1344219fd3
Some checks failed
CI/CD Pipeline / Solidity Contracts (pull_request) Failing after 53s
CI/CD Pipeline / Security Scanning (pull_request) Successful in 2m32s
CI/CD Pipeline / Lint and Format (pull_request) Failing after 19s
CI/CD Pipeline / Terraform Validation (pull_request) Failing after 11s
CI/CD Pipeline / Kubernetes Validation (pull_request) Successful in 15s
Validation / validate-genesis (pull_request) Successful in 16s
Validation / validate-terraform (pull_request) Failing after 15s
Validation / validate-kubernetes (pull_request) Failing after 2s
Validation / validate-smart-contracts (pull_request) Failing after 3s
Validation / validate-security (pull_request) Failing after 2m1s
Validation / validate-documentation (pull_request) Failing after 6s
Part of the sequenced cleanup tracked in d-bis/proxmox#1. Scaffolding only. No broadcast. No secret values committed. The Chain 138 deployer EOA 0x4A666F96...01C8 is in proxmox master in plaintext and must be rotated off as owner/admin on all contracts it controls. Because the key is an EOA (not a multisig), rotation is transfer-then-revoke (not revoke-first) per docs/runbooks/MULTI_CHAIN_EXECUTION_KEY_ROTATION.md. - script/rotation/RotateChain138Admin.s.sol - RotateStage1 (signed by OLD): transferOwnership + grantRole DEFAULT_ADMIN_ROLE on cUSDT, cUSDC, DODOPMMIntegration; additionally POOL_MANAGER_ROLE + SWAP_OPERATOR_ROLE on DODOPMMIntegration. Preflight asserts OLD still holds each role and NEW does not. - RotateStage2 (signed by NEW): revokeRole on OLD for each of the above. Preflight asserts Stage 1 landed (NEW holds roles, OLD still holds roles). - VerifyChain138RotationComplete: read-only end-state check; reverts with a specific message if any contract still names OLD as owner or admin. - Default addresses are the canonical Chain 138 cUSDT / cUSDC / DODOPMMIntegration from docs/11-references/ADDRESS_MATRIX_AND_STATUS.md and .cursor/rules/chain138-tokens-and-pmm.mdc. Overridable via env. - script/rotation/README.md: index + follow-up PR table for the other chains (mainnet, Cronos, Polygon, Base, OP, BSC, AVAX, Arbitrum, Wemix). - scripts/rotation/chain138-rotation-runbook.md: authoritative operator runbook with simulate/broadcast cast sequences, Stage-1/Stage-2 verification steps, rollback path (only possible between stages), and a per-chain template for the follow-up PRs. Forge build passes (one mixed-case-variable lint note on field names matching the contract names; not an error). This PR does not cover other chains or execute the rotation — those are explicit operator steps gated on per-tx approval. Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
18 lines
919 B
Markdown
18 lines
919 B
Markdown
# script/rotation — admin / owner rotation Forge scripts
|
|
|
|
Scripts for rotating admin / owner roles away from the compromised Chain 138
|
|
deployer EOA `0x4A666F96fC8764181194447A7dFdb7d471b301C8`.
|
|
|
|
**Nothing here broadcasts by default.** Forge simulates unless the operator
|
|
appends `--broadcast` explicitly, and even then the per-tx approval gate
|
|
applies per the runbook.
|
|
|
|
| File | Purpose |
|
|
|---|---|
|
|
| `RotateChain138Admin.s.sol` | Stage 1 (OLD signs, grants NEW) + Stage 2 (NEW signs, revokes OLD) + read-only verifier |
|
|
| (follow-up PRs) | `RotateMainnetAdmin.s.sol`, `RotateCronosAdmin.s.sol`, `RotatePolygonAdmin.s.sol`, `RotateBaseAdmin.s.sol`, `RotateOptimismAdmin.s.sol`, `RotateBscAdmin.s.sol`, `RotateAvalancheAdmin.s.sol`, `RotateArbitrumAdmin.s.sol`, `RotateWemixAdmin.s.sol` |
|
|
|
|
Operator runbook: `scripts/rotation/chain138-rotation-runbook.md`.
|
|
|
|
Tracking: <https://gitea.d-bis.org/d-bis/proxmox/issues/1>.
|