Recently audited contracts have been deployed to all supported network (#31)

* added explicit error for unauthorized reads

* implemented check duplicate method in the base contract

* check enclave identity duplicates

* fmspc tcb duplicate check

* duplicate check pckdao

* duplicate check for pcs dao

* new collateral issuance date must be strictly higher than the issuance date of existing collaterals

* fixed incorrect enclave identity data fetcher

* consistent behavior for granting and revoking dao write permission to storage

* modified fmspc tcb timestamp attestation

* defined external getter interface to fetch the collateral validity timestamp range

* implemented getter in fmspc dao

* timestamp attestation for all collaterals

* moved _storeTcbInfoIssueEvaluation in FMSPC TCB DAO

* added authority key identifier and subject key identifier getters for both X509 and X509 CRL helper libs

* negative test case

* included key identifiers in parsed struct

* platform tcb event logs

* emit logs via state-changes in the storage

* Update FmspcTcbDao.sol

* Update PckDao.sol

* declare keyIdentifiers as dynamic bytes

* fixed internal method to find extension values

* removed keyIdentifier length check

* length is still required to get the correct slice for subject key identifier

* fixed _findExtensionValuePtr to break infinite loop

* changes to CN parsing

* fmspc tcb content hash

* parsedIdentityString returns tcb string

* enclave identity content hash

* use internal methods to read attestation entry

* updated ci build action

* create2

* updated code commenting

* appendix d: encode json obj as a whole, instead of individually by members

* use _onFetchDataFromResolver() for collateral reads

* fixes

* asn1 decoder length check

* asn1 length bytes should not be zero

* asn1 decoder index out of bound check

* do not use external calls to fetch data

* stricter issuer ca check

* do not store tcb evaluation twice

* docs

* conflict resolution isnt my strongest suit, both in code and irl

* fmspc tcb merge conflict resolution

* fixed enclaveiddao merge conflict resolution error

* deployment scripts

* updated Makefile to include contract verification

* updated Makefile and README

* chore: clean up and fmt

* cleanup

* chore: update

* minor update on P256 util scripts

* testnet deployment

* readme formatting

* world sepolia deployment

* l2 mainnet deployment

* fix: README World mainnet address typo

* fuji deployment

* polgon mainnet and bnb testnet deployment

* eth mainnet and bsc mainnet deployment

* updated readme

* polygon amoy deployment

* avax c mainnet deployment

* hoodi deployment

* updated readme

---------

Co-authored-by: Maxim Evtush <154841002+maximevtush@users.noreply.github.com>

Author: preston4896

.env.example

@@ -0,0 +1,10 @@
+# cast wallet address --keystore keystore/dcap_prod
+OWNER=
+
+ETHERSCAN_API_KEY_OG=
+ETHERSCAN_API_KEY_BASE=
+ETHERSCAN_API_KEY_OPTIMISM=
+ETHERSCAN_API_KEY_ARBITRUM=
+ETHERSCAN_API_KEY_WORLDCHAIN=
+ETHERSCAN_API_KEY_BSC=
+ETHERSCAN_API_KEY_POLYGON=

.github/workflows/build.yml

@@ -3,7 +3,7 @@ name: Foundry Build CI/CD
 # Controls when the workflow will run
 on: 
   push:
-    branches: [main]
+    branches: [main, development]
   pull_request:
     branches: [main]
 

.gitignore

@@ -8,12 +8,14 @@ broadcast/**/run-*.json
 broadcast/**/dry-run/
 !broadcast/**/*-latest.json
 
-# Docs
-docs/
-
 # Dotenv file
 .env
 
-**/.DS_Store
+# Ignore development deployment files
+deployment/31337.json
 
-**/node_modules/
+# Misc
+**/.DS_Store
+**/node_modules/
+**/keystore/
+**/.vscode

Makefile

@@ -0,0 +1,148 @@
+# Configuration
+VERIFIER ?= etherscan
+VERIFIER_URL ?= 
+WITH_STORAGE ?= true
+SIMULATED ?=
+KEYSTORE_PATH ?= keystore/dcap_prod
+PRIVATE_KEY ?=
+
+# Required environment variables check
+check_env:
+ifdef RPC_URL
+	$(eval CHAIN_ID := $(shell cast chain-id --rpc-url $(RPC_URL)))
+	@echo "Chain ID: $(CHAIN_ID)"
+else 
+	$(error RPC_URL is not set)
+endif
+
+# Get the Owner's Wallet Address
+get_owner:
+ifdef PRIVATE_KEY
+	$(eval OWNER := $(shell cast wallet address --private-key $(PRIVATE_KEY)))
+else
+	$(eval KEYSTORE_PASSWORD := $(shell read -s -p "Enter keystore password: " pwd; echo $$pwd))
+	$(eval OWNER := $(shell cast wallet address --keystore $(KEYSTORE_PATH) --password $(KEYSTORE_PASSWORD) \
+		|| (echo "Improper wallet configuration"; exit 1)))
+endif
+	@echo "\nWallet Owner: $(OWNER)"
+
+# Deployment targets
+deploy-helpers: check_env get_owner
+	@echo "Deploying helper contracts..."
+	@OWNER=$(OWNER) \
+		forge script script/helper/DeployHelpers.s.sol:DeployHelpers \
+		--rpc-url $(RPC_URL) \
+		$(if $(PRIVATE_KEY), --private-key $(PRIVATE_KEY), \
+		--keystore $(KEYSTORE_PATH) --password $(KEYSTORE_PASSWORD)) \
+		$(if $(SIMULATED),, --broadcast) \
+		$(if $(LEGACY), --legacy) \
+		-vv
+	@echo "Helper contracts deployed"
+
+deploy-dao: check_env get_owner
+	@echo "Deploying DAO contracts..."
+	@if [ ! -f deployment/$(CHAIN_ID).json ]; then \
+		echo "Helper addresses not found. Run deploy-helpers first"; \
+		exit 1; \
+	fi
+	@OWNER=$(OWNER) \
+		forge script script/automata/DeployAutomataDao.s.sol:DeployAutomataDao \
+		--rpc-url $(RPC_URL) \
+		$(if $(PRIVATE_KEY), --private-key $(PRIVATE_KEY), \
+		--keystore $(KEYSTORE_PATH) --password $(KEYSTORE_PASSWORD)) \
+		$(if $(SIMULATED),, --broadcast) \
+		$(if $(LEGACY), --legacy) \
+		-vv \
+		--sig "deployAll(bool)" $(WITH_STORAGE)
+	@echo "DAO contracts deployed"
+
+deploy-all: deploy-helpers deploy-dao
+	@echo "Deployment completed"
+
+# Contract verification
+verify-helpers: check_env
+	@echo "Verifying helper contracts..."
+	@if [ ! -f deployment/$(CHAIN_ID).json ]; then \
+		echo "Helper addresses not found. Deploy helpers first."; \
+		exit 1; \
+	fi
+	@for contract in EnclaveIdentityHelper FmspcTcbHelper PCKHelper X509CRLHelper; do \
+		addr=$$(jq -r ".$$contract" deployment/$(CHAIN_ID).json); \
+		if [ "$$addr" != "null" ]; then \
+			forge verify-contract \
+				--rpc-url $(RPC_URL) \
+				--verifier $(VERIFIER) \
+				--watch \
+				$(if $(VERIFIER_URL),--verifier-url $(VERIFIER_URL)) \
+				$$addr \
+				src/helpers/$$contract.sol:$$contract || true; \
+		fi \
+	done
+
+verify-dao: check_env
+	@echo "Verifying DAO contracts..."
+	@if [ ! -f deployment/$(CHAIN_ID).json ]; then \
+		echo "DAO addresses not found. Deploy DAOs first."; \
+		exit 1; \
+	fi
+	@for contract in AutomataDaoStorage AutomataPcsDao AutomataPckDao AutomataEnclaveIdentityDao AutomataFmspcTcbDao; do \
+		addr=$$(jq -r ".$$contract" deployment/$(CHAIN_ID).json); \
+		if [ "$$addr" != "null" ]; then \
+			if [ "$$contract" != "AutomataDaoStorage" ]; then \
+				forge verify-contract \
+					--rpc-url $(RPC_URL) \
+					--verifier $(VERIFIER) \
+					--watch \
+					$(if $(VERIFIER_URL),--verifier-url $(VERIFIER_URL)) \
+					$$addr \
+					src/automata_pccs/$$contract.sol:$$contract || true; \
+			else \
+				forge verify-contract \
+					--rpc-url $(RPC_URL) \
+					--verifier $(VERIFIER) \
+					--watch \
+					$(if $(VERIFIER_URL),--verifier-url $(VERIFIER_URL)) \
+					$$addr \
+					src/automata_pccs/shared/AutomataDaoStorage.sol:AutomataDaoStorage || true; \
+			fi \
+		fi \
+	done
+
+verify-all: verify-helpers verify-dao
+	@echo "Verification completed"
+
+# Utility targets
+clean:
+	forge clean
+
+# Help target
+help:
+	@echo "Available targets:"
+	@echo "  deploy-helpers      Deploy helper contracts"
+	@echo "  deploy-dao          Deploy DAO contracts"
+	@echo "  deploy-all          Deploy all contracts"
+	@echo "  verify-helpers      Verify helper contracts"
+	@echo "  verify-dao          Verify DAO contracts"
+	@echo "  verify-all          Verify all contracts"
+	@echo "  clean               Remove build artifacts"
+	@echo ""
+	@echo "Wallet environment variables: (you only need to set one)"
+	@echo "  PRIVATE_KEY         Private key for wallet"
+	@echo "  KEYSTORE_PATH       Path to keystore directory"
+	@echo ""
+	@echo "Required environment variables:"
+	@echo "  RPC_URL             RPC URL for the target network"
+	@echo ""
+	@echo "Optional environment variables:"
+	@echo "  VERIFIER            Contract verifier (default: etherscan)"
+	@echo "  VERIFIER_URL        Custom verifier API URL"
+	@echo "  ETHERSCAN_API_KEY   API key for contract verification"
+	@echo "  WITH_STORAGE        Deploy with storage (default: true)"
+	@echo "  SIMULATED           Simulate deployment (default: false)"
+	@echo ""
+	@echo "Example usage:"
+	@echo "  make deploy-all RPC_URL=xxx"
+	@echo "  make verify-all RPC_URL=xxx ETHERSCAN_API_KEY=xxx"
+	@echo "  make deploy-dao PRIVATE_KEY=xxx RPC_URL=xxx SIMULATED=true"
+
+.PHONY: check_env clean help deploy-% verify-%