Part of the sequenced cleanup tracked in
d-bis/proxmox#1.
Scaffolding only. No broadcast. No secret values committed.
The Chain 138 deployer EOA 0x4A666F96...01C8 is in proxmox master in
plaintext and must be rotated off as owner/admin on all contracts it
controls. Because the key is an EOA (not a multisig), rotation is
transfer-then-revoke (not revoke-first) per
docs/runbooks/MULTI_CHAIN_EXECUTION_KEY_ROTATION.md.
- script/rotation/RotateChain138Admin.s.sol
- RotateStage1 (signed by OLD): transferOwnership + grantRole
DEFAULT_ADMIN_ROLE on cUSDT, cUSDC, DODOPMMIntegration; additionally
POOL_MANAGER_ROLE + SWAP_OPERATOR_ROLE on DODOPMMIntegration.
Preflight asserts OLD still holds each role and NEW does not.
- RotateStage2 (signed by NEW): revokeRole on OLD for each of the
above. Preflight asserts Stage 1 landed (NEW holds roles, OLD still
holds roles).
- VerifyChain138RotationComplete: read-only end-state check; reverts
with a specific message if any contract still names OLD as owner or
admin.
- Default addresses are the canonical Chain 138 cUSDT / cUSDC /
DODOPMMIntegration from docs/11-references/ADDRESS_MATRIX_AND_STATUS.md
and .cursor/rules/chain138-tokens-and-pmm.mdc. Overridable via env.
- script/rotation/README.md: index + follow-up PR table for the other
chains (mainnet, Cronos, Polygon, Base, OP, BSC, AVAX, Arbitrum,
Wemix).
- scripts/rotation/chain138-rotation-runbook.md: authoritative operator
runbook with simulate/broadcast cast sequences, Stage-1/Stage-2
verification steps, rollback path (only possible between stages), and
a per-chain template for the follow-up PRs.
Forge build passes (one mixed-case-variable lint note on field names
matching the contract names; not an error).
This PR does not cover other chains or execute the rotation — those
are explicit operator steps gated on per-tx approval.
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
- Resolve stash: merge load_deployment_env path with secure-secrets and CR/LF RPC strip
- create-pmm-full-mesh-chain138.sh delegates to sync-chain138-pmm-pools-from-json.sh
- env.additions.example: canonical PMM pool defaults (cUSDT/USDT per crosscheck)
- Include Chain138 scripts, official mirror deploy scaffolding, and prior staged changes
Made-with: Cursor
- Updated DBIS_ConversionRouter and DBIS_SettlementRouter to utilize IDBIS_EIP712Helper for EIP-712 hashing and signature recovery, improving stack depth management.
- Refactored minting logic in DBIS_GRU_MintController to streamline recipient processing.
- Enhanced BUILD_NOTES.md with updated build instructions and test coverage details.
- Added new functions in DBIS_SignerRegistry for duplicate signer checks and active signer validation.
- Introduced a new submodule, DBIS_EIP712Helper, to encapsulate EIP-712 related functionalities.
Made-with: Cursor
- Added MINTER_ROLE constant to manage minting permissions.
- Updated mint function to restrict access to addresses with MINTER_ROLE, enhancing security and compliance.
- Granted MINTER_ROLE to the initial owner during contract deployment.
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
