chore: adding signatures

Author: 0xdcota

src/MGDCompanyL2Sync.sol

@@ -2,25 +2,56 @@
 pragma solidity 0.8.18;
 
 import {MintGoldDustCompany} from "mgd-v2-contracts/MintGoldDustCompany.sol";
+import {MGDL2SyncEIP712, ECDSAUpgradeable} from "./MGDL2SyncEIP712.sol";
+import {SafeAccountChecker, ISafe} from "./utils/SafeAccountChecker.sol";
 
 /// @title MGDCompanyL2Sync
 /// @notice An extension to {MintGoldDustCompany} containing functions that
 ///         syncs access levels management changes with a L2.
 /// @author Mint Gold Dust LLC
 /// @custom:contact klvh@mintgolddust.io
-contract MGDCompanyL2Sync is MintGoldDustCompany {
+contract MGDCompanyL2Sync is MGDL2SyncEIP712, SafeAccountChecker, MintGoldDustCompany {
+  /// Custom errors
+  error MGDCompanyL2Sync_setValidatorWithL2Sync_longDeadline();
+  error MGDCompanyL2Sync_setValidatorWithL2Sync_notValidSigner();
+
+  bytes32 private constant _SETVALIDATOR_TYPEHASH =
+    keccak256("SetValidator(address account,bool state,uint256 deadline)");
+
   function setValidatorWithL2Sync(
-    address _address,
-    bool _state,
+    address account,
+    bool state,
+    uint256 deadline,
     uint8 v,
     bytes32 r,
     bytes32 s
   )
     external
     onlyOwner
-    isZeroAddress(_address)
+    isZeroAddress(account)
   {
-    isAddressValidator[_address] = _state;
-    emit ValidatorAdded(_address, _state);
+    if (deadline > block.timestamp + 1 days) {
+      revert MGDCompanyL2Sync_setValidatorWithL2Sync_longDeadline();
+    }
+
+    bytes32 structHash = keccak256(abi.encode(_SETVALIDATOR_TYPEHASH, account, state, deadline));
+    bytes32 digest = _hashTypedDataV4(structHash);
+    address signer = ECDSAUpgradeable.recover(digest, v, r, s);
+
+    if (_isOwnerAContract() && isAddressASafe(owner())) {
+      if (!isAccountOwnerInSafe(signer, owner())) {
+        revert MGDCompanyL2Sync_setValidatorWithL2Sync_notValidSigner();
+      }
+    } else {}
+
+    if (block.chainid == 0x1) {
+      isAddressValidator[account] = state;
+    }
+
+    emit ValidatorAdded(account, state);
+  }
+
+  function _isOwnerAContract() internal view returns (bool) {
+    return address(owner()).code.length > 0;
   }
 }

src/MGDL2SyncEIP712.sol

@@ -1,7 +1,52 @@
 // SPDX-License-Identifier: UNLICENSED
 pragma solidity 0.8.18;
 
+import {ECDSAUpgradeable} from
+  "@openzeppelin/contracts-upgradeable/utils/cryptography/ECDSAUpgradeable.sol";
+
 contract MGDL2SyncEIP712 {
-  bytes32 private constant SETVALIDATOR_TYPEHASH =
-    keccak256("SetValidator(address _address,bool _state)");
+  bytes32 private constant _TYPE_HASH =
+    keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract)");
+
+  string public constant NAME = "MGDL2SyncEIP712";
+  string public constant VERSION = "v0.0.1";
+
+  uint256 private constant _MAINNET_CHAINID = 0x1;
+  address private constant _MGD_COMPANY_ADDRESS = 0x2f00435f003d6568933586b4A272c6c6B481e0aD;
+
+  bytes32 private _cachedHashedName;
+  bytes32 private _cachedHashedVersion;
+
+  /**
+   * @dev Initializes the domain separator and parameter caches.
+   */
+  function __EIP712_init() internal {
+    _cachedHashedName = keccak256(bytes(NAME));
+    _cachedHashedVersion = keccak256(bytes(VERSION));
+  }
+
+  function _EIP712NameHash() internal view returns (bytes32) {
+    return _cachedHashedName;
+  }
+
+  function _EIP712VersionHash() internal view returns (bytes32) {
+    return _cachedHashedVersion;
+  }
+
+  /**
+   * @dev Returns the domain separator for mainnet ONLY signed messages for the {MintGoldDustCompany}
+   * contract address that relays admin changes to any L2.
+   *
+   */
+  function _domainSeparatorV4() internal view returns (bytes32) {
+    return keccak256(
+      abi.encode(
+        _TYPE_HASH, _EIP712NameHash(), _EIP712VersionHash(), _MAINNET_CHAINID, _MGD_COMPANY_ADDRESS
+      )
+    );
+  }
+
+  function _hashTypedDataV4(bytes32 structHash) internal view virtual returns (bytes32) {
+    return ECDSAUpgradeable.toTypedDataHash(_domainSeparatorV4(), structHash);
+  }
 }

src/utils/SafeAccountChecker.sol

@@ -0,0 +1,43 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity 0.8.18;
+
+interface ISafe {
+  function isOwner(address account) external view returns (bool);
+  function getStorageAt(uint256 offset, uint256 length) external view returns (bytes memory);
+}
+
+contract SafeAccountChecker {
+  mapping(address => bool) private _implementations;
+
+  constructor() {
+    _implementations[0x41675C099F32341bf84BFc5382aF534df5C7461a] = true; // v1.4.1
+    _implementations[0x29fcB43b46531BcA003ddC8FCB67FFE91900C762] = true; // L2 v1.4.1
+    _implementations[0xd9Db270c1B5E3Bd161E8c8503c55cEABeE709552] = true; // v1.3.0
+    _implementations[0x69f4D1788e39c87893C980c06EdF4b7f686e2938] = true; // v1.3.0
+    _implementations[0x3E5c63644E683549055b9Be8653de26E0B4CD36E] = true; // L2 v1.3.0
+    _implementations[0xfb1bffC9d739B8D520DaF37dF666da4C687191EA] = true; // L2 v1.3.0
+    _implementations[0x6851D6fDFAfD08c0295C392436245E5bc78B0185] = true; // v1.2.0
+    _implementations[0x34CfAC646f301356fAa8B21e94227e3583Fe3F5F] = true; // v1.1.0
+    _implementations[0xb6029EA3B2c51D09a50B53CA8012FeEB05bDa35A] = true; // v1.0.0
+  }
+
+  function isAddressASafe(address account) public view returns (bool) {
+    try ISafe(account).getStorageAt(0, 1) returns (bytes memory response) {
+      address implementation = _castBytesToAddress(response);
+      return _implementations[implementation];
+    } catch {
+      return false;
+    }
+  }
+
+  function isAccountOwnerInSafe(address account, address safe) public view returns (bool) {
+    return ISafe(safe).isOwner(account);
+  }
+
+  function _castBytesToAddress(bytes memory data) private pure returns (address addr) {
+    // solhint-disable-next-line no-inline-assembly
+    assembly {
+      addr := mload(add(data, 32))
+    }
+  }
+}