Merge pull request #359 from 0xPolygonHermez/feature/audit-remediations

Sovereign Audit remediations

.gitignore

@@ -24,3 +24,5 @@ create_rollup_parameters.json
 docker/deploymentOutput
 
 .DS_Store
+
+tools/createSovereignGenesisWithHardhat/genesis-sovereign_hardhat.json

contracts/PolygonZkEVMBridge.sol

@@ -139,7 +139,7 @@ contract PolygonZkEVMBridge is
      * @param destinationNetwork Network destination
      * @param destinationAddress Address destination
      * @param amount Amount of tokens
-     * @param token Token address, 0 address is reserved for ether
+     * @param token Token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param forceUpdateGlobalExitRoot Indicates if the new global exit root is updated or not
      * @param permitData Raw data of the call `permit` of the token
      */
@@ -306,7 +306,7 @@ contract PolygonZkEVMBridge is
      * @param mainnetExitRoot Mainnet exit root
      * @param rollupExitRoot Rollup exit root
      * @param originNetwork Origin network
-     * @param originTokenAddress  Origin token address, 0 address is reserved for ether
+     * @param originTokenAddress  Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param destinationNetwork Network destination
      * @param destinationAddress Address destination
      * @param amount Amount of tokens
@@ -483,7 +483,7 @@ contract PolygonZkEVMBridge is
      * Since the metadata has relevance in the address deployed, this function will not return a valid
      * wrapped address if the metadata provided is not the original one.
      * @param originNetwork Origin network
-     * @param originTokenAddress Origin token address, 0 address is reserved for ether
+     * @param originTokenAddress Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param name Name of the token
      * @param symbol Symbol of the token
      * @param decimals Decimals of the token
@@ -520,7 +520,7 @@ contract PolygonZkEVMBridge is
     /**
      * @notice Returns the address of a wrapper using the token information if already exist
      * @param originNetwork Origin network
-     * @param originTokenAddress Origin token address, 0 address is reserved for ether
+     * @param originTokenAddress Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      */
     function getTokenWrappedAddress(
         uint32 originNetwork,

contracts/interfaces/IBasePolygonZkEVMGlobalExitRoot.sol

@@ -13,6 +13,11 @@ interface IBasePolygonZkEVMGlobalExitRoot {
      */
     error OnlyGlobalExitRootUpdater();
 
+    /**
+     * @dev Thrown when the caller is not the globalExitRootRemover
+     */
+    error OnlyGlobalExitRootRemover();
+
     /**
      * @dev Thrown when trying to insert a global exit root that is already set
      */

contracts/mocks/DepositContractMock.sol

@@ -18,7 +18,7 @@ contract DepositContractMock is DepositContract {
      * @notice Given the leaf data returns the leaf value
      * @param leafType Leaf type
      * @param originNetwork Origin Network
-     * @param originTokenAddress Origin token address, 0 address is reserved for ether
+     * @param originTokenAddress Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param destinationNetwork Destination network
      * @param destinationAddress Destination address
      * @param amount Amount of tokens

contracts/mocks/PolygonZkEVMBridgeMock.sol

@@ -42,7 +42,7 @@ contract PolygonZkEVMBridgeMock is PolygonZkEVMBridge, OwnableUpgradeable {
      * @param destinationNetwork Network destination
      * @param destinationAddress Address destination
      * @param amount Amount of tokens
-     * @param token Token address, 0 address is reserved for ether
+     * @param token Token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param permitData Raw data of the call `permit` of the token
      */
     function bridgeAsset(

contracts/v2/PolygonZkEVMBridgeV2.sol

@@ -30,10 +30,10 @@ contract PolygonZkEVMBridgeV2 is
     }
 
     // bytes4(keccak256(bytes("permit(address,address,uint256,uint256,uint8,bytes32,bytes32)")));
-    bytes4 private constant _PERMIT_SIGNATURE = 0xd505accf;
+    bytes4 internal constant _PERMIT_SIGNATURE = 0xd505accf;
 
     // bytes4(keccak256(bytes("permit(address,address,uint256,uint256,bool,uint8,bytes32,bytes32)")));
-    bytes4 private constant _PERMIT_SIGNATURE_DAI = 0x8fcbaf0c;
+    bytes4 internal constant _PERMIT_SIGNATURE_DAI = 0x8fcbaf0c;
 
     // Mainnet identifier
     uint32 private constant _MAINNET_NETWORK_ID = 0;
@@ -48,7 +48,7 @@ contract PolygonZkEVMBridgeV2 is
     uint8 private constant _LEAF_TYPE_MESSAGE = 1;
 
     // Nullifier offset
-    uint256 private constant _MAX_LEAFS_PER_NETWORK = 2 ** 32;
+    uint256 internal constant _MAX_LEAFS_PER_NETWORK = 2 ** 32;
 
     // Indicate where's the mainnet flag bit in the global index
     uint256 private constant _GLOBAL_INDEX_MAINNET_FLAG = 2 ** 64;
@@ -205,7 +205,7 @@ contract PolygonZkEVMBridgeV2 is
      * @param destinationNetwork Network destination
      * @param destinationAddress Address destination
      * @param amount Amount of tokens
-     * @param token Token address, 0 address is reserved for ether
+     * @param token Token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param forceUpdateGlobalExitRoot Indicates if the new global exit root is updated or not
      * @param permitData Raw data of the call `permit` of the token
      */
@@ -689,7 +689,7 @@ contract PolygonZkEVMBridgeV2 is
      * Since the metadata has relevance in the address deployed, this function will not return a valid
      * wrapped address if the metadata provided is not the original one.
      * @param originNetwork Origin network
-     * @param originTokenAddress Origin token address, 0 address is reserved for ether
+     * @param originTokenAddress Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param name Name of the token
      * @param symbol Symbol of the token
      * @param decimals Decimals of the token
@@ -726,7 +726,7 @@ contract PolygonZkEVMBridgeV2 is
     /**
      * @notice Returns the address of a wrapper using the token information if already exist
      * @param originNetwork Origin network
-     * @param originTokenAddress Origin token address, 0 address is reserved for ether
+     * @param originTokenAddress Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      */
     function getTokenWrappedAddress(
         uint32 originNetwork,
@@ -839,7 +839,7 @@ contract PolygonZkEVMBridgeV2 is
     function isClaimed(
         uint32 leafIndex,
         uint32 sourceBridgeNetwork
-    ) external view returns (bool) {
+    ) external view virtual returns (bool) {
         uint256 globalIndex;
 
         // For consistency with the previous setted nullifiers
@@ -867,7 +867,7 @@ contract PolygonZkEVMBridgeV2 is
     function _setAndCheckClaimed(
         uint32 leafIndex,
         uint32 sourceBridgeNetwork
-    ) private {
+    ) internal virtual {
         uint256 globalIndex;
 
         // For consistency with the previous setted nullifiers
@@ -943,7 +943,7 @@ contract PolygonZkEVMBridgeV2 is
      */
     function _bitmapPositions(
         uint256 index
-    ) private pure returns (uint256 wordPos, uint256 bitPos) {
+    ) internal pure returns (uint256 wordPos, uint256 bitPos) {
         wordPos = uint248(index >> 8);
         bitPos = uint8(index);
     }
@@ -958,7 +958,7 @@ contract PolygonZkEVMBridgeV2 is
         address token,
         uint256 amount,
         bytes calldata permitData
-    ) internal {
+    ) internal virtual {
         bytes4 sig = bytes4(permitData[:4]);
         if (sig == _PERMIT_SIGNATURE) {
             (
@@ -1182,7 +1182,7 @@ contract PolygonZkEVMBridgeV2 is
      * Since the metadata has relevance in the address deployed, this function will not return a valid
      * wrapped address if the metadata provided is not the original one.
      * @param originNetwork Origin network
-     * @param originTokenAddress Origin token address, 0 address is reserved for ether
+     * @param originTokenAddress Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param token Address of the token to calculate the wrapper address
      */
     function calculateTokenWrapperAddress(

contracts/v2/PolygonZkEVMGlobalExitRootV2.sol

@@ -78,7 +78,7 @@ contract PolygonZkEVMGlobalExitRootV2 is
      * @param newRoot new exit tree root
      */
     function updateExitRoot(bytes32 newRoot) external {
-        // Store storage variables into temporal variables since will be used multiple times
+        // Store storage variables into temporary variables since will be used multiple times
         bytes32 cacheLastRollupExitRoot;
         bytes32 cacheLastMainnetExitRoot;
 
@@ -101,14 +101,14 @@ contract PolygonZkEVMGlobalExitRootV2 is
 
         // If it already exists, do not modify the blockhash
         if (globalExitRootMap[newGlobalExitRoot] == 0) {
-            uint64 currentTimestmap = uint64(block.timestamp);
+            uint64 currentTimestamp = uint64(block.timestamp);
 
             uint256 lastBlockHash = uint256(blockhash(block.number - 1));
             globalExitRootMap[newGlobalExitRoot] = lastBlockHash;
 
             // save new leaf in L1InfoTree
             _addLeaf(
-                getLeafValue(newGlobalExitRoot, lastBlockHash, currentTimestmap)
+                getLeafValue(newGlobalExitRoot, lastBlockHash, currentTimestamp)
             );
 
             // Get the current historic root
@@ -126,7 +126,7 @@ contract PolygonZkEVMGlobalExitRootV2 is
                 currentL1InfoRoot,
                 uint32(depositCount),
                 lastBlockHash,
-                currentTimestmap
+                currentTimestamp
             );
         }
     }
@@ -157,7 +157,7 @@ contract PolygonZkEVMGlobalExitRootV2 is
     /**
      * @notice Given the leaf data returns the leaf hash
      * @param newGlobalExitRoot Last global exit root
-     * @param lastBlockHash Last accesible block hash
+     * @param lastBlockHash Last accessible block hash
      * @param timestamp Ethereum timestamp in seconds
      */
     function getLeafValue(

contracts/v2/consensus/pessimistic/PolygonPessimisticConsensus.sol

@@ -14,7 +14,7 @@ contract PolygonPessimisticConsensus is
      * @param _globalExitRootManager Global exit root manager address
      * @param _pol POL token address
      * @param _bridgeAddress Bridge address
-     * @param _rollupManager Global exit root manager address
+     * @param _rollupManager Rollup manager address
      */
     constructor(
         IPolygonZkEVMGlobalExitRootV2 _globalExitRootManager,

contracts/v2/interfaces/IBridgeL2SovereignChains.sol

@@ -21,11 +21,6 @@ interface IBridgeL2SovereignChains is IPolygonZkEVMBridgeV2 {
      */
     error OnlyBridgeManager();
 
-    /**
-     * @dev Thrown when bridge manager address is invalid
-     */
-    error NotValidBridgeManager();
-
     /**
      * @dev Thrown when trying to remove a token mapping that has not been updated by a new one
      */
@@ -65,7 +60,15 @@ interface IBridgeL2SovereignChains is IPolygonZkEVMBridgeV2 {
      * @dev Thrown when trying to set a custom wrapper for weth on a gas token network
      */
     error WETHRemappingNotSupportedOnGasTokenNetworks();
+    /**
+     * @dev Thrown when trying to unset a not setted claim
+     */
+    error ClaimNotSet();
 
+    /**
+     * @dev Thrown when trying to activate emergency state in a not allowed bridge context (e.g. sovereign chains)
+     */
+    error EmergencyStateNotAllowed();
 
     function initialize(
         uint32 _networkID,

contracts/v2/lib/DepositContractV2.sol

@@ -13,7 +13,7 @@ contract DepositContractV2 is ReentrancyGuardUpgradeable, DepositContractBase {
      * @notice Given the leaf data returns the leaf value
      * @param leafType Leaf type -->  [0] transfer Ether / ERC20 tokens, [1] message
      * @param originNetwork Origin Network
-     * @param originAddress [0] Origin token address, 0 address is reserved for ether, [1] msg.sender of the message
+     * @param originAddress [0] Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token, [1] msg.sender of the message
      * @param destinationNetwork Destination network
      * @param destinationAddress Destination address
      * @param amount [0] Amount of tokens/ether, [1] Amount of ether

contracts/v2/mocks/BridgeReceiverMock.sol

@@ -59,7 +59,7 @@ contract BridgeReceiverMock {
      * @param mainnetExitRoot Mainnet exit root
      * @param rollupExitRoot Rollup exit root
      * @param originNetwork Origin network
-     * @param originTokenAddress  Origin token address, 0 address is reserved for ether
+     * @param originTokenAddress  Origin token address, 0 address is reserved for gas token address. If WETH address is zero, means this gas token is ether, else means is a custom erc20 gas token
      * @param destinationNetwork Network destination
      * @param destinationAddress Address destination
      * @param amount Amount of tokens

contracts/v2/newDeployments/PolygonRollupManagerNotUpgraded.sol

@@ -19,15 +19,9 @@ contract PolygonRollupManagerNotUpgraded is PolygonRollupManager {
 
     function initialize(
         address trustedAggregator,
-        uint64 _pendingStateTimeout,
-        uint64 _trustedAggregatorTimeout,
         address admin,
         address timelock,
-        address emergencyCouncil,
-        PolygonZkEVMExistentEtrog /*polygonZkEVM*/,
-        IVerifierRollup /*zkEVMVerifier*/,
-        uint64 /*zkEVMForkID*/,
-        uint64 /*zkEVMChainID*/
+        address emergencyCouncil
     ) external reinitializer(2) {
 
         // Constant deployment variables