feat: incident response improvements

First half of the original incident response improvements PR.

Author: smartcontracts

packages/contracts-bedrock/interfaces/dispute/IAnchorStateRegistry.sol

@@ -10,9 +10,7 @@ import { GameType, Hash, OutputRoot } from "src/dispute/lib/Types.sol";
 
 interface IAnchorStateRegistry {
     error InvalidAnchorGame(string reason);
-    error Unauthorized();
 
-    event AnchorNotUpdated(IFaultDisputeGame indexed game, string reason);
     event AnchorUpdated(IFaultDisputeGame indexed game);
     event Initialized(uint8 version);
 
@@ -25,11 +23,15 @@ interface IAnchorStateRegistry {
     function isGameBlacklisted(IDisputeGame _game) external view returns (bool);
     function isGameRespected(IDisputeGame _game) external view returns (bool);
     function isGameRetired(IDisputeGame _game) external view returns (bool);
+    function isGameResolved(IDisputeGame _game) external view returns (bool);
+    function isGameBeyondAirgap(IDisputeGame _game) external view returns (bool);
     function isGameProper(IDisputeGame _game) external view returns (bool, string memory);
+    function isGameFinalized(IDisputeGame _game) external view returns (bool, string memory);
+    function isGameClaimValid(IDisputeGame _game) external view returns (bool, string memory);
     function portal() external view returns (IOptimismPortal2);
-    function setAnchorState(IFaultDisputeGame _game) external;
+    function respectedGameType() external view returns (GameType);
+    function setAnchorState(IDisputeGame _game) external;
     function superchainConfig() external view returns (ISuperchainConfig);
-    function tryUpdateAnchorState() external;
     function version() external view returns (string memory);
 
     function __constructor__() external;

packages/contracts-bedrock/interfaces/dispute/IDelayedWETH.sol

@@ -11,13 +11,13 @@ interface IDelayedWETH {
 
     event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
     event Initialized(uint8 version);
-    event Unwrap(address indexed src, uint256 wad);
 
     fallback() external payable;
     receive() external payable;
 
     function config() external view returns (ISuperchainConfig);
     function delay() external view returns (uint256);
+    function hold(address _guy) external;
     function hold(address _guy, uint256 _wad) external;
     function initialize(address _owner, ISuperchainConfig _config) external;
     function owner() external view returns (address);

packages/contracts-bedrock/interfaces/dispute/IDisputeGame.sol

@@ -14,7 +14,9 @@ interface IDisputeGame is IInitializable {
     function gameCreator() external pure returns (address creator_);
     function rootClaim() external pure returns (Claim rootClaim_);
     function l1Head() external pure returns (Hash l1Head_);
+    function l2BlockNumber() external pure returns (uint256 l2BlockNumber_);
     function extraData() external pure returns (bytes memory extraData_);
     function resolve() external returns (GameStatus status_);
     function gameData() external view returns (GameType gameType_, Claim rootClaim_, bytes memory extraData_);
+    function wasRespectedGameTypeWhenCreated() external view returns (bool);
 }

packages/contracts-bedrock/interfaces/dispute/IFaultDisputeGame.sol

@@ -6,7 +6,7 @@ import { IDelayedWETH } from "interfaces/dispute/IDelayedWETH.sol";
 import { IAnchorStateRegistry } from "interfaces/dispute/IAnchorStateRegistry.sol";
 import { IBigStepper } from "interfaces/dispute/IBigStepper.sol";
 import { Types } from "src/libraries/Types.sol";
-import { GameType, Claim, Position, Clock, Hash, Duration } from "src/dispute/lib/Types.sol";
+import { GameType, Claim, Position, Clock, Hash, Duration, BondDistributionMode } from "src/dispute/lib/Types.sol";
 
 interface IFaultDisputeGame is IDisputeGame {
     struct ClaimData {
@@ -74,13 +74,19 @@ interface IFaultDisputeGame is IDisputeGame {
     error UnexpectedRootClaim(Claim rootClaim);
     error UnexpectedString();
     error ValidStep();
+    error InvalidBondDistributionMode();
+    error GameNotFinalized(string reason);
+    error GameNotResolved();
+    error ReservedGameType();
 
     event Move(uint256 indexed parentIndex, Claim indexed claim, address indexed claimant);
+    event GameClosed(BondDistributionMode bondDistributionMode);
 
     function absolutePrestate() external view returns (Claim absolutePrestate_);
     function addLocalData(uint256 _ident, uint256 _execLeafIdx, uint256 _partOffset) external;
     function anchorStateRegistry() external view returns (IAnchorStateRegistry registry_);
     function attack(Claim _disputed, uint256 _parentIndex, Claim _claim) external payable;
+    function bondDistributionMode() external view returns (BondDistributionMode);
     function challengeRootL2Block(Types.OutputRootProof memory _outputRootProof, bytes memory _headerRLP) external;
     function claimCredit(address _recipient) external;
     function claimData(uint256)
@@ -98,18 +104,21 @@ interface IFaultDisputeGame is IDisputeGame {
     function claimDataLen() external view returns (uint256 len_);
     function claims(Hash) external view returns (bool);
     function clockExtension() external view returns (Duration clockExtension_);
+    function closeGame() external;
     function credit(address) external view returns (uint256);
     function defend(Claim _disputed, uint256 _parentIndex, Claim _claim) external payable;
     function getChallengerDuration(uint256 _claimIndex) external view returns (Duration duration_);
     function getNumToResolve(uint256 _claimIndex) external view returns (uint256 numRemainingChildren_);
     function getRequiredBond(Position _position) external view returns (uint256 requiredBond_);
+    function hasUnlockedCredit(address) external view returns (bool);
     function l2BlockNumber() external pure returns (uint256 l2BlockNumber_);
     function l2BlockNumberChallenged() external view returns (bool);
     function l2BlockNumberChallenger() external view returns (address);
     function l2ChainId() external view returns (uint256 l2ChainId_);
     function maxClockDuration() external view returns (Duration maxClockDuration_);
     function maxGameDepth() external view returns (uint256 maxGameDepth_);
     function move(Claim _disputed, uint256 _challengeIndex, Claim _claim, bool _isAttack) external payable;
+    function refundModeCredit(address) external view returns (uint256);
     function resolutionCheckpoints(uint256)
         external
         view
@@ -124,6 +133,7 @@ interface IFaultDisputeGame is IDisputeGame {
     function subgames(uint256, uint256) external view returns (uint256);
     function version() external view returns (string memory);
     function vm() external view returns (IBigStepper vm_);
+    function wasRespectedGameTypeWhenCreated() external view returns (bool);
     function weth() external view returns (IDelayedWETH weth_);
 
     function __constructor__(GameConstructorParams memory _params) external;

packages/contracts-bedrock/interfaces/dispute/IPermissionedDisputeGame.sol

@@ -2,7 +2,7 @@
 pragma solidity ^0.8.0;
 
 import { Types } from "src/libraries/Types.sol";
-import { Claim, Position, Clock, Hash, Duration } from "src/dispute/lib/Types.sol";
+import { Claim, Position, Clock, Hash, Duration, BondDistributionMode } from "src/dispute/lib/Types.sol";
 
 import { IAnchorStateRegistry } from "interfaces/dispute/IAnchorStateRegistry.sol";
 import { IDelayedWETH } from "interfaces/dispute/IDelayedWETH.sol";
@@ -63,13 +63,19 @@ interface IPermissionedDisputeGame is IDisputeGame {
     error UnexpectedRootClaim(Claim rootClaim);
     error UnexpectedString();
     error ValidStep();
+    error InvalidBondDistributionMode();
+    error GameNotFinalized(string reason);
+    error GameNotResolved();
+    error ReservedGameType();
 
     event Move(uint256 indexed parentIndex, Claim indexed claim, address indexed claimant);
+    event GameClosed(BondDistributionMode bondDistributionMode);
 
     function absolutePrestate() external view returns (Claim absolutePrestate_);
     function addLocalData(uint256 _ident, uint256 _execLeafIdx, uint256 _partOffset) external;
     function anchorStateRegistry() external view returns (IAnchorStateRegistry registry_);
     function attack(Claim _disputed, uint256 _parentIndex, Claim _claim) external payable;
+    function bondDistributionMode() external view returns (BondDistributionMode);
     function challengeRootL2Block(Types.OutputRootProof memory _outputRootProof, bytes memory _headerRLP) external;
     function claimCredit(address _recipient) external;
     function claimData(uint256)
@@ -87,18 +93,21 @@ interface IPermissionedDisputeGame is IDisputeGame {
     function claimDataLen() external view returns (uint256 len_);
     function claims(Hash) external view returns (bool);
     function clockExtension() external view returns (Duration clockExtension_);
+    function closeGame() external;
     function credit(address) external view returns (uint256);
     function defend(Claim _disputed, uint256 _parentIndex, Claim _claim) external payable;
     function getChallengerDuration(uint256 _claimIndex) external view returns (Duration duration_);
     function getNumToResolve(uint256 _claimIndex) external view returns (uint256 numRemainingChildren_);
     function getRequiredBond(Position _position) external view returns (uint256 requiredBond_);
+    function hasUnlockedCredit(address) external view returns (bool);
     function l2BlockNumber() external pure returns (uint256 l2BlockNumber_);
     function l2BlockNumberChallenged() external view returns (bool);
     function l2BlockNumberChallenger() external view returns (address);
     function l2ChainId() external view returns (uint256 l2ChainId_);
     function maxClockDuration() external view returns (Duration maxClockDuration_);
     function maxGameDepth() external view returns (uint256 maxGameDepth_);
     function move(Claim _disputed, uint256 _challengeIndex, Claim _claim, bool _isAttack) external payable;
+    function refundModeCredit(address) external view returns (uint256);
     function resolutionCheckpoints(uint256)
         external
         view
@@ -113,6 +122,7 @@ interface IPermissionedDisputeGame is IDisputeGame {
     function subgames(uint256, uint256) external view returns (uint256);
     function version() external view returns (string memory);
     function vm() external view returns (IBigStepper vm_);
+    function wasRespectedGameTypeWhenCreated() external view returns (bool);
     function weth() external view returns (IDelayedWETH weth_);
 
     error BadAuth();

packages/contracts-bedrock/src/L1/OptimismPortal2.sol

@@ -657,9 +657,16 @@ contract OptimismPortal2 is Initializable, ResourceMetering, ISemver {
     /// @param _gameType The game type to consult for output proposals.
     function setRespectedGameType(GameType _gameType) external {
         if (msg.sender != guardian()) revert Unauthorized();
-        respectedGameType = _gameType;
-        respectedGameTypeUpdatedAt = uint64(block.timestamp);
-        emit RespectedGameTypeSet(_gameType, Timestamp.wrap(respectedGameTypeUpdatedAt));
+        // respectedGameTypeUpdatedAt is now no longer set by default. We want to avoid modifying
+        // this function's signature as that would result in changes to the DeputyGuardianModule.
+        // We use type(uint32).max as a temporary solution to allow us to update the
+        // respectedGameTypeUpdatedAt timestamp without modifying this function's signature.
+        if (_gameType.raw() == type(uint32).max) {
+            respectedGameTypeUpdatedAt = uint64(block.timestamp);
+        } else {
+            respectedGameType = _gameType;
+            emit RespectedGameTypeSet(_gameType, Timestamp.wrap(respectedGameTypeUpdatedAt));
+        }
     }
 
     /// @notice Checks if a withdrawal can be finalized. This function will revert if the withdrawal cannot be
@@ -704,6 +711,12 @@ contract OptimismPortal2 is Initializable, ResourceMetering, ISemver {
         // the withdrawal was proven.
         if (disputeGameProxy.gameType().raw() != respectedGameType.raw()) revert InvalidGameType();
 
+        // The game type of the dispute game must have been the respected game type at creation
+        // time. We check that the game type is the respected game type at proving time, but it's
+        // possible that the respected game type has since changed. Users can still use this game
+        // to finalize a withdrawal as long as it has not been otherwise invalidated.
+        if (!disputeGameProxy.wasRespectedGameTypeWhenCreated()) revert InvalidGameType();
+
         // The game must have been created after `respectedGameTypeUpdatedAt`. This is to prevent users from creating
         // invalid disputes against a deployed game type while the off-chain challenge agents are not watching.
         require(

packages/contracts-bedrock/src/dispute/AnchorStateRegistry.sol

@@ -43,9 +43,6 @@ contract AnchorStateRegistry is Initializable, ISemver {
     /// @notice The starting anchor root.
     OutputRoot internal startingAnchorRoot;
 
-    /// @notice Emitted when an anchor state is not updated.
-    event AnchorNotUpdated(IFaultDisputeGame indexed game, string reason);
-
     /// @notice Emitted when an anchor state is updated.
     event AnchorUpdated(IFaultDisputeGame indexed game);
 
@@ -74,6 +71,12 @@ contract AnchorStateRegistry is Initializable, ISemver {
         startingAnchorRoot = _startingAnchorRoot;
     }
 
+    /// @notice Returns the respected game type.
+    /// @return The respected game type.
+    function respectedGameType() public view returns (GameType) {
+        return portal.respectedGameType();
+    }
+
     /// @custom:legacy
     /// @notice Returns the anchor root. Note that this is a legacy deprecated function and will
     ///         be removed in a future release. Use getAnchorRoot() instead. Anchor roots are no
@@ -114,7 +117,7 @@ contract AnchorStateRegistry is Initializable, ISemver {
     /// @param _game The game to check.
     /// @return Whether the game is of a respected game type.
     function isGameRespected(IDisputeGame _game) public view returns (bool) {
-        return _game.gameType().raw() == portal.respectedGameType().raw();
+        return _game.wasRespectedGameTypeWhenCreated();
     }
 
     /// @notice Determines whether a game is blacklisted.
@@ -131,6 +134,21 @@ contract AnchorStateRegistry is Initializable, ISemver {
         return _game.createdAt().raw() < portal.respectedGameTypeUpdatedAt();
     }
 
+    /// @notice Returns whether a game is resolved.
+    /// @param _game The game to check.
+    /// @return Whether the game is resolved.
+    function isGameResolved(IDisputeGame _game) public view returns (bool) {
+        return _game.resolvedAt().raw() != 0
+            && (_game.status() == GameStatus.DEFENDER_WINS || _game.status() == GameStatus.CHALLENGER_WINS);
+    }
+
+    /// @notice Returns whether a game is beyond the airgap period.
+    /// @param _game The game to check.
+    /// @return Whether the game is beyond the airgap period.
+    function isGameBeyondAirgap(IDisputeGame _game) public view returns (bool) {
+        return block.timestamp - _game.resolvedAt().raw() > portal.disputeGameFinalityDelaySeconds();
+    }
+
     /// @notice Determines whether a game resolved properly and the game was not subject to any
     ///         invalidation conditions. The root claim of a proper game IS NOT guaranteed to be
     ///         valid. The root claim of a proper game CAN BE incorrect and still be a proper game.
@@ -160,56 +178,73 @@ contract AnchorStateRegistry is Initializable, ISemver {
         return (true, "");
     }
 
-    /// @notice Callable by FaultDisputeGame contracts to update the anchor state. Pulls the anchor state directly from
-    ///         the FaultDisputeGame contract and stores it in the registry if the new anchor state is valid and the
-    ///         state is newer than the current anchor state.
-    function tryUpdateAnchorState() external {
-        // Grab the game.
-        IFaultDisputeGame game = IFaultDisputeGame(msg.sender);
-
-        // Check if the game is a proper game.
-        (bool isProper, string memory reason) = isGameProper(game);
-        if (!isProper) {
-            emit AnchorNotUpdated(game, reason);
-            return;
+    /// @notice Returns whether a game is finalized.
+    /// @param _game The game to check.
+    /// @return Whether the game is finalized.
+    /// @return Reason why the game is not finalized.
+    function isGameFinalized(IDisputeGame _game) public view returns (bool, string memory) {
+        // Game must be resolved.
+        if (!isGameResolved(_game)) {
+            return (false, "game not resolved");
         }
 
-        // Must be a game that resolved in favor of the state.
-        if (game.status() != GameStatus.DEFENDER_WINS) {
-            emit AnchorNotUpdated(game, "game not defender wins");
-            return;
+        // Game must be beyond the airgap period.
+        if (!isGameBeyondAirgap(_game)) {
+            return (false, "game not beyond airgap period");
         }
 
-        // No need to update anything if the anchor state is already newer.
-        (, uint256 anchorL2BlockNumber) = getAnchorRoot();
-        if (game.l2BlockNumber() <= anchorL2BlockNumber) {
-            emit AnchorNotUpdated(game, "game not newer than anchor state");
-            return;
+        return (true, "");
+    }
+
+    /// @notice Returns whether a game's root claim is valid.
+    /// @param _game The game to check.
+    /// @return Whether the game's root claim is valid.
+    /// @return Reason why the game's root claim is not valid.
+    function isGameClaimValid(IDisputeGame _game) public view returns (bool, string memory) {
+        // Game must be a proper game.
+        (bool properGame, string memory notProperGameReason) = isGameProper(_game);
+        if (!properGame) {
+            return (false, notProperGameReason);
         }
 
-        // Update the anchor game.
-        anchorGame = game;
-        emit AnchorUpdated(game);
-    }
+        // Game must be finalized.
+        (bool finalized, string memory notFinalizedReason) = isGameFinalized(_game);
+        if (!finalized) {
+            return (false, notFinalizedReason);
+        }
+
+        // Game must be resolved in favor of the defender.
+        if (_game.status() != GameStatus.DEFENDER_WINS) {
+            return (false, "game not defender wins");
+        }
 
-    /// @notice Sets the anchor state given the game.
-    /// @param _game The game to set the anchor state for.
-    function setAnchorState(IFaultDisputeGame _game) external {
-        if (msg.sender != superchainConfig.guardian()) revert Unauthorized();
+        return (true, "");
+    }
 
-        // Check if the game is a proper game.
-        (bool isProper, string memory reason) = isGameProper(_game);
-        if (!isProper) {
+    /// @notice Updates the anchor game.
+    /// @param _game New candidate anchor game.
+    function setAnchorState(IDisputeGame _game) public {
+        // Convert game to FaultDisputeGame.
+        // We can't use FaultDisputeGame in the interface because this function is called from the
+        // FaultDisputeGame contract which can't import IFaultDisputeGame by convention. We should
+        // likely introduce a new interface (e.g., StateDisputeGame) that can act as a more useful
+        // version of IDisputeGame in the future.
+        IFaultDisputeGame game = IFaultDisputeGame(address(_game));
+
+        // Check if the candidate game is valid.
+        (bool valid, string memory reason) = isGameClaimValid(game);
+        if (!valid) {
             revert InvalidAnchorGame(reason);
         }
 
-        // The game must have resolved in favor of the root claim.
-        if (_game.status() != GameStatus.DEFENDER_WINS) {
-            revert InvalidAnchorGame("game not defender wins");
+        // No need to update anything if the anchor state is already newer.
+        (, uint256 anchorL2BlockNumber) = getAnchorRoot();
+        if (game.l2BlockNumber() <= anchorL2BlockNumber) {
+            revert InvalidAnchorGame("game not newer than anchor state");
         }
 
         // Update the anchor game.
-        anchorGame = _game;
-        emit AnchorUpdated(_game);
+        anchorGame = game;
+        emit AnchorUpdated(game);
     }
 }