Skip to content

run update periphery before synching whitelist #1508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
0xDEnYO merged 3 commits into from
Dec 22, 2025
Merged

run update periphery before synching whitelist #1508

0xDEnYO merged 3 commits into from
Dec 22, 2025

Conversation

@0xDEnYO
Copy link
Contributor

@0xDEnYO 0xDEnYO commented Dec 3, 2025
edited
Loading

Why did I implement it this way?

This makes sure that the whitelist party maintained by the SC team are always up to date when running the sync whitelist command

Checklist before requesting a review

Checklist for reviewer (DO NOT DEPLOY and contracts BEFORE CHECKING THIS!!!)

  • I have checked that any arbitrary calls to external contracts are validated and or restricted
  • I have checked that any privileged calls (i.e. storage modifications) are validated and or restricted
  • I have ensured that any new contracts have had AT A MINIMUM 1 preliminary audit conducted on by <company/auditor>

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 3, 2025
edited
Loading

Walkthrough

The change adds a pre-sync prerequisite step to diamondSyncWhitelist.sh that executes a TypeScript whitelist updater (updateWhitelistPeriphery.ts via bunx tsx) before proceeding with token-contracts logic, with informational messaging and failure handling integrated into the existing control flow.

Changes

Cohort / File(s) Summary
Pre-sync whitelist update
script/tasks/diamondSyncWhitelist.sh		 Inserts prerequisite step to run updateWhitelistPeriphery.ts for updating periphery and composer whitelist entries; adds informational messages and routes failures through existing checkFailure mechanism

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

  • Verify the script path and execution method (bunx tsx) are correct and available in the environment
  • Confirm the prerequisite runs in all necessary execution paths and doesn't interfere with conditional logic
  • Check that informational messages and error handling integrate cleanly with existing script patterns

Possibly related PRs

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description check ✅ Passed The description includes a rationale section and both required checklists with items marked appropriately, covering the essential template requirements despite some unchecked items.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Title check ✅ Passed The PR title accurately describes the main change: adding an update periphery step before the whitelist sync command, matching the core objective.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch whitelist-script-update

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)
  • JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@lifi-action-bot lifi-action-bot marked this pull request as draft December 3, 2025 00:18
@0xDEnYO 0xDEnYO marked this pull request as ready for review December 3, 2025 00:18
@0xDEnYO 0xDEnYO enabled auto-merge (squash) December 3, 2025 00:18
coderabbitai[bot]
coderabbitai bot reviewed Dec 3, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0e87633 and 101084a.

📒 Files selected for processing (2)
  • config/whitelist.json (1 hunks)
  • script/tasks/diamondSyncWhitelist.sh (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
script/**/*.sh

📄 CodeRabbit inference engine (conventions.md)

script/**/*.sh: Bash scripts must begin with #!/bin/bash, use modular functions with clear sections (Logging, Error handling and logging, Deployment functions), follow DRY principle using helper files, use consistent indentation and naming, include proper comments and documentation
Bash scripts must use helper functions for logging (echoDebug, error, warning, success), validate inputs and environment early, check function exit status with checkFailure, use set -e where appropriate, and provide automated retry mechanisms for RPC issues

Files:

  • script/tasks/diamondSyncWhitelist.sh
🧠 Learnings (13)
📓 Common learnings 
Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1334
File: deployments/mainnet.json:54-54
Timestamp: 2025-08-26T02:20:52.515Z
Learning: For deployment PRs in the lifinance/contracts repository, carefully verify the specific scope mentioned in the PR title and description before suggesting updates to other networks. Not all deployments are cross-network updates - some are targeted to specific chains only.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1168
File: script/deploy/_targetState.json:1564-1589
Timestamp: 2025-05-27T12:36:26.987Z
Learning: When reviewing deployment PRs in the lifinance/contracts repository, target state configuration files (like script/deploy/_targetState.json) may be updated for multiple networks even when the PR is focused on deploying to a specific network. The scope should be determined by the PR title and description, not just by all configuration changes present in the files.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1256
File: deployments/zksync.diamond.json:81-87
Timestamp: 2025-07-04T08:59:08.108Z
Learning: When analyzing deployment PRs in the lifinance/contracts repository, carefully verify that target state configuration files (like script/deploy/_targetState.json) have been updated before flagging missing entries. The AI summary section should be consulted to understand all file changes, as manual searches might miss entries due to formatting differences or search limitations.

Learnt from: mirooon
Repo: lifinance/contracts PR: 1283
File: deployments/ronin.diamond.json:65-68
Timestamp: 2025-08-07T10:20:01.383Z
Learning: When analyzing deployment PRs in the lifinance/contracts repository, carefully verify that target state configuration files (like script/deploy/_targetState.json) and deployment log files have been updated before flagging missing entries. The AI summary section should be consulted to understand all file changes, as manual searches might miss entries due to formatting differences or search limitations.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 874
File: script/tasks/diamondSyncSigs.sh:88-88
Timestamp: 2024-11-26T01:50:51.809Z
Learning: In the 'lifinance/contracts' repository, scripts like 'script/tasks/diamondSyncSigs.sh' are executed only on local machines where private keys are securely managed, so additional private key security improvements are not required.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1109
File: deployments/worldchain.json:28-28
Timestamp: 2025-04-21T03:17:53.443Z
Learning: For deployment PRs involving address updates like the RelayFacet to Worldchain, verify the actual presence of entries in files before reporting issues. The RelayFacet exists in the diamond log file and the PR diff already contains the necessary address change.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1266
File: script/deploy/safe/execute-pending-timelock-tx.ts:334-334
Timestamp: 2025-07-17T04:21:55.549Z
Learning: In the lifinance/contracts repository, 0xDEnYO prefers to keep private key processing simple in scripts like execute-pending-timelock-tx.ts without adding format validation, prioritizing code simplicity over strict validation in controlled environments.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1325
File: script/tasks/diamondSyncDEXs.sh:116-116
Timestamp: 2025-08-27T08:45:59.606Z
Learning: In script/tasks/diamondSyncDEXs.sh, user 0xDEnYO has chosen to selectively apply ShellCheck fixes, keeping array assignments using $() construct and other patterns as-is in their controlled deployment environment, prioritizing functionality over strict ShellCheck compliance.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1109
File: deployments/worldchain.json:28-28
Timestamp: 2025-04-21T03:17:53.443Z
Learning: For deployment PRs updating contract addresses (like RelayFacet on Worldchain), verify the presence of entries in all relevant files (worldchain.json, worldchain.diamond.json, _deployments_log_file.json) before reporting inconsistencies. The RelayFacet entry exists in all required deployment files with the correct address.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1266
File: script/deploy/safe/execute-pending-timelock-tx.ts:129-129
Timestamp: 2025-07-17T04:21:50.790Z
Learning: In the lifinance/contracts repository, 0xDEnYO prefers not to add private key format validation in deployment scripts like execute-pending-timelock-tx.ts, prioritizing code simplicity over strict validation in their controlled environment.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 782
File: deployments/base.diamond.json:148-148
Timestamp: 2024-11-25T09:05:43.045Z
Learning: In deployment configuration files (e.g., `deployments/base.diamond.json`), empty addresses for contracts like `Permit2Proxy` may be placeholders and will be updated after approvals are released from the multisig safe.

Learnt from: CR
Repo: lifinance/contracts PR: 0
File: conventions.md:0-0
Timestamp: 2025-12-02T10:08:06.466Z
Learning: Applies to test/**/*.t.sol : For facets requiring whitelist functionality, test contracts should inherit from TestWhitelistManagerBase and use its functions (addToWhitelist, removeFromWhitelist, setFunctionWhitelistBySelector, removeFunctionApprovalBySelector)

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1196
File: script/helperFunctions.sh:1447-1462
Timestamp: 2025-06-19T06:23:47.848Z
Learning: 0xDEnYO prefers to keep eval usage in local bash scripts when the security risk is acceptable in their controlled environment, prioritizing simplicity over security hardening for local tooling.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1266
File: script/deploy/safe/execute-pending-timelock-tx.ts:627-628
Timestamp: 2025-07-17T04:21:26.825Z
Learning: In the lifinance/contracts repository, 0xDEnYO prefers to keep '0x0' as a fallback address in gas estimation calls rather than throwing errors when the wallet account address is not available, prioritizing code simplicity over strict validation.

Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1212
File: .github/workflows/convertForkedPRsToInternal.yml:81-106
Timestamp: 2025-07-16T06:18:02.682Z
Learning: 0xDEnYO prefers to use printf "%q" for shell escaping in GitHub workflows to increase security and protection from potential injections, even when it might cause formatting issues, prioritizing security over convenience.
📚 Learning: 2025-08-27T08:45:59.606Z 
Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1325
File: script/tasks/diamondSyncDEXs.sh:116-116
Timestamp: 2025-08-27T08:45:59.606Z
Learning: In script/tasks/diamondSyncDEXs.sh, user 0xDEnYO has chosen to selectively apply ShellCheck fixes, keeping array assignments using $() construct and other patterns as-is in their controlled deployment environment, prioritizing functionality over strict ShellCheck compliance.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2024-11-26T01:50:51.809Z 
Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 874
File: script/tasks/diamondSyncSigs.sh:88-88
Timestamp: 2024-11-26T01:50:51.809Z
Learning: In the 'lifinance/contracts' repository, scripts like 'script/tasks/diamondSyncSigs.sh' are executed only on local machines where private keys are securely managed, so additional private key security improvements are not required.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-06-05T10:00:01.583Z 
Learnt from: mirooon
Repo: lifinance/contracts PR: 1145
File: script/tasks/diamondSyncWhitelistedAddresses.sh:208-209
Timestamp: 2025-06-05T10:00:01.583Z
Learning: Task scripts in script/tasks/ directory (like diamondSyncWhitelistedAddresses.sh) define functions that are sourced by deployAllContracts.sh and called from there, rather than executing directly. They don't need to call their own functions at the end of the file.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-12-02T10:08:06.466Z 
Learnt from: CR
Repo: lifinance/contracts PR: 0
File: conventions.md:0-0
Timestamp: 2025-12-02T10:08:06.466Z
Learning: Applies to test/**/*.t.sol : For facets requiring whitelist functionality, test contracts should inherit from TestWhitelistManagerBase and use its functions (addToWhitelist, removeFromWhitelist, setFunctionWhitelistBySelector, removeFunctionApprovalBySelector)

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-07-04T08:59:08.108Z 
Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1256
File: deployments/zksync.diamond.json:81-87
Timestamp: 2025-07-04T08:59:08.108Z
Learning: When analyzing deployment PRs in the lifinance/contracts repository, carefully verify that target state configuration files (like script/deploy/_targetState.json) have been updated before flagging missing entries. The AI summary section should be consulted to understand all file changes, as manual searches might miss entries due to formatting differences or search limitations.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-04-21T03:17:53.443Z 
Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1109
File: deployments/worldchain.json:28-28
Timestamp: 2025-04-21T03:17:53.443Z
Learning: For deployment PRs involving address updates like the RelayFacet to Worldchain, verify the actual presence of entries in files before reporting issues. The RelayFacet exists in the diamond log file and the PR diff already contains the necessary address change.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-01-28T14:29:00.823Z 
Learnt from: ezynda3
Repo: lifinance/contracts PR: 924
File: script/deploy/zksync/utils/UpdateScriptBase.sol:112-178
Timestamp: 2025-01-28T14:29:00.823Z
Learning: The suggestion to modify `buildDiamondCut` function in `UpdateScriptBase.sol` to handle selectors from multiple old facets differently was deemed unnecessary by the maintainer.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-08-07T10:20:01.383Z 
Learnt from: mirooon
Repo: lifinance/contracts PR: 1283
File: deployments/ronin.diamond.json:65-68
Timestamp: 2025-08-07T10:20:01.383Z
Learning: When analyzing deployment PRs in the lifinance/contracts repository, carefully verify that target state configuration files (like script/deploy/_targetState.json) and deployment log files have been updated before flagging missing entries. The AI summary section should be consulted to understand all file changes, as manual searches might miss entries due to formatting differences or search limitations.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-04-21T03:17:53.443Z 
Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1109
File: deployments/worldchain.json:28-28
Timestamp: 2025-04-21T03:17:53.443Z
Learning: For deployment PRs updating contract addresses (like RelayFacet on Worldchain), verify the presence of entries in all relevant files (worldchain.json, worldchain.diamond.json, _deployments_log_file.json) before reporting inconsistencies. The RelayFacet entry exists in all required deployment files with the correct address.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-11-13T09:20:21.608Z 
Learnt from: ezynda3
Repo: lifinance/contracts PR: 1461
File: script/deploy/facets/UpdateWhitelistManagerFacet.s.sol:21-24
Timestamp: 2025-11-13T09:20:21.608Z
Learning: In deployment scripts that use the NO_BROADCAST flag (noBroadcast), the flag is specifically for building calldata for SAFE transactions (the diamondCut itself), not for helper contract deployments. Helper contracts like MigrateWhitelistManager need to be deployed regardless of the NO_BROADCAST flag setting, as they are prerequisites for the main diamondCut operation.

Applied to files:

  • script/tasks/diamondSyncWhitelist.sh
📚 Learning: 2025-11-25T02:57:58.015Z 
Learnt from: 0xDEnYO
Repo: lifinance/contracts PR: 1466
File: config/whitelist.json:2546-2554
Timestamp: 2025-11-25T02:57:58.015Z
Learning: In lifinance/contracts config/whitelist.json, the SushiSwap Aggregator uses functions:
- snwap(address,uint256,address,address,uint256,address,bytes) -> selector 0x5f3bd1c8
- snwapMultiple((address,uint256,address)[],(address,address,uint256)[],(address,uint256,bytes)[]) -> selector 0xd33721a5
These selectors are canonical across networks and valid for the monad entry as well. Always compute with Keccak-256 (not SHA3-256) when verifying.

Applied to files:

  • config/whitelist.json
📚 Learning: 2025-11-14T12:58:18.040Z 
Learnt from: ezynda3
Repo: lifinance/contracts PR: 1463
File: config/whitelist.json:24-26
Timestamp: 2025-11-14T12:58:18.040Z
Learning: In lifinance/contracts reviews, selectors must be verified by code or concrete on-chain evidence (ABI/tx) rather than assumed; provide a reproducible script or reference when proposing selector mappings.

Applied to files:

  • config/whitelist.json
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
  • GitHub Check: run-unit-tests
  • GitHub Check: run-unit-tests
🔇 Additional comments (1)
config/whitelist.json (1)

7198-7207: No changes needed; signature and selector are correctly paired.

The signature "runVM((uint8,bytes32)[],(bytes[]))" with selector 0x00a32e6c is correct. The updateWhitelistPeriphery.ts script validates all selector/signature pairs using validateSelector(), which computes keccak256(signature) and compares the first 4 bytes against the provided selector. This entry exists in the whitelist, confirming it passed validation. The address 0x873fd892E827B9C3057f5A49A612EeecD6694cd3 is properly EIP-55 checksummed and consistent across config/whitelist.json and config/composerWhitelist.json.

Likely an incorrect or invalid review comment.

mirooon
mirooon reviewed Dec 4, 2025
View reviewed changes
@lifi-action-bot lifi-action-bot changed the title run update periphery before synching whitelist run update periphery before synching whitelist [AllBridgeFacet v2.1.1, CelerCircleBridgeFacet v1.0.1, ICircleBridgeProxy v1.0.0, GasZipPeriphery v1.0.1] Dec 22, 2025
@lifi-action-bot lifi-action-bot changed the title run update periphery before synching whitelist [AllBridgeFacet v2.1.1, CelerCircleBridgeFacet v1.0.1, ICircleBridgeProxy v1.0.0, GasZipPeriphery v1.0.1] run update periphery before synching whitelist Dec 22, 2025
@0xDEnYO 0xDEnYO merged commit e9d2658 into main Dec 22, 2025
33 of 36 checks passed
@0xDEnYO 0xDEnYO deleted the whitelist-script-update branch December 22, 2025 11:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@mirooon mirooon mirooon approved these changes

Assignees

No one assigned

Labels

AuditNotRequired

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@0xDEnYO @mirooon @lifi-action-bot