Add kill switch functionality (#58)

zkemail · Nov 2, 2024 · e5144c6 · e5144c6
1 parent 313b48a
commit e5144c6
Show file tree

Hide file tree

Showing 56 changed files with 764 additions and 244 deletions.
diff --git a/script/BaseDeployScript.s.sol b/script/BaseDeployScript.s.sol
@@ -0,0 +1,61 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.25;
+
+/* solhint-disable no-console, gas-custom-errors */
+
+import { Script } from "forge-std/Script.sol";
+import { console } from "forge-std/console.sol";
+import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifier.sol";
+import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol";
+import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol";
+import { ERC1967Proxy } from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+
+contract BaseDeployScript is Script {
+    function run() public virtual { }
+
+    /**
+     * Helper function to deploy a Verifier
+     */
+    function deployVerifier(address initialOwner, uint256 salt) public returns (address) {
+        Verifier verifierImpl = new Verifier{ salt: bytes32(salt) }();
+        console.log("Verifier implementation deployed at: %s", address(verifierImpl));
+        Groth16Verifier groth16Verifier = new Groth16Verifier{ salt: bytes32(salt) }();
+        ERC1967Proxy verifierProxy = new ERC1967Proxy{ salt: bytes32(salt) }(
+            address(verifierImpl),
+            abi.encodeCall(verifierImpl.initialize, (initialOwner, address(groth16Verifier)))
+        );
+        address verifier = address(Verifier(address(verifierProxy)));
+        console.log("Deployed Verifier at", verifier);
+        return verifier;
+    }
+
+    /**
+     * Helper function to deploy a UserOverrideableDKIMRegistry
+     */
+    function deployUserOverrideableDKIMRegistry(
+        address initialOwner,
+        address dkimRegistrySigner,
+        uint256 setTimeDelay,
+        uint256 salt
+    )
+        public
+        returns (address)
+    {
+        require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required");
+        UserOverrideableDKIMRegistry overrideableDkimImpl =
+            new UserOverrideableDKIMRegistry{ salt: bytes32(salt) }();
+        console.log(
+            "UserOverrideableDKIMRegistry implementation deployed at: %s",
+            address(overrideableDkimImpl)
+        );
+        ERC1967Proxy dkimProxy = new ERC1967Proxy{ salt: bytes32(salt) }(
+            address(overrideableDkimImpl),
+            abi.encodeCall(
+                overrideableDkimImpl.initialize, (initialOwner, dkimRegistrySigner, setTimeDelay)
+            )
+        );
+        address dkim = address(dkimProxy);
+        console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", dkim);
+        return dkim;
+    }
+}
diff --git a/script/Deploy7579TestAccount.s.sol b/script/Deploy7579TestAccount.s.sol
@@ -51,7 +51,7 @@ contract Deploy7579TestAccountScript is RhinestoneModuleKit, Script {
 
     bytes4 public functionSelector = bytes4(keccak256(bytes("changeOwner(address)")));
 
-    uint salt = vm.envOr("CREATE2_SALT", uint(0));
+    uint256 public salt = vm.envOr("CREATE2_SALT", uint256(0));
 
     function run() public {
         privKey = vm.envUint("PRIVATE_KEY");

diff --git a/script/DeployEmailRecoveryModule.s.sol b/script/DeployEmailRecoveryModule.s.sol
@@ -3,66 +3,53 @@ pragma solidity ^0.8.25;
 
 /* solhint-disable no-console, gas-custom-errors */
 
-import { Script } from "forge-std/Script.sol";
 import { console } from "forge-std/console.sol";
 import { EmailRecoveryCommandHandler } from "src/handlers/EmailRecoveryCommandHandler.sol";
-import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifier.sol";
-import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol";
-import { ECDSAOwnedDKIMRegistry } from
-    "@zk-email/ether-email-auth-contracts/src/utils/ECDSAOwnedDKIMRegistry.sol";
 import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol";
 import { EmailAuth } from "@zk-email/ether-email-auth-contracts/src/EmailAuth.sol";
 import { EmailRecoveryFactory } from "src/factories/EmailRecoveryFactory.sol";
 import { OwnableValidator } from "src/test/OwnableValidator.sol";
-import { ERC1967Proxy } from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+import { BaseDeployScript } from "./BaseDeployScript.s.sol";
 
-contract DeployEmailRecoveryModuleScript is Script {
-    function run() public {
-        vm.startBroadcast(vm.envUint("PRIVATE_KEY"));
-        address verifier = vm.envOr("VERIFIER", address(0));
-        address dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0));
-        address emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0));
-        address validatorAddr = vm.envOr("VALIDATOR", address(0));
-        uint256 minimumDelay = vm.envOr("MINIMUM_DELAY", uint256(0));
+contract DeployEmailRecoveryModuleScript is BaseDeployScript {
+    address public verifier;
+    address public dkimRegistrySigner;
+    address public emailAuthImpl;
+    address public validatorAddr;
+    uint256 public minimumDelay;
+    address public killSwitchAuthorizer;
+
+    address public initialOwner;
+    uint256 public salt;
+
+    UserOverrideableDKIMRegistry public dkim;
 
-        address initialOwner = vm.addr(vm.envUint("PRIVATE_KEY"));
-        uint salt = vm.envOr("CREATE2_SALT", uint(0));
+    function run() public override {
+        super.run();
+        vm.startBroadcast(vm.envUint("PRIVATE_KEY"));
+        verifier = vm.envOr("VERIFIER", address(0));
+        dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0));
+        emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0));
+        validatorAddr = vm.envOr("VALIDATOR", address(0));
+        minimumDelay = vm.envOr("MINIMUM_DELAY", uint256(0));
+        killSwitchAuthorizer = vm.envAddress("KILL_SWITCH_AUTHORIZER");
 
-        UserOverrideableDKIMRegistry dkim;
+        initialOwner = vm.addr(vm.envUint("PRIVATE_KEY"));
+        salt = vm.envOr("CREATE2_SALT", uint256(0));
 
         if (verifier == address(0)) {
-            Verifier verifierImpl = new Verifier{ salt: bytes32(salt) }();
-            console.log("Verifier implementation deployed at: %s", address(verifierImpl));
-            Groth16Verifier groth16Verifier = new Groth16Verifier{ salt: bytes32(salt) }();
-            ERC1967Proxy verifierProxy = new ERC1967Proxy{ salt: bytes32(salt) }(
-                address(verifierImpl),
-                abi.encodeCall(verifierImpl.initialize, (initialOwner, address(groth16Verifier)))
-            );
-            verifier = address(Verifier(address(verifierProxy)));
-            vm.setEnv("VERIFIER", vm.toString(address(verifier)));
-            console.log("Deployed Verifier at", verifier);
+            verifier = deployVerifier(initialOwner, salt);
         }
 
         // Deploy Useroverridable DKIM registry
         dkim = UserOverrideableDKIMRegistry(vm.envOr("DKIM_REGISTRY", address(0)));
+        uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0));
         if (address(dkim) == address(0)) {
-            uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0));
-            require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required");
-            UserOverrideableDKIMRegistry overrideableDkimImpl = new UserOverrideableDKIMRegistry{ salt: bytes32(salt) }();
-            console.log(
-                "UserOverrideableDKIMRegistry implementation deployed at: %s",
-                address(overrideableDkimImpl)
-            );
-            ERC1967Proxy dkimProxy = new ERC1967Proxy{ salt: bytes32(salt) }(
-                address(overrideableDkimImpl),
-                abi.encodeCall(
-                    overrideableDkimImpl.initialize,
-                    (initialOwner, dkimRegistrySigner, setTimeDelay)
+            dkim = UserOverrideableDKIMRegistry(
+                deployUserOverrideableDKIMRegistry(
+                    initialOwner, dkimRegistrySigner, setTimeDelay, salt
                 )
             );
-            dkim = UserOverrideableDKIMRegistry(address(dkimProxy));
-            vm.setEnv("DKIM_REGISTRY", vm.toString(address(dkim)));
-            console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", address(dkim));
         }
 
         if (emailAuthImpl == address(0)) {
@@ -77,7 +64,8 @@ contract DeployEmailRecoveryModuleScript is Script {
 
         address _factory = vm.envOr("RECOVERY_FACTORY", address(0));
         if (_factory == address(0)) {
-            _factory = address(new EmailRecoveryFactory{ salt: bytes32(salt) }(verifier, emailAuthImpl));
+            _factory =
+                address(new EmailRecoveryFactory{ salt: bytes32(salt) }(verifier, emailAuthImpl));
             console.log("Deployed Email Recovery Factory at", _factory);
         }
         {
@@ -87,6 +75,7 @@ contract DeployEmailRecoveryModuleScript is Script {
                 bytes32(uint256(0)),
                 type(EmailRecoveryCommandHandler).creationCode,
                 minimumDelay,
+                killSwitchAuthorizer,
                 address(dkim),
                 validatorAddr,
                 bytes4(keccak256(bytes("changeOwner(address)")))

diff --git a/script/DeploySafeNativeRecovery.s.sol b/script/DeploySafeNativeRecovery.s.sol
@@ -3,69 +3,45 @@ pragma solidity ^0.8.25;
 
 /* solhint-disable no-console, gas-custom-errors */
 
-import { Script } from "forge-std/Script.sol";
 import { console } from "forge-std/console.sol";
-import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifier.sol";
-import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol";
-import { ECDSAOwnedDKIMRegistry } from
-    "@zk-email/ether-email-auth-contracts/src/utils/ECDSAOwnedDKIMRegistry.sol";
 import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol";
 import { EmailAuth } from "@zk-email/ether-email-auth-contracts/src/EmailAuth.sol";
 import { SafeRecoveryCommandHandler } from "src/handlers/SafeRecoveryCommandHandler.sol";
 import { SafeEmailRecoveryModule } from "src/modules/SafeEmailRecoveryModule.sol";
-import { ERC1967Proxy } from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+import { BaseDeployScript } from "./BaseDeployScript.s.sol";
 
-contract DeploySafeNativeRecovery_Script is Script {
-    function run() public {
+contract DeploySafeNativeRecovery_Script is BaseDeployScript {
+    function run() public override {
+        super.run();
         vm.startBroadcast(vm.envUint("PRIVATE_KEY"));
         address verifier = vm.envOr("ZK_VERIFIER", address(0));
         address dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0));
         address emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0));
         address commandHandler = vm.envOr("COMMAND_HANDLER", address(0));
         uint256 minimumDelay = vm.envOr("MINIMUM_DELAY", uint256(0));
+        address killSwitchAuthorizer = vm.envAddress("KILL_SWITCH_AUTHORIZER");
 
         address initialOwner = vm.addr(vm.envUint("PRIVATE_KEY"));
 
-        uint salt = vm.envOr("CREATE2_SALT", uint256(0));
+        uint256 salt = vm.envOr("CREATE2_SALT", uint256(0));
 
         console.log("verifier %s", verifier);
 
         UserOverrideableDKIMRegistry dkim;
 
         if (verifier == address(0)) {
-            Verifier verifierImpl = new Verifier{ salt: bytes32(salt) }();
-            console.log("Verifier implementation deployed at: %s", address(verifierImpl));
-            Groth16Verifier groth16Verifier = new Groth16Verifier{ salt: bytes32(salt) }();
-            ERC1967Proxy verifierProxy = new ERC1967Proxy{ salt: bytes32(salt) }(
-                address(verifierImpl),
-                abi.encodeCall(verifierImpl.initialize, (initialOwner, address(groth16Verifier)))
-            );
-            verifier = address(Verifier(address(verifierProxy)));
-            vm.setEnv("VERIFIER", vm.toString(address(verifier)));
-            console.log("Deployed Verifier at", verifier);
+            verifier = deployVerifier(initialOwner, salt);
         }
 
         // Deploy Useroverridable DKIM registry
         dkim = UserOverrideableDKIMRegistry(vm.envOr("DKIM_REGISTRY", address(0)));
         uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0));
         if (address(dkim) == address(0)) {
-            require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required");
-            UserOverrideableDKIMRegistry overrideableDkimImpl =
-                new UserOverrideableDKIMRegistry{ salt: bytes32(salt) }();
-            console.log(
-                "UserOverrideableDKIMRegistry implementation deployed at: %s",
-                address(overrideableDkimImpl)
-            );
-            ERC1967Proxy dkimProxy = new ERC1967Proxy{ salt: bytes32(salt) }(
-                address(overrideableDkimImpl),
-                abi.encodeCall(
-                    overrideableDkimImpl.initialize,
-                    (initialOwner, dkimRegistrySigner, setTimeDelay)
+            dkim = UserOverrideableDKIMRegistry(
+                deployUserOverrideableDKIMRegistry(
+                    initialOwner, dkimRegistrySigner, setTimeDelay, salt
                 )
             );
-            dkim = UserOverrideableDKIMRegistry(address(dkimProxy));
-            vm.setEnv("DKIM_REGISTRY", vm.toString(address(dkim)));
-            console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", address(dkim));
         }
 
         if (emailAuthImpl == address(0)) {
@@ -80,7 +56,12 @@ contract DeploySafeNativeRecovery_Script is Script {
 
         address module = address(
             new SafeEmailRecoveryModule{ salt: bytes32(salt) }(
-                verifier, address(dkim), emailAuthImpl, commandHandler, minimumDelay
+                verifier,
+                address(dkim),
+                emailAuthImpl,
+                commandHandler,
+                minimumDelay,
+                killSwitchAuthorizer
             )
         );
 

diff --git a/script/DeploySafeRecovery.s.sol b/script/DeploySafeRecovery.s.sol
@@ -3,74 +3,59 @@ pragma solidity ^0.8.25;
 
 /* solhint-disable no-console, gas-custom-errors */
 
-import { Script } from "forge-std/Script.sol";
 import { console } from "forge-std/console.sol";
 import { SafeRecoveryCommandHandler } from "src/handlers/SafeRecoveryCommandHandler.sol";
 import { EmailRecoveryUniversalFactory } from "src/factories/EmailRecoveryUniversalFactory.sol";
-import { Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Verifier.sol";
-import { Groth16Verifier } from "@zk-email/ether-email-auth-contracts/src/utils/Groth16Verifier.sol";
-import { ECDSAOwnedDKIMRegistry } from
-    "@zk-email/ether-email-auth-contracts/src/utils/ECDSAOwnedDKIMRegistry.sol";
-import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol";
 import { EmailAuth } from "@zk-email/ether-email-auth-contracts/src/EmailAuth.sol";
+import { UserOverrideableDKIMRegistry } from "@zk-email/contracts/UserOverrideableDKIMRegistry.sol";
 
 import { Safe7579 } from "safe7579/Safe7579.sol";
 import { Safe7579Launchpad } from "safe7579/Safe7579Launchpad.sol";
 import { IERC7484 } from "safe7579/interfaces/IERC7484.sol";
-import { ERC1967Proxy } from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+import { BaseDeployScript } from "./BaseDeployScript.s.sol";
 
 // 1. `source .env`
 // 2. `forge script --chain sepolia script/DeploySafeRecovery.s.sol:DeploySafeRecovery_Script
 // --rpc-url $BASE_SEPOLIA_RPC_URL --broadcast -vvvv`
-contract DeploySafeRecovery_Script is Script {
-    function run() public {
+contract DeploySafeRecovery_Script is BaseDeployScript {
+    address public verifier;
+    address public dkimRegistrySigner;
+    address public emailAuthImpl;
+    uint256 public minimumDelay;
+    address public killSwitchAuthorizer;
+
+    address public initialOwner;
+    uint256 public salt;
+
+    UserOverrideableDKIMRegistry public dkim;
+
+    function run() public override {
+        super.run();
         address entryPoint = address(0x0000000071727De22E5E9d8BAf0edAc6f37da032);
         IERC7484 registry = IERC7484(0xe0cde9239d16bEf05e62Bbf7aA93e420f464c826);
 
         vm.startBroadcast(vm.envUint("PRIVATE_KEY"));
-        address verifier = vm.envOr("VERIFIER", address(0));
-        address dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0));
-        address emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0));
-        uint256 minimumDelay = vm.envOr("MINIMUM_DELAY", uint256(0));
-
-        address initialOwner = vm.addr(vm.envUint("PRIVATE_KEY"));
-        uint256 salt = vm.envOr("CREATE2_SALT", uint256(0));
-
-        UserOverrideableDKIMRegistry dkim;
+        verifier = vm.envOr("VERIFIER", address(0));
+        dkimRegistrySigner = vm.envOr("DKIM_REGISTRY_SIGNER", address(0));
+        emailAuthImpl = vm.envOr("EMAIL_AUTH_IMPL", address(0));
+        minimumDelay = vm.envOr("MINIMUM_DELAY", uint256(0));
+        killSwitchAuthorizer = vm.envAddress("KILL_SWITCH_AUTHORIZER");
+        initialOwner = vm.addr(vm.envUint("PRIVATE_KEY"));
+        salt = vm.envOr("CREATE2_SALT", uint256(0));
 
         if (verifier == address(0)) {
-            Verifier verifierImpl = new Verifier{ salt: bytes32(salt) }();
-            console.log("Verifier implementation deployed at: %s", address(verifierImpl));
-            Groth16Verifier groth16Verifier = new Groth16Verifier{ salt: bytes32(salt) }();
-            ERC1967Proxy verifierProxy = new ERC1967Proxy{ salt: bytes32(salt) }(
-                address(verifierImpl),
-                abi.encodeCall(verifierImpl.initialize, (initialOwner, address(groth16Verifier)))
-            );
-            verifier = address(Verifier(address(verifierProxy)));
-            vm.setEnv("VERIFIER", vm.toString(address(verifier)));
-            console.log("Deployed Verifier at", verifier);
+            verifier = deployVerifier(initialOwner, salt);
         }
 
         // Deploy Useroverridable DKIM registry
         dkim = UserOverrideableDKIMRegistry(vm.envOr("DKIM_REGISTRY", address(0)));
         uint256 setTimeDelay = vm.envOr("DKIM_DELAY", uint256(0));
         if (address(dkim) == address(0)) {
-            require(dkimRegistrySigner != address(0), "DKIM_REGISTRY_SIGNER is required");
-            UserOverrideableDKIMRegistry overrideableDkimImpl = new UserOverrideableDKIMRegistry{ salt: bytes32(salt) }();
-            console.log(
-                "UserOverrideableDKIMRegistry implementation deployed at: %s",
-                address(overrideableDkimImpl)
-            );
-            ERC1967Proxy dkimProxy = new ERC1967Proxy{ salt: bytes32(salt) }(
-                address(overrideableDkimImpl),
-                abi.encodeCall(
-                    overrideableDkimImpl.initialize,
-                    (initialOwner, dkimRegistrySigner, setTimeDelay)
+            dkim = UserOverrideableDKIMRegistry(
+                deployUserOverrideableDKIMRegistry(
+                    initialOwner, dkimRegistrySigner, setTimeDelay, salt
                 )
             );
-            dkim = UserOverrideableDKIMRegistry(address(dkimProxy));
-            vm.setEnv("DKIM_REGISTRY", vm.toString(address(dkim)));
-            console.log("UseroverrideableDKIMRegistry proxy deployed at: %s", address(dkim));
         }
 
         if (emailAuthImpl == address(0)) {
@@ -85,6 +70,7 @@ contract DeploySafeRecovery_Script is Script {
             bytes32(salt),
             type(SafeRecoveryCommandHandler).creationCode,
             minimumDelay,
+            killSwitchAuthorizer,
             address(dkim)
         );