Files

Deploy to Phoenix / deploy (push) Has been cancelled

Details

Update submodule references and improve CI workflow

- Update submodule references for explorer-monorepo and smom-dbis-138 to latest commits.
- Modify CI workflow to include shellcheck installation and enforce error severity for script checks.
- Update contract addresses in configuration and documentation to reflect the new canonical addresses for CCIPWETH9Bridge and CCIP Router.
- Revise integration test documentation to align with updated contract addresses and deployment statuses.

Made-with: Cursor

2026-03-24 22:50:52 -07:00

15 KiB

Raw Permalink Blame History

Contract Next Steps and Recommendations — Complete

Last updated: 2026-02-12
Purpose: Single reference for all next steps (completed, operator action, pending) and all recommendations/suggestions for smart contracts across chains and projects.

Part 1 — Next steps status

Completed in repo (documentation and code alignment)

Step	Status	Notes
Deprecated bridge removed from defaults	Done	All active scripts/configs use `0x971c...`; only archive and intentional "deprecated" doc string keep `0x89dd...`.
CCIP Router address corrected in .env.example and terraform	Done	`smom-dbis-138/.env.example` and `terraform/phases/phase1/config/env.chain138.example` use Chain 138 addresses.
Full contract inventory (all chains, all projects)	Done	SMART_CONTRACTS_INVENTORY_ALL_CHAINS.
Simple inventory and verification doc	Done	SMART_CONTRACTS_INVENTORY_SIMPLE, CONTRACT_INVENTORY_AND_VERIFICATION.
Inconsistencies resolved (addresses, bridge fallbacks)	Done	See CONTRACT_INVENTORY_AND_VERIFICATION §7.
Verification script and proxy	Done	`scripts/verify/run-contract-verification-with-proxy.sh`, `scripts/verify-contracts-blockscout.sh`, `config/contract-addresses.conf`.
Canonical source of truth and .env reconciliation	Done	CONTRACT_ADDRESSES_REFERENCE § Canonical source of truth: single canonical address per contract; note to remove duplicate keys in `.env`.
On-chain check script (full canonical list)	Done	`scripts/verify/check-contracts-on-chain-138.sh` includes 59 Chain 138 addresses (core, CCIP, PMM, vault/reserve, CompliantFiatTokens; see CONTRACT_ADDRESSES_REFERENCE). Run (uses RPC_URL_138): `./scripts/verify/check-contracts-on-chain-138.sh`. Chain 138 deploys: use `--with-gas-price 1000000000`.
Phased core (138) deployed	Done	2026-02-11: UniversalAssetRegistry, GovernanceController, UniversalCCIPBridge, BridgeOrchestrator (proxies). Addresses in CONTRACT_ADDRESSES_REFERENCE and .env.
Channel manager docs and runbooks (smom-dbis-138)	Done	Payment/state channel deployment, gas report, incident runbook, watchtower, future work; see smom-dbis-138 `docs/channels/` and `docs/deployment/PAYMENT_CHANNELS_DEPLOYMENT.md`.

Operator action required

Step	Action	Command / reference
Confirm every Chain 138 contract on-chain	Done via VMID 2101	All 36 addresses checked (run `./scripts/verify/check-contracts-on-chain-138.sh`; uses `RPC_URL_138`). Re-run when new contracts are deployed.
Run Blockscout source verification	From host that can reach Blockscout (e.g. LAN)	`source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh`
Reconcile .env (single source of truth)	Done 2026-02-12: CCIPWETH9_BRIDGE_CHAIN138 set to canonical `0x971c...`; added RPC_URL_138 (standard), MERCHANT_SETTLEMENT_REGISTRY, SETTLEMENT_REGISTRY_ADDRESS, WITHDRAWAL_ESCROW_ADDRESS, RESERVE_TOKEN_INTEGRATION, REGULATED_ENTITY_REGISTRY. One entry per variable.	CONTRACT_ADDRESSES_REFERENCE. Re-run reconciliation if new contracts are deployed.
Verify Multicall vs Oracle Aggregator at same slot	Check explorer.d-bis.org for `0x99b3511a2d315a497c8112c1fdd8d508d4b1e506`	CONTRACT_ADDRESSES_REFERENCE notes both; confirm on explorer and document which contract is at this slot.
Deploy phased core (138)	Done 2026-02-11	UniversalAssetRegistry, GovernanceController, UniversalCCIPBridge, BridgeOrchestrator deployed (proxies). Addresses in CONTRACT_ADDRESSES_REFERENCE; re-run 01/02 only if redeploying.
Optional: deploy trustless bridge	If using trustless bridge stack	Deploy from `script/bridge/trustless/`; replace placeholders in `config/production/.env.production.example`.
Optional: mainnet/multichain deployments	If deploying to other chains	Use `DeployAll.s.sol` or chain-specific scripts; document addresses per chain.

Pending (when needed)

Step	When	Reference
CREATE2 / deterministic core	Done 2026-02-11 — Deployed + setCCIPRouter(router) on Chain 138	Addresses in CONTRACT_ADDRESSES_REFERENCE § CREATE2 / Deterministic
Vault / reserve / Keeper	When vault or reserve flow needed	`script/deploy/vault/`, `script/reserve/`
Dodo / swap integration	When DEX integration needed	`script/deploy/dex/`, `script/bridge/trustless/DeployEnhancedSwapRouter.s.sol`
eMoney / smart accounts	When eMoney or account abstraction needed	`script/emoney/`, `script/smart-accounts/`
Firefly	Auto-deployed by Firefly	VMID 6200; no repo action.
AddressMapper / MirrorManager (Chain 138)	Done 2026-02-12	Deployed at `0x439Fcb2d2ab2f890DCcAE50461Fa7d978F9Ffe1A`, `0x6eD905A30c552a6e003061A38FD52A5A427beE56`. TransactionMirror: use `forge create` with `--with-gas-price 1000000000` if script fails.
PaymentChannelManager / GenericStateChannelManager	When channel features needed on Mainnet or Chain-138	Deploy via smom-dbis-138 `script/DeployPaymentChannelManager.s.sol`, `script/DeployGenericStateChannelManager.s.sol`; Chain 138: use `--with-gas-price 1000000000`. See smom-dbis-138 `docs/deployment/PAYMENT_CHANNELS_DEPLOYMENT.md`.

Part 2 — Operator checklist (Chain 138)

Run from repo root. Requires cast (Foundry) and RPC access to Chain 138. Set RPC_URL_138 (e.g. http://192.168.11.211:8545 or https://rpc-core.d-bis.org). Then: ./scripts/verify/check-contracts-on-chain-138.sh.

# RPC (use one that you can reach)
export RPC="${RPC_URL_138:-https://rpc-core.d-bis.org}"   # Chain 138 Core standard

# Quick on-chain check: non-empty bytecode = contract present
for addr in \
  0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 \
  0xf4BB2e28688e89fCcE3c0580D37d36A7672E8A9f \
  0x99b3511a2d315a497c8112c1fdd8d508d4b1e506 \
  0x3304b747e565a97ec8ac220b0b6a1f6ffdb837e6 \
  0x42DAb7b888Dd382bD5Adcf9E038dBF1fD03b4817 \
  0x105F8A15b819948a89153505762444Ee9f324684 \
  0xcacfd227A040002e49e2e01626363071324f820a \
  0xe0E93247376aa097dB308B92e6Ba36bA015535D0 \
  0xb7721dD53A8c629d9f1Ba31a5819AFe250002b03 \
  0x93E66202A11B1772E55407B32B44e5Cd8eda7f22 \
  0xf22258f57794CC8E06237084b353Ab30fFfa640b \
  0x91Efe92229dbf7C5B38D422621300956B55870Fa \
  0xEBFb5C60dE5f7C4baae180CA328D3BB39E1a5133 \
  0xD3AD6831aacB5386B8A25BB8D8176a6C8a026f04 \
  0x16D9A2cB94A0b92721D93db4A6Cd8023D3338800 \
  0xe77cb26eA300e2f5304b461b0EC94c8AD6A7E46D \
  0xAEE4b7fBe82E1F8295951584CBc772b8BBD68575 \
  0xA6891D5229f2181a34D4FF1B515c3Aa37dd90E0e \
  0xCd42e8eD79Dc50599535d1de48d3dAFa0BE156F8 \
  0x89aB428c437f23bAB9781ff8Db8D3848e27EeD6c; do
  code=$(cast code "$addr" --rpc-url "$RPC" 2>/dev/null)
  if [[ -n "$code" && "$code" != "0x" ]]; then echo "OK $addr"; else echo "MISSING/EMPTY $addr"; fi
done

Or use the script: ./scripts/verify/check-contracts-on-chain-138.sh — it checks all 26 canonical addresses (see below).

Blockscout verification (from host where Blockscout is reachable, e.g. 192.168.11.140:4000):

source smom-dbis-138/.env 2>/dev/null
./scripts/verify/run-contract-verification-with-proxy.sh

Manual verification: https://explorer.d-bis.org/address/

#verify-contract

Part 3 — Recommendations and suggestions

3.1 Verification and source of truth

Verify every deployed contract on Blockscout so source is public and matches bytecode. Use BLOCKSCOUT_VERIFICATION_GUIDE and the Forge Verification Proxy.
Single source of truth: Keep CONTRACT_ADDRESSES_REFERENCE and SMART_CONTRACTS_INVENTORY_ALL_CHAINS updated when new contracts are deployed or deprecated. Reconcile duplicate entries in .env (e.g. multiple ComplianceRegistry addresses) into one canonical list.
On-chain confirmation: Periodically run the on-chain checklist (or check-contracts-on-chain-138.sh) and fix any MISSING/EMPTY.

3.2 Deprecated and security

Do not use CCIPWETH9Bridge at 0x89dd12025bfCD38A168455A44B400e913ED33BE2. Use only 0xcacfd227A040002e49e2e01626363071324f820a and set CCIPWETH9_BRIDGE_CHAIN138 in env.
Secrets: Never commit .env or private keys. Use MASTER_SECRETS_INVENTORY and rotate any exposed keys.
Access: Restrict deployer key and RPC admin access (RPC_URL_138 = Chain 138 Core) to operators who need them.

3.3 Deployment

RPC for deploy (Chain 138): Set RPC_URL_138 (e.g. http://192.168.11.211:8545 or https://rpc-core.d-bis.org). Run from LAN or VPN if 192.168.11.x is not reachable.
Gas: If you hit min-gas-price errors, use GAS_PRICE=1000000000 (or current network minimum). See CONTRACT_DEPLOYMENT_RUNBOOK.
Order: For phased core, run 01_DeployCore.s.sol first, set UNIVERSAL_ASSET_REGISTRY and GOVERNANCE_CONTROLLER, then run 02_DeployBridges.s.sol. For alltra-lifi-settlement, deploy MerchantSettlementRegistry before WithdrawalEscrow.
Nonce: If transactions are stuck, manage nonce explicitly and avoid reusing nonces. See DEPLOYMENT_STRATEGY_EVALUATION.

3.4 Documentation and runbooks

Runbooks: Keep CONTRACT_DEPLOYMENT_RUNBOOK, BLOCKSCOUT_VERIFICATION_GUIDE, and BLOCKSCOUT_FIX_RUNBOOK in sync with scripts and Blockscout URL (e.g. 192.168.11.140:4000 or explorer.d-bis.org).
Per-chain addresses: When deploying to mainnet or other chains, document addresses in a dedicated section or file (e.g. CONTRACT_ADDRESSES_REFERENCE or a chain-specific doc) and link from SMART_CONTRACTS_INVENTORY_ALL_CHAINS.

3.5 Automation and CI/CD (suggestions)

Verification in pipeline: Run run-contract-verification-with-proxy.sh (or Blockscout verification) after deployments when Blockscout is reachable from CI.
Deployment automation: Consider a single script that checks env, deploys, verifies, and updates config (see COMPREHENSIVE_RECOMMENDATIONS § Infrastructure).
Config by environment: Use .env.development / .env.staging / .env.production or JSON configs per chain to avoid mixing addresses.

3.6 Monitoring and operations

Event monitoring: Monitor critical bridge/oracle events (e.g. TransferInitiated, TransferCompleted, price updates) where applicable. See COMPREHENSIVE_RECOMMENDATIONS § Monitoring.
Explorer health: Ensure Blockscout (VMID 5000, 192.168.11.140) is up and /api is reachable so verification and explorer.d-bis.org work. See EXPLORER_API_ACCESS and BLOCKSCOUT_FIX_RUNBOOK.

3.7 Testing and quality

Test before deploy: Run forge test in smom-dbis-138 and alltra-lifi-settlement before deploying. Run integration tests where available.
NatSpec: Add NatSpec to public contract functions for better verification and tooling (see COMPREHENSIVE_RECOMMENDATIONS § Code Quality).

3.8 Other chains and projects

ALL Mainnet (651940): No deployment in repo; use ALL_MAINNET_TOKEN_ADDRESSES for integration only.
Mainnet / multichain: Use DeployAll.s.sol or chain-specific scripts with correct RPC and env; document addresses per chain in CONTRACT_ADDRESSES_REFERENCE or SMART_CONTRACTS_INVENTORY_ALL_CHAINS.
Tezos / GRU: Documented in inventory for reference; no EVM deployment steps in this repo.

Part 4 — Quick reference commands

Task	Command
On-chain check (Chain 138)	`./scripts/verify/check-contracts-on-chain-138.sh [RPC_URL]` (26 addresses; use `SKIP_EXIT=1` for report-only when RPC unreachable)
Deployer balances (gas tokens)	`cd smom-dbis-138 && ./scripts/deployment/check-balances-gas-and-deploy.sh`
Deployer tokens (all networks)	`cd smom-dbis-138 && ./scripts/deployment/list-deployer-tokens-all-networks.sh`
Deploy phased core (138)	`cd smom-dbis-138 && ./scripts/deployment/check-balances-gas-and-deploy.sh --deploy` (uses GAS_PRICE_138=1000000000)
Blockscout verification	`source smom-dbis-138/.env 2>/dev/null; ./scripts/verify/run-contract-verification-with-proxy.sh`
Deploy CCIP WETH9 bridge (138)	`GAS_PRICE=1000000000 ./scripts/deploy-and-configure-weth9-bridge-chain138.sh`
Deploy core (138)	`cd smom-dbis-138 && source .env && bash scripts/deployment/deploy-all-contracts.sh`
Deploy phased core	`cd smom-dbis-138 && forge script script/deploy/01_DeployCore.s.sol --rpc-url $RPC_URL_138 --broadcast --private-key $PRIVATE_KEY` then 02_DeployBridges
Deploy all phases (138)	`cd smom-dbis-138 && ./scripts/deployment/deploy-all-phases.sh` — Skips when env set; `--all` run every phase; `--phase N` one phase; `--dry-run` preview.
Run all commands on Proxmox via SSH	`./scripts/run-on-proxmox-via-ssh.sh` (optionally `--sync` to rsync repo first). Runs: on-chain check, deploy-all-phases, phoenix-deploy-api install, Blockscout verification. Set PROXMOX_HOST, PROXMOX_REPO_PATH if needed.
Single contract bytecode check	`cast code <ADDRESS> --rpc-url https://rpc-core.d-bis.org`
Explorer link	https://explorer.d-bis.org/address/

Part 5 — References

CONTRACT_NEXT_STEPS_LIST — Single checklist (all items)
SMART_CONTRACTS_INVENTORY_ALL_CHAINS — All contracts, all chains, all projects
CONTRACT_ADDRESSES_REFERENCE — Canonical Chain 138 addresses
CONTRACT_INVENTORY_AND_VERIFICATION — Verification status and inconsistencies resolved
CONTRACTS_TO_DEPLOY — Deployment scripts and order
CONTRACT_DEPLOYMENT_RUNBOOK — Deploy and verify workflow
BLOCKSCOUT_VERIFICATION_GUIDE — Blockscout verification
COMPREHENSIVE_RECOMMENDATIONS — Bridge, code quality, security, infra, monitoring
RECOMMENDATIONS_AND_SUGGESTIONS — Documentation, testing, automation

15 KiB Raw Permalink Blame History