Skip to main content

Deploy Protocols on L1

Skip if Using Kurtosis

If you're using the Kurtosis Package to deploy L1, you can skip this section.

1. Deploy Taiko on L1

Prerequisites

  • L2 Chain ID (e.g. 763374)
  • L2 Genesis Hash (e.g. 0xbeced3738f1246571cccabc82a1e6cbd9ed9d5f7ed2b6c7ded28f9722317bd9e)
  • L1 Account with funds
  • L1 RPC URL

Set Environment Variables

export FOUNDRY_PROFILE=layer1
export CHAIN_ID=763374
export GENESIS_HASH=0xf1b4d345e9315f67daca6172b681b9bcd75eb1963e772cfda16f9410cf5c9c24
export L1_ACCOUNT_ADDRESS=0x8943545177806ED17B9F23F0a21ee5948eCaa776
export L1_ACCOUNT_PRIVATE_KEY=0xbcdf20249abf0ed6d944c0288fad489e33f66b3960d9e6229c1cd214ed3bbe31
export L1_RPC_URL=https://placeholder:32002
export OWNER_MULTISIG="0x${CHAIN_ID}0000000000000000000000000000000001"
export OWNER_MULTISIG_SIGNERS="0x${CHAIN_ID}0000000000000000000000000000000002,0x${CHAIN_ID}0000000000000000000000000000000003,0x${CHAIN_ID}0000000000000000000000000000000004"

Deployment Script

docker run \
  -e VERIFIER_OWNER=${L1_ACCOUNT_ADDRESS} \
  -e L2_CHAINID=${CHAIN_ID} \
  -e PRIVATE_KEY=${L1_ACCOUNT_PRIVATE_KEY} \
  -e L2_GENESIS_HASH=${GENESIS_HASH} \
  -e FOUNDRY_PROFILE=${FOUNDRY_PROFILE} \
  -e OWNER_MULTISIG=${OWNER_MULTISIG} \
  -e OWNER_MULTISIG_SIGNERS=${OWNER_MULTISIG_SIGNERS} \
  -e TIMELOCK_PERIOD="3888000" \
  nethsurge/taiko-contract:surge-devnet \
  forge script ./script/layer1/surge/DeploySurgeOnL1.s.sol:DeploySurgeOnL1 \
  --private-key ${L1_ACCOUNT_PRIVATE_KEY} \
  --fork-url ${L1_RPC_URL} \
  --broadcast --ffi -vv --block-gas-limit 100000000

Deployment Outputs (Important for further setup)

Details

== Logs == contractOwner(timelocked): 0x422A3492e218383753D8006C7Bfa97815B44373F

shared_address_manager @ 0x0000000000000000000000000000000000000000 proxy : 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 impl : 0x0643D39D47CF0ea95Dbea69Bf11a7F8C4Bc34968 owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 signal_service @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 proxy : 0x72ae2643518179cF01bcA3278a37ceAD408DE8b2 impl : 0x8F0342A7060e76dfc7F6e9dEbfAD9b9eC919952c owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 bridge @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 proxy : 0x63e6DDE6763C3466C7b45Be880f7eE5dC2ca3E25 impl : 0x9fCF7D13d10dEdF17d0f24C62f0cf4ED462f65b7 owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519

Warning - you need to register all counterparty bridges to enable multi-hop bridging: sharedAddressManager.setAddress(remoteChainId, "bridge", address(remoteBridge))

  • sharedAddressManager : 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5

erc20_vault @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 proxy : 0xEE0fCB8E5cCAD0b4197BAabd633333886f5C364d impl : 0x72bCbB3f339aF622c28a26488Eed9097a2977404 owner : 0x422A3492e218383753D8006C7Bfa97815B44373F msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 erc721_vault @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 proxy : 0xB965D10739e19a9158e7f713720B0145D996E370 impl : 0x086f77C5686dfe3F2f8FE487C5f8d357952C8556 owner : 0x422A3492e218383753D8006C7Bfa97815B44373F msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 erc1155_vault @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 proxy : 0x1430c9c2143F97aaE765197e744BaBa7e78acaf0 impl : 0x38435Ac0E0e9Bd8737c476F8F39a24b0735e00dc owner : 0x422A3492e218383753D8006C7Bfa97815B44373F msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519

Warning - you need to register all counterparty vaults to enable multi-hop bridging: sharedAddressManager.setAddress(remoteChainId, "erc20_vault", address(remoteERC20Vault)) sharedAddressManager.setAddress(remoteChainId, "erc721_vault", address(remoteERC721Vault)) sharedAddressManager.setAddress(remoteChainId, "erc1155_vault", address(remoteERC1155Vault))

  • sharedAddressManager : 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5

bridged_erc20 @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 addr : 0xE19dddcaF5dCb2Ec0Fe52229e3133B99396f22e2 bridged_erc721 @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 addr : 0x9ECB6f04D47FA2599449AaA523bF84476f7aD80f bridged_erc1155 @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 addr : 0x2b45cD38B213Bbd3A1A848bf2467927c976877Cb sharedAddressManager: 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 rollup_address_manager @ 0x0000000000000000000000000000000000000000 proxy : 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 impl : 0xC5FC7cE1d859E6604f1e8E57BA0f4A92858850Bc owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 signal_service @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 addr : 0x72ae2643518179cF01bcA3278a37ceAD408DE8b2 bridge @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 addr : 0x63e6DDE6763C3466C7b45Be880f7eE5dC2ca3E25 taiko @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 proxy : 0xa3c616dd54F6BB35a736cD6968c8EF7176faCACc impl : 0x85cB33Fc344275709c0c194Bc7D1c5C32736C8B9 owner : 0x422A3492e218383753D8006C7Bfa97815B44373F msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 tier_sgx @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 proxy : 0x9DC3b7C24965a90a8e2eacf48F4DB47c0A5f7Eb0 impl : 0x3A080b423D91E1C0C185dF46FE080e164A0e77a1 owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 tier_router @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 addr : 0x0EeC8BC5B2A3879A9B8997100486F4e26a4f299f automata_dcap_attestation @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 proxy : 0xaE37C7A711bcab9B0f8655a97B738d6ccaB6560B impl : 0xa4fD91B3b1032e1fd0d7623A54B1a399aaaF9ab5 owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 SigVerifyLib 0xF01ecC1dF1868C3B15f0edC4768812b9c435BBfb PemCertChainLib 0x303CB317624c74bB20Acbb9E13c8D745C6379826 AutomataDcapVaAttestation 0xaE37C7A711bcab9B0f8655a97B738d6ccaB6560B risc0_groth16_verifier @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 addr : 0x7E2E7DD2Aead92e2e6d05707F21D4C36004f8A2B tier_zkvm_risc0 @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 proxy : 0x86A0679C7987B5BA9600affA994B78D0660088ff impl : 0xaDe68b4b6410aDB1578896dcFba75283477b6b01 owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 sp1_remote_verifier @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 addr : 0x57E5d642648F54973e504f10D21Ea06360151cAf tier_zkvm_sp1 @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 proxy : 0xb239879B1f9Cd1B72b16Bab768D29Ea3293282Af impl : 0x6fDA176cb71b4f2b85c17E398b58803797f721e4 owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 tier_two_of_three @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 proxy : 0x6B3342821680031732Bc7d4E88A6528478aF9E38 impl : 0x89a37F5cd42162B56DE8A48bDe38A6E97C965675 owner : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 msg.sender : 0x8943545177806ED17B9F23F0a21ee5948eCaa776 this : 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519

msg.sender: 0x8943545177806ED17B9F23F0a21ee5948eCaa776 address(this): 0x5b73C5498c1E3b4dbA84de0F1833c4a029d90519 signalService.owner(): 0x8943545177806ED17B9F23F0a21ee5948eCaa776

taiko @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 addr : 0x7633740000000000000000000000000000010001 signal_service @ 0xB29dB8A6b1C596B64f7E1dD5358d59Db73648E17 addr : 0x7633740000000000000000000000000000000005 signal_service @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 addr : 0x7633740000000000000000000000000000000005 bridge @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 addr : 0x7633740000000000000000000000000000000001 erc20_vault @ 0x9f9F5Fd89ad648f2C000C954d8d9C87743243eC5 addr : 0x7633740000000000000000000000000000000002 HorseToken 0x86B28E406738f2928bE33D111A0B821BBC5610A2 BullToken 0x2af486b3C64D73B03A01Ee8aBD5A94287a5BFD49 ** sharedAddressManager ownership transferred to: 0x422A3492e218383753D8006C7Bfa97815B44373F ** rollupAddressManager ownership transferred to: 0x422A3492e218383753D8006C7Bfa97815B44373F

2. Configure SGX TCB on L1

Prerequisites

  • MRENCLAVE: 14c4362d5dd0af9721ef9bdea2c92bf84b67fe34a102c892182ce2be7a81f2c5
  • MRSIGNER: ca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5
  • SGX_VERIFIER_ADDRESS: 0xaE37C7A711bcab9B0f8655a97B738d6ccaB6560B
  • ATTESTATION_ADDRESS: 0xaE37C7A711bcab9B0f8655a97B738d6ccaB6560B
  • PEM_CERTCHAIN_ADDRESS: 0x303CB317624c74bB20Acbb9E13c8D745C6379826
  • Quote value (see documentation)
  • L1 Account with funds
  • L1 RPC URL
Full Quote Value

For the complete Quote value required for SGX TCB configuration, please refer to the deployment documentation or contact your system administrator.

Set Environment Variables

export FOUNDRY_PROFILE=layer1
export MR_ENCLAVE=14c4362d5dd0af9721ef9bdea2c92bf84b67fe34a102c892182ce2be7a81f2c5
export MR_SIGNER=ca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5
export QEID_PATH="/test/qe_identity"
export TCB_INFO_PATH="/test/tcb"
export V3_QUOTE_BYTES=${Quote}
export SGX_VERIFIER_ADDRESS=0x86A0679C7987B5BA9600affA994B78D0660088ff
export ATTESTATION_ADDRESS=0xdFb2fAc1519eDA2b3ee1Edf578ee0509DC8633f7
export PEM_CERTCHAIN_ADDRESS=0x86B28E406738f2928bE33D111A0B821BBC5610A2
export FMSPC=00906ED50000

SGX TCB Setup Script

docker run \
  -e TASK_ENABLE="[1,1,1,1,1,1]" \
  -e MR_ENCLAVE=${MR_ENCLAVE} \
  -e MR_SIGNER=${MR_SIGNER} \
  -e QEID_PATH=${QEID_PATH} \
  -e TCB_INFO_PATH=${TCB_INFO_PATH} \
  -e V3_QUOTE_BYTES=${V3_QUOTE_BYTES} \
  -e SGX_VERIFIER_ADDRESS=${SGX_VERIFIER_ADDRESS} \
  -e ATTESTATION_ADDRESS=${ATTESTATION_ADDRESS} \
  -e PEM_CERTCHAIN_ADDRESS=${PEM_CERTCHAIN_ADDRESS} \
  -e FMSPC=${FMSPC} \
  -e TCB_FILE=${TCB_FILE} \
  -e QE_IDENTITY_FILE=${QE_IDENTITY_FILE} \
  -e PRIVATE_KEY=${PRIVATE_KEY} \
  nethsurge/taiko-contract:surge-devnet \
  sh -c 'curl -X GET "https://api.trustedservices.intel.com/sgx/certification/v3/tcb?fmspc=${FMSPC}" > ${TCB_FILE} && \
         curl -X GET "https://api.trustedservices.intel.com/sgx/certification/v3/qe/identity" > ${QE_IDENTITY_FILE} && \
         jq ".tcbInfo.fmspc |= ascii_downcase" ${TCB_FILE} > temp.json && \
         mv temp.json ${TCB_FILE} && \
         forge script ./script/layer1/SetDcapParams.s.sol:SetDcapParams \
         --private-key ${PRIVATE_KEY} \
         --fork-url ${L1_RPC_URL} \
         --broadcast --evm-version cancun --ffi -vvvv --block-gas-limit 100000000 --legacy'