smartcontractkit · RensR · Sep 17, 2024 · Sep 18, 2024 · Sep 19, 2024 · Sep 19, 2024
diff --git a/contracts/gas-snapshots/ccip.gas-snapshot b/contracts/gas-snapshots/ccip.gas-snapshot
@@ -809,6 +809,32 @@ PingPong_plumbing:test_OutOfOrderExecution_Success() (gas: 20310)
 PingPong_plumbing:test_Pausing_Success() (gas: 17810)
 PingPong_startPingPong:test_StartPingPong_With_OOO_Success() (gas: 162091)
 PingPong_startPingPong:test_StartPingPong_With_Sequenced_Ordered_Success() (gas: 181509)
+RMNHome_promoteSecondaryAndRevokePrimary:test_promoteSecondaryAndRevokePrimary_OnlyOwner_reverts() (gas: 10885)
+RMNHome_promoteSecondaryAndRevokePrimary:test_promoteSecondaryAndRevokePrimary_OnlyOwner_reverts() (gas: 10997)
+RMNHome_promoteSecondaryAndRevokePrimary:test_promoteSecondaryAndRevokePrimary_success() (gas: 209)
+RMNHome_promoteSecondaryAndRevokePrimary:test_promoteSecondaryAndRevokePrimary_success() (gas: 209)
+RMNHome_revokeSecondary:test_revokeSecondary_ConfigDigestMismatch_reverts() (gas: 19344)
+RMNHome_revokeSecondary:test_revokeSecondary_ConfigDigestMismatch_reverts() (gas: 19344)
+RMNHome_revokeSecondary:test_revokeSecondary_OnlyOwner_reverts() (gas: 10890)
+RMNHome_revokeSecondary:test_revokeSecondary_OnlyOwner_reverts() (gas: 10912)
+RMNHome_revokeSecondary:test_revokeSecondary_success() (gas: 27088)
+RMNHome_revokeSecondary:test_revokeSecondary_success() (gas: 28943)
+RMNHome_setDynamicConfig:test_setDynamicConfig_DigestNotFound_reverts() (gas: 33356)
+RMNHome_setDynamicConfig:test_setDynamicConfig_MinObserversTooHigh_reverts() (gas: 20467)
+RMNHome_setDynamicConfig:test_setDynamicConfig_OnlyOwner_reverts() (gas: 11812)
+RMNHome_setDynamicConfig:test_setDynamicConfig_OnlyOwner_reverts() (gas: 15502)
+RMNHome_setDynamicConfig:test_setDynamicConfig_success() (gas: 133259)
+RMNHome_setDynamicConfig:test_setDynamicConfig_success() (gas: 63157)
+RMNHome_setSecondary:test_setSecondary_DuplicateOffchainPublicKey_reverts() (gas: 20872)
+RMNHome_setSecondary:test_setSecondary_DuplicatePeerId_reverts() (gas: 20666)
+RMNHome_setSecondary:test_setSecondary_DuplicateSourceChain_reverts() (gas: 24457)
+RMNHome_setSecondary:test_setSecondary_MinObserversTooHigh_reverts() (gas: 24896)
+RMNHome_setSecondary:test_setSecondary_OnlyOwner_reverts() (gas: 12661)
+RMNHome_setSecondary:test_setSecondary_OnlyOwner_reverts() (gas: 18048)
+RMNHome_setSecondary:test_setSecondary_OutOfBoundsNodesLength_reverts() (gas: 186804)
+RMNHome_setSecondary:test_setSecondary_OutOfBoundsObserverNodeIndex_reverts() (gas: 24601)
+RMNHome_setSecondary:test_setSecondary_success() (gas: 282455)
+RMNHome_setSecondary:test_setSecondary_success() (gas: 820695)
 RMNRemote_constructor:test_constructor_success() (gas: 8334)
 RMNRemote_constructor:test_constructor_zeroChainSelector_reverts() (gas: 59165)
 RMNRemote_curse:test_curse_AlreadyCursed_duplicateSubject_reverts() (gas: 154457)

diff --git a/contracts/src/v0.8/ccip/capability/HomeBase.sol b/contracts/src/v0.8/ccip/capability/HomeBase.sol
@@ -0,0 +1,236 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity 0.8.24;
+
+import {ITypeAndVersion} from "../../shared/interfaces/ITypeAndVersion.sol";
+
+import {OwnerIsCreator} from "../../shared/access/OwnerIsCreator.sol";
+
+abstract contract HomeBase is OwnerIsCreator, ITypeAndVersion {
+  event ConfigSet(StoredConfig versionedConfig);
+  event ConfigRevoked(bytes32 indexed configDigest);
+  event DynamicConfigSet(bytes32 indexed configDigest, bytes dynamicConfig);
+  event ConfigPromoted(bytes32 indexed configDigest);
+
+  error ConfigDigestMismatch(bytes32 expectedConfigDigest, bytes32 gotConfigDigest);
+  error DigestNotFound(bytes32 configDigest);
+  error ZeroAddressNotAllowed();
+  error OnlyCapabilitiesRegistryCanCall();
+  error OnlyOwnerOrSelfCallAllowed();
+
+  /// @notice Used for encoding the config digest prefix
+  uint256 private constant PREFIX_MASK = type(uint256).max << (256 - 16); // 0xFFFF00..00
+  /// @notice The max number of configs that can be active at the same time.
+  uint256 private constant MAX_CONCURRENT_CONFIGS = 2;
+  /// @notice Helper to identify the zero config digest with less casting.
+  bytes32 private constant ZERO_DIGEST = bytes32(uint256(0));
+
+  /// @notice This array holds the configs.
+  /// @dev Value i in this array is valid iff s_configs[i].configDigest != 0.
+  mapping(bytes32 pluginKey => StoredConfig[MAX_CONCURRENT_CONFIGS]) private s_configs;
+
+  /// @notice The total number of configs ever set, used for generating the version of the configs.
+  uint32 private s_configCount = 0;
+  /// @notice The index of the primary config.
+  uint32 private s_primaryConfigIndex = 0;
+
+  struct StoredConfig {
+    bytes32 configDigest;
+    uint32 version;
+    bytes staticConfig;
+    bytes dynamicConfig;
+  }
+
+  function _validateStaticAndDynamicConfig(bytes memory staticConfig, bytes memory dynamicConfig) internal view virtual;
+
+  function _validateDynamicConfig(bytes memory staticConfig, bytes memory dynamicConfig) internal view virtual;
+
+  function _getConfigDigestPrefix() internal pure virtual returns (uint256);
+
+  // ================================================================
+  // │                          Getters                             │
+  // ================================================================
+
+  /// @notice Returns the current primary and secondary config digests.
+  /// @dev Can be bytes32(0) if no config has been set yet or it has been revoked.
+  /// @return primaryConfigDigest The digest of the primary config.
+  /// @return secondaryConfigDigest The digest of the secondary config.
+  function getConfigDigests(
+    bytes32 pluginKey
+  ) external view returns (bytes32 primaryConfigDigest, bytes32 secondaryConfigDigest) {
+    return (
+      s_configs[pluginKey][s_primaryConfigIndex].configDigest,
+      s_configs[pluginKey][s_primaryConfigIndex ^ 1].configDigest
+    );
+  }
+
+  function getPrimaryDigest(bytes32 pluginKey) public view returns (bytes32) {
+    return s_configs[pluginKey][s_primaryConfigIndex].configDigest;
+  }
+
+  function getSecondaryDigest(bytes32 pluginKey) public view returns (bytes32) {
+    return s_configs[pluginKey][s_primaryConfigIndex ^ 1].configDigest;
+  }
+
+  /// @notice Returns the stored config for a given digest. Will always return an empty config if the digest is the zero
+  /// digest. This is done to prevent exposing old config state that is invalid.
+  function _getStoredConfig(
+    bytes32 pluginKey,
+    bytes32 configDigest
+  ) internal view returns (StoredConfig memory storedConfig, bool ok) {
+    for (uint256 i = 0; i < MAX_CONCURRENT_CONFIGS; ++i) {
+      // We never want to return true for a zero digest, even if the caller is asking for it, as this can expose old
+      // config state that is invalid.
+      if (s_configs[pluginKey][i].configDigest == configDigest && configDigest != ZERO_DIGEST) {
+        return (s_configs[pluginKey][i], true);
+      }
+    }
+    return (storedConfig, false);
+  }
+
+  function _getPrimaryStoredConfig(
+    bytes32 pluginKey
+  ) internal view returns (StoredConfig memory primaryConfig, bool ok) {
+    if (s_configs[pluginKey][s_primaryConfigIndex].configDigest == ZERO_DIGEST) {
+      return (StoredConfig(ZERO_DIGEST, 0, "", ""), false);
+    }
+
+    return (s_configs[pluginKey][s_primaryConfigIndex], true);
+  }
+
+  function _getSecondaryStoredConfig(
+    bytes32 pluginKey
+  ) internal view returns (StoredConfig memory secondaryConfig, bool ok) {
+    if (s_configs[pluginKey][s_primaryConfigIndex ^ 1].configDigest == ZERO_DIGEST) {
+      return (StoredConfig(ZERO_DIGEST, 0, "", ""), false);
+    }
+
+    return (s_configs[pluginKey][s_primaryConfigIndex ^ 1], true);
+  }
+
+  // ================================================================
+  // │                     State transitions                        │
+  // ================================================================
+
+  /// @notice Sets a new config as the secondary config. Does not influence the primary config.
+  /// @param digestToOverwrite The digest of the config to overwrite, or ZERO_DIGEST if no config is to be overwritten.
+  /// This is done to prevent accidental overwrites.
+  function setSecondary(
+    bytes32 pluginKey,
+    bytes calldata encodedStaticConfig,
+    bytes calldata encodedDynamicConfig,
+    bytes32 digestToOverwrite
+  ) external OnlyOwnerOrSelfCall returns (bytes32 newConfigDigest) {
+    _validateStaticAndDynamicConfig(encodedStaticConfig, encodedDynamicConfig);
+
+    bytes32 existingDigest = getSecondaryDigest(pluginKey);
+
+    if (existingDigest != digestToOverwrite) {
+      revert ConfigDigestMismatch(existingDigest, digestToOverwrite);
+    }
+
+    // are we going to overwrite a config? If so, emit an event.
+    if (existingDigest != ZERO_DIGEST) {
+      emit ConfigRevoked(digestToOverwrite);
+    }
+
+    uint32 newVersion = ++s_configCount;
+    newConfigDigest = _calculateConfigDigest(pluginKey, encodedStaticConfig, newVersion);
+
+    StoredConfig memory newConfig = StoredConfig({
+      configDigest: newConfigDigest,
+      version: newVersion,
+      staticConfig: encodedStaticConfig,
+      dynamicConfig: encodedDynamicConfig
+    });
+
+    s_configs[pluginKey][s_primaryConfigIndex ^ 1] = newConfig;
+
+    emit ConfigSet(newConfig);
+
+    return newConfigDigest;
+  }
+
+  /// @notice Revokes a specific config by digest.
+  /// @param configDigest The digest of the config to revoke. This is done to prevent accidental revokes.
+  function revokeSecondary(bytes32 pluginKey, bytes32 configDigest) external OnlyOwnerOrSelfCall {
+    uint256 secondaryConfigIndex = s_primaryConfigIndex ^ 1;
+    if (s_configs[pluginKey][secondaryConfigIndex].configDigest != configDigest) {
+      revert ConfigDigestMismatch(s_configs[pluginKey][secondaryConfigIndex].configDigest, configDigest);
+    }
+
+    emit ConfigRevoked(configDigest);
+    // Delete only the digest, as that's what's used to determine if a config is active. This means the actual
+    // config stays in storage which should significantly reduce the gas cost of overwriting that storage space in
+    // the future.
+    delete s_configs[pluginKey][secondaryConfigIndex].configDigest;
+  }
+
+  /// @notice Promotes the secondary config to the primary config and revokes the primary config.
+  function promoteSecondaryAndRevokePrimary(
+    bytes32 pluginKey,
+    bytes32 digestToPromote,
+    bytes32 digestToRevoke
+  ) external OnlyOwnerOrSelfCall {
+    uint256 secondaryConfigIndex = s_primaryConfigIndex ^ 1;
+    if (s_configs[pluginKey][secondaryConfigIndex].configDigest != digestToPromote) {
+      revert ConfigDigestMismatch(s_configs[pluginKey][secondaryConfigIndex].configDigest, digestToPromote);
+    }
+
+    uint256 primaryConfigIndex = s_primaryConfigIndex;
+    if (s_configs[pluginKey][primaryConfigIndex].configDigest != digestToRevoke) {
+      revert ConfigDigestMismatch(s_configs[pluginKey][primaryConfigIndex].configDigest, digestToRevoke);
+    }
+
+    delete s_configs[pluginKey][primaryConfigIndex].configDigest;
+
+    s_primaryConfigIndex ^= 1;
+    if (digestToRevoke != ZERO_DIGEST) {
+      emit ConfigRevoked(digestToRevoke);
+    }
+    emit ConfigPromoted(digestToPromote);
+  }
+
+  function setDynamicConfig(
+    bytes32 pluginKey,
+    bytes calldata newDynamicConfig,
+    bytes32 currentDigest
+  ) external OnlyOwnerOrSelfCall {
+    for (uint256 i = 0; i < MAX_CONCURRENT_CONFIGS; ++i) {
+      if (s_configs[pluginKey][i].configDigest == currentDigest && currentDigest != ZERO_DIGEST) {
+        _validateDynamicConfig(s_configs[pluginKey][i].staticConfig, newDynamicConfig);
+
+        // Since the static config doesn't change we don't have to update the digest or version.
+        s_configs[pluginKey][i].dynamicConfig = newDynamicConfig;
+
+        emit DynamicConfigSet(currentDigest, newDynamicConfig);
+        return;
+      }
+    }
+
+    revert DigestNotFound(currentDigest);
+  }
+
+  function _calculateConfigDigest(
+    bytes32 pluginKey,
+    bytes memory staticConfig,
+    uint32 version
+  ) internal view returns (bytes32) {
+    return bytes32(
+      (_getConfigDigestPrefix() & PREFIX_MASK)
+        | (
+          uint256(
+            keccak256(
+              bytes.concat(abi.encode(bytes32("EVM"), block.chainid, address(this), pluginKey, version), staticConfig)
+            )
+          ) & ~PREFIX_MASK
+        )
+    );
+  }
+
+  modifier OnlyOwnerOrSelfCall() {
+    if (msg.sender != owner() && msg.sender != address(this)) {
+      revert OnlyOwnerOrSelfCallAllowed();
+    }
+    _;
+  }
+}