < EXISTING_OWNERS.length; i++) { + ownerToPrevOwner[EXISTING_OWNERS[i]] = prevOwner; + ownerToNextOwner[prevOwner] = EXISTING_OWNERS[i]; + prevOwner = EXISTING_OWNERS[i]; + expectedOwner[EXISTING_OWNERS[i]] = true; + } + + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + // Make sure owners to remove are owners + require(ownerSafe.isOwner(OWNERS_TO_REMOVE[i]), "Precheck 05"); + // Prevent duplicates + require(expectedOwner[OWNERS_TO_REMOVE[i]], "Precheck 06"); + expectedOwner[OWNERS_TO_REMOVE[i]] = false; + + // Remove from linked list to keep ownerToPrevOwner up to date + // Note: This works as long as the order of OWNERS_TO_REMOVE does not change during `_buildCalls()` + address nextOwner = ownerToNextOwner[OWNERS_TO_REMOVE[i]]; + address prevPtr = ownerToPrevOwner[OWNERS_TO_REMOVE[i]]; + ownerToPrevOwner[nextOwner] = prevPtr; + ownerToNextOwner[prevPtr] = nextOwner; + } + } + + function _postCheck(Vm.AccountAccess[] memory, Simulation.Payload memory) internal view override { + GnosisSafe ownerSafe = GnosisSafe(payable(OWNER_SAFE)); + address[] memory postCheckOwners = ownerSafe.getOwners(); + uint256 postCheckThreshold = ownerSafe.getThreshold(); + + uint256 expectedLength = EXISTING_OWNERS.length + OWNERS_TO_ADD.length - OWNERS_TO_REMOVE.length; + + require(postCheckThreshold == THRESHOLD, "Postcheck 00"); + require(postCheckOwners.length == expectedLength, "Postcheck 01"); + + for (uint256 i; i < postCheckOwners.length; i++) { + require(expectedOwner[postCheckOwners[i]], "Postcheck 02"); + } + } + + function _buildCalls() internal view override returns (Call[] memory) { + Call[] memory calls = new Call[](OWNERS_TO_ADD.length + OWNERS_TO_REMOVE.length); + + for (uint256 i; i < OWNERS_TO_ADD.length; i++) { + calls[i] = Call({ + operation: Enum.Operation.Call, + target: OWNER_SAFE, + data: abi.encodeCall(OwnerManager.addOwnerWithThreshold, (OWNERS_TO_ADD[i], THRESHOLD)), + value: 0 + }); + } + + for (uint256 i; i < OWNERS_TO_REMOVE.length; i++) { + calls[OWNERS_TO_ADD.length + i] = Call({ + operation: Enum.Operation.Call, + target: OWNER_SAFE, + data: abi.encodeCall( + OwnerManager.removeOwner, (ownerToPrevOwner[OWNERS_TO_REMOVE[i]], OWNERS_TO_REMOVE[i], THRESHOLD) + ), + value: 0 + }); + } + + return calls; + } + + function _ownerSafe() internal view override returns (address) { + return OWNER_SAFE; + } +} diff --git a/mainnet/2026-05-13-incident-multisig-signers/validations/base-signer.json b/mainnet/2026-05-13-incident-multisig-signers/validations/base-signer.json new file mode 100644 index 00000000..2ba2569b --- /dev/null +++ b/mainnet/2026-05-13-incident-multisig-signers/validations/base-signer.json @@ -0,0 +1,138 @@ +{ + "cmd": "forge script --rpc-url https://eth-mainnet.public.blastapi.io UpdateSigners --sig sign(address[]) [] --sender 0x1841CB3C2ce6870D0417844C817849da64E6e937", + "ledgerId": 0, + "rpcUrl": "https://eth-mainnet.public.blastapi.io", + "expectedDomainAndMessageHashes": { + "address": "0x14536667Cd30e52C0b458BaACcB9faDA7046E056", + "domainHash": "0xf3474c66ee08325b410c3f442c878d01ec97dd55a415a307e9d7d2ea24336289", + "messageHash": "0x753699c81ccbc257e50879009fa831002a29f7c1f51adbec42e1c24633233c77" + }, + "stateOverrides": [ + { + "name": "Incident Safe - Mainnet", + "address": "0x14536667Cd30e52C0b458BaACcB9faDA7046E056", + "overrides": [ + { + "key": "0x0000000000000000000000000000000000000000000000000000000000000004", + "value": "0x0000000000000000000000000000000000000000000000000000000000000001", + "description": "Override the threshold to 1 so the transaction simulation can occur.", + "allowDifference": false + }, + { + "key": "0x599c9e965dd1777a11bbf5f82e91ae3c228e9b1380c82f34e9428c742e419947", + "value": "0x0000000000000000000000000000000000000000000000000000000000000001", + "description": "Simulates an approval from msg.sender in order for the task simulation to succeed.", + "allowDifference": false + } + ] + } + ], + "stateChanges": [ + { + "name": "Incident Safe - Mainnet", + "address": "0x14536667Cd30e52C0b458BaACcB9faDA7046E056", + "changes": [ + { + "key": "0x0000000000000000000000000000000000000000000000000000000000000004", + "before": "0x0000000000000000000000000000000000000000000000000000000000000001", + "after": "0x0000000000000000000000000000000000000000000000000000000000000003", + "description": "Restores the execution threshold from the simulation override value 1 to the expected value 3.", + "allowDifference": false + }, + { + "key": "0x0000000000000000000000000000000000000000000000000000000000000005", + "before": "0x0000000000000000000000000000000000000000000000000000000000000069", + "after": "0x000000000000000000000000000000000000000000000000000000000000006a", + "description": "Increments the Safe nonce from 105 to 106.", + "allowDifference": false + }, + { + "key": "0x35f8ca6c240a9b89272a80f341f4a22b46f2a01c8311b54080373c9b91208c98", + "before": "0x00000000000000000000000026c72586fb396325f58718152fefa94e93cf177b", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Owners linked list: Removes signer 0x5468985b560d966dedea2daf493f5756101137dc by clearing its pointer to 0x26c72586fb396325f58718152fefa94e93cf177b.", + "allowDifference": false + }, + { + "key": "0x56a2719ad2beef0c19441f84d407dd2c9784ca8c8f85fb6f5c8696628c63fd10", + "before": "0x0000000000000000000000004427683aa1f0ff25ccdc4a5db83010c1de9b5ff4", + "after": "0x000000000000000000000000b37b2d42cb0c10ebf96279cceca2cbfc47c6f236", + "description": "Owners linked list: Relinks signer 0x541a833e4303eb56a45be7e8e4a908db97568d1e to point to 0xb37b2d42cb0c10ebf96279cceca2cbfc47c6f236 after removing 0x4427683aa1f0ff25ccdc4a5db83010c1de9b5ff4 and 0xa31e1c38d5c37d8ecd0e94c80c0f7fd624d009a3.", + "allowDifference": false + }, + { + "key": "0x738e743b0e4f327810ae0f138c7c5012854e2f43043547bef588cf84df24f166", + "before": "0x00000000000000000000000024c3ae1aedb8142d32bb6d3b988f5910f272d53b", + "after": "0x000000000000000000000000644e3dedb0e4f83bfcf8f9992964d240224b74dc", + "description": "Owners linked list: Relinks signer 0xb37b2d42cb0c10ebf96279cceca2cbfc47c6f236 to point to 0x644e3dedb0e4f83bfcf8f9992964d240224b74dc after removing 0x24c3ae1aedb8142d32bb6d3b988f5910f272d53b.", + "allowDifference": false + }, + { + "key": "0x87fac1b7a53c40e489763073338f9f3a8d07a2058ee5f00a64dd1eeae74550a4", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x000000000000000000000000082cc00d1031a57d53496abf6dad8a6247159452", + "description": "Owners linked list: Adds signer 0x0c1ea3aca9fc2cfa3640fec98a3214a849715b43 pointing to next owner 0x082cc00d1031a57d53496abf6dad8a6247159452.", + "allowDifference": false + }, + { + "key": "0x95d1aa1bb172c2bf1f8f9d26147578664d9c87a13833e5ec836b94816dd5e63c", + "before": "0x0000000000000000000000005468985b560d966dedea2daf493f5756101137dc", + "after": "0x00000000000000000000000026c72586fb396325f58718152fefa94e93cf177b", + "description": "Owners linked list: Relinks signer 0x7ad8e6b7b1f6d66f49559f20053cef8a7b6c488e to point to 0x26c72586fb396325f58718152fefa94e93cf177b after removing 0x5468985b560d966dedea2daf493f5756101137dc.", + "allowDifference": false + }, + { + "key": "0xaae1b570ab817af80d8c0d204fb15e028c217d77afad5a3c8113d93575274af8", + "before": "0x000000000000000000000000a31e1c38d5c37d8ecd0e94c80c0f7fd624d009a3", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Owners linked list: Removes signer 0x4427683aa1f0ff25ccdc4a5db83010c1de9b5ff4 by clearing its pointer to 0xa31e1c38d5c37d8ecd0e94c80c0f7fd624d009a3.", + "allowDifference": false + }, + { + "key": "0xb15fe2848d40596069252cc647bd74a278cd49bf36cb5c08459942bd90414084", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x0000000000000000000000000c1ea3aca9fc2cfa3640fec98a3214a849715b43", + "description": "Owners linked list: Adds signer 0x8fab0b6b31a0b50a2c3d1ffbe6c0e1125699ae9d pointing to next owner 0x0c1ea3aca9fc2cfa3640fec98a3214a849715b43.", + "allowDifference": false + }, + { + "key": "0xb66edc9a114e89f02d0b7982582a48a539d388af46cfade8e93f01cba0973729", + "before": "0x000000000000000000000000b37b2d42cb0c10ebf96279cceca2cbfc47c6f236", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Owners linked list: Removes signer 0xa31e1c38d5c37d8ecd0e94c80c0f7fd624d009a3 by clearing its pointer to 0xb37b2d42cb0c10ebf96279cceca2cbfc47c6f236.", + "allowDifference": false + }, + { + "key": "0xbb0ca364a5d59aeb597ecc0746c7932123c2f20efece9f164f8af2f2e5ee7618", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x0000000000000000000000008fab0b6b31a0b50a2c3d1ffbe6c0e1125699ae9d", + "description": "Owners linked list: Adds signer 0xd56c6462dc3a943596c7a54d6b0dba404490e206 pointing to next owner 0x8fab0b6b31a0b50a2c3d1ffbe6c0e1125699ae9d.", + "allowDifference": false + }, + { + "key": "0xd8206f987b26f969100b1584f87a78b15e14b9d64fcad9bdc2466f6cb7becb87", + "before": "0x000000000000000000000000644e3dedb0e4f83bfcf8f9992964d240224b74dc", + "after": "0x0000000000000000000000000000000000000000000000000000000000000000", + "description": "Owners linked list: Removes signer 0x24c3ae1aedb8142d32bb6d3b988f5910f272d53b by clearing its pointer to 0x644e3dedb0e4f83bfcf8f9992964d240224b74dc.", + "allowDifference": false + }, + { + "key": "0xe2e7e1f18e3e0546efbef39088f820c7d9c78019eec558886d8826ad49444d6b", + "before": "0x0000000000000000000000000000000000000000000000000000000000000000", + "after": "0x0000000000000000000000001841cb3c2ce6870d0417844c817849da64e6e937", + "description": "Owners linked list: Adds signer 0x082cc00d1031a57d53496abf6dad8a6247159452 pointing to next owner 0x1841cb3c2ce6870d0417844c817849da64e6e937.", + "allowDifference": false + }, + { + "key": "0xe90b7bceb6e7df5418fb78d8ee546e97c83a08bbccc01a0644d599ccd2a7c2e0", + "before": "0x0000000000000000000000001841cb3c2ce6870d0417844c817849da64e6e937", + "after": "0x000000000000000000000000d56c6462dc3a943596c7a54d6b0dba404490e206", + "description": "Owners linked list: Updates SENTINEL to point to new head 0xd56c6462dc3a943596c7a54d6b0dba404490e206.", + "allowDifference": false + } + ] + } + ], + "balanceChanges": [], + "skipTaskOriginValidation": true +}