deploy(rehearsal): fresh v5.4.0 mainnet dry-run on Sepolia + clean-deploy fixes#296
Conversation
…r clean-deploy gaps Ran ./deploy-core sepolia --fresh-deploy (DeployLive) end-to-end as a mainnet deployment rehearsal. Fresh full deploy succeeded; both GA blockers resolved by the clean path: version()=SuperPaymaster-5.4.0, and APNTS_TOKEN==config.aPNTs (no queueSetAPNTsToken migration / no config-vs-chain divergence). Full E2E 37/37 effective after the fixes below — none was an SP contract bug. New Sepolia addresses written to deployments/config.sepolia.json (fresh deploy replaced the v5.4.0-beta.1 deployment). Etherscan-verify record added. Issues surfaced by the clean deploy (hidden on an upgrade-accumulated chain): - TestAccountPrepare.s.sol: configureOperator needs hasRole(PAYMASTER_SUPER, deployer); a fresh deploy gives the deployer COMMUNITY+PAYMASTER_AOA but not SUPER. Added an idempotent PAYMASTER_SUPER grant before configureOperator (mirrors the existing Anni block). - B1/B2/B4 nonce-skip: validated the #295 sendTxSafe retry fix — full suite now shows 'draining mempool & retrying' and B1/B2/B4 PASS. - check-contracts.js + test-group-I1: updated stale hard-coded version strings (5.3.3 / Registry-4.1.0 / Staking-3.2.0 / MySBT-3.1.3 / GToken-2.1.2) to the v5.4 versions; the contracts were correct, the tests lagged the bump. Documented but NOT code-changed (economic/product decision): the default base credit tier (creditTierConfig[1]=[2]=100 aPNTs) is below a normal sponsored-tx validate-time charge (~150 aPNTs), so a fresh ENDUSER can't be SP-sponsored until tier/reputation is raised. Set to 300 live on Sepolia for the rehearsal; mainnet base value is an ops/product call. See docs/e2e/v5.4.0-final/REHEARSAL-RECORD.md.
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
clestons
left a comment
clestons
left a comment
There was a problem hiding this comment.
Review: deploy(rehearsal) fresh v5.4.0 mainnet dry-run on Sepolia — APPROVE [2-round]
Deployment-rehearsal + config PR (+138/-32, 6 files). No production contract (contracts/src/*.sol) change — the only .sol is a Forge deploy/test script; the rest is config addresses, test version strings, and evidence docs.
Verified
TestAccountPrepare.s.solrole grant is safe — idempotent (if (!registry.hasRole(ROLE_PAYMASTER_SUPER, deployerAddr))), scoped todeployerAddronly (no third-party escalation), gated behind the role's staking requirement (mint/approve 60 gtoken →safeMintForRole), mirroring the existing Anni block. It exists because a fresh deploy's deployer lacksPAYMASTER_SUPERthatconfigureOperator()requires (an upgraded chain had it via history). Correct bootstrap, no production-logic impact.- Fresh-deploy addresses are real on Sepolia — spot-checked via explorer:
superPaymaster0x030025f4…,registry0x3F920B25…,microPaymentChannel0x405851A1…, andaPNTs0x9e66B457…are all deployed contracts;aPNTsresolves to the "AAStar PNTs" token, confirming the GA-blocker fix (APNTS_TOKEN() == config.aPNTs, wired atinitialize()— noqueueSetAPNTsTokenmigration, no config↔chain divergence on the clean path). version()→SuperPaymaster-5.4.0; both beta.1 reconcile items vanish on the fresh deploy. 37/37 E2E effective, 4 first-pass failures root-caused (none an SP bug).previous*keys correctly dropped (fresh deploy = no upgrade history).
Heads-up — cross-repo address sync (non-blocking)
This fresh redeploy replaces every Sepolia address, including microPaymentChannel → 0x405851A1…. aastar-sdk #79 just pinned 0xfCC95340… (the prior value) and its check:addresses gate reported 24/24. Once #296 lands, the SDK's config.sepolia.json will be stale and needs another sync to these new addresses — worth queuing an SDK config-sync PR so the next check:addresses doesn't drift.
Agree with author's flagged ops decision (not a code issue)
Base credit tier creditTierConfig[1]=[2]=100 aPNTs < a normal validate-time charge (~150), so a fresh ENDUSER can't be SP-sponsored until tier/reputation rises. This is correctly an economic parameter for mainnet to set (300 chosen for the Sepolia rehearsal), not an SP bug. No objection.
Clean rehearsal, addresses verified, no production-contract risk. Verdict: APPROVE.
2 participants
What
Ran
./deploy-core sepolia --fresh-deploy(→DeployLive.s.sol) end-to-end as a mainnet deployment rehearsal — same process mainnet will use, only the signing key differs. Fresh full deploy of ~19 contracts + full wiring + both genesis communities (AAStar + Mycelium/MushroomDAO) succeeded; audit Check04–10 green; Etherscan-verified.Both GA blockers resolved automatically by the clean path
version()→SuperPaymaster-5.4.0(deployed from current source).APNTS_TOKEN() == config.aPNTs(0x9e66B457…) — fresh deploy wires the base accounting token atinitialize(), so noqueueSetAPNTsTokenmigration and no config↔chain divergence (both beta.1 reconcile items vanish on a clean deploy).Full E2E: 37/37 effective — 4 first-pass failures all root-caused, none an SP bug
prepare-testUnauthorized()PAYMASTER_SUPER(had it only via upgrade history)configureOperatorAA34Changed files
contracts/script/v3/TestAccountPrepare.s.sol— deployer PAYMASTER_SUPER grantscript/gasless-tests/{check-contracts.js, test-group-I1-credit-ceiling-h1.js}— v5.4 version stringsdeployments/config.sepolia.json— new fresh-deploy addresses (replaces beta.1)deployments/verify.sepolia.contracts-6-16.md— Etherscan verify recorddocs/e2e/v5.4.0-final/REHEARSAL-RECORD.md+ logs — full rehearsal evidenceBase credit tier
creditTierConfig[1]=[2]=100 aPNTsis below a normal sponsored-tx validate charge (~150), so a fresh ENDUSER can't be SP-sponsored until tier/reputation rises. This is an economic parameter — mainnet must pick the base value. Detail inREHEARSAL-RECORD.md§4.Follow-up (non-blocking)
Full 5-doc TX-Value-Verification pass for this fresh deployment (live agent handleOps, repayDebt, live negatives, Codex 2-axis) — next, mirroring
docs/e2e/v5.4.0-beta.1/.