update deps and add check bytecode hash

.gas-snapshot

@@ -1,9 +1,9 @@
-ExtrospectionBytecodeTest:testBytecode(address) (runs: 2048, μ: 308793, ~: 308847)
-ExtrospectionBytecodeTest:testBytecodeHash(address) (runs: 2048, μ: 303472, ~: 303531)
-ExtrospectionBytecodeTest:testScanEVMOpcodesPresentInAccount(address) (runs: 2048, μ: 303697, ~: 303224)
-ExtrospectionBytecodeTest:testScanEVMOpcodesReachableInAccount(address) (runs: 2048, μ: 303952, ~: 303265)
-ExtrospectionERC1167ProxyTest:testExtrospectionERC1167ProxyFailure(address,bytes) (runs: 2014, μ: 305214, ~: 305199)
-ExtrospectionERC1167ProxyTest:testExtrospectionERC1167ProxySuccess(address,address) (runs: 2014, μ: 305264, ~: 305264)
+ExtrospectionBytecodeTest:testBytecode(address) (runs: 2048, μ: 308822, ~: 308847)
+ExtrospectionBytecodeTest:testBytecodeHash(address) (runs: 2048, μ: 303501, ~: 303531)
+ExtrospectionBytecodeTest:testScanEVMOpcodesPresentInAccount(address) (runs: 2048, μ: 303726, ~: 303224)
+ExtrospectionBytecodeTest:testScanEVMOpcodesReachableInAccount(address) (runs: 2048, μ: 303981, ~: 303265)
+ExtrospectionERC1167ProxyTest:testExtrospectionERC1167ProxyFailure(address,bytes) (runs: 2048, μ: 305417, ~: 305332)
+ExtrospectionERC1167ProxyTest:testExtrospectionERC1167ProxySuccess(address,address) (runs: 2048, μ: 305264, ~: 305264)
 ExtrospectionInterpreterTest:testCallCodeooor() (gas: 353111)
 ExtrospectionInterpreterTest:testCallooor() (gas: 353110)
 ExtrospectionInterpreterTest:testCreate2ooor() (gas: 352015)
@@ -18,27 +18,28 @@ ExtrospectionInterpreterTest:testNoopooor() (gas: 335193)
 ExtrospectionInterpreterTest:testSLoadooor() (gas: 353360)
 ExtrospectionInterpreterTest:testSStoreooor() (gas: 349547)
 ExtrospectionInterpreterTest:testSelfDestructooor() (gas: 348804)
-LibExtrospectBytecodeTrimSolidityCBORMetadataTest:testTrimSolidityCBORMetadataBytecodeContrived(bytes) (runs: 2048, μ: 6406, ~: 6324)
-LibExtrospectBytecodeTrimSolidityCBORMetadataTest:testTrimSolidityCBORMetadataBytecodeShort(bytes) (runs: 1468, μ: 3555, ~: 3555)
+LibExtrospectBytecodeCheckCBORTrimmedBytecodeHashTest:testCheckCBORTrimmedBytecodeHashSuccess() (gas: 7562)
+LibExtrospectBytecodeScanEVMOpcodesPresentInBytecodeTest:testScanEVMOpcodesPresentPush1() (gas: 715)
+LibExtrospectBytecodeScanEVMOpcodesPresentInBytecodeTest:testScanEVMOpcodesPresentReference(bytes) (runs: 2048, μ: 34088, ~: 10497)
+LibExtrospectBytecodeScanEVMOpcodesPresentInBytecodeTest:testScanEVMOpcodesPresentSimple() (gas: 879)
+LibExtrospectBytecodeTrimSolidityCBORMetadataTest:testTrimSolidityCBORMetadataBytecodeContrived(bytes) (runs: 2048, μ: 6802, ~: 6603)
+LibExtrospectBytecodeTrimSolidityCBORMetadataTest:testTrimSolidityCBORMetadataBytecodeShort(bytes) (runs: 2048, μ: 3555, ~: 3555)
 LibExtrospectBytecodeTrimSolidityCBORMetadataTest:testTrimSolidityCBORMetdataBytecodeReal() (gas: 3963)
 LibExtrospectERC1167ProxyTest:testIsERC1167ProxyGasFailLength() (gas: 365)
 LibExtrospectERC1167ProxyTest:testIsERC1167ProxyGasFailPrefix() (gas: 684)
 LibExtrospectERC1167ProxyTest:testIsERC1167ProxyGasFailSuffix() (gas: 663)
 LibExtrospectERC1167ProxyTest:testIsERC1167ProxyGasSuccess() (gas: 662)
-LibExtrospectERC1167ProxyTest:testIsERC1167ProxyLength(bytes) (runs: 2037, μ: 3901, ~: 3898)
-LibExtrospectERC1167ProxyTest:testIsERC1167ProxyPrefixFail(bytes,address) (runs: 2048, μ: 4292, ~: 4282)
-LibExtrospectERC1167ProxyTest:testIsERC1167ProxySlowFail(bytes) (runs: 2048, μ: 3883, ~: 3847)
+LibExtrospectERC1167ProxyTest:testIsERC1167ProxyLength(bytes) (runs: 2048, μ: 3920, ~: 3898)
+LibExtrospectERC1167ProxyTest:testIsERC1167ProxyPrefixFail(bytes,address) (runs: 2048, μ: 4381, ~: 4282)
+LibExtrospectERC1167ProxyTest:testIsERC1167ProxySlowFail(bytes) (runs: 2048, μ: 3952, ~: 3847)
 LibExtrospectERC1167ProxyTest:testIsERC1167ProxySlowSuccess(address) (runs: 2048, μ: 12367, ~: 12367)
 LibExtrospectERC1167ProxyTest:testIsERC1167ProxySuccess(address) (runs: 2048, μ: 1332, ~: 1332)
-LibExtrospectERC1167ProxyTest:testIsERC1167ProxySuffixFail(bytes,address) (runs: 2048, μ: 4311, ~: 4299)
-LibExtrospectScanEVMOpcodesPresentInBytecodeTest:testScanEVMOpcodesPresentPush1() (gas: 715)
-LibExtrospectScanEVMOpcodesPresentInBytecodeTest:testScanEVMOpcodesPresentReference(bytes) (runs: 2048, μ: 10334, ~: 12897)
-LibExtrospectScanEVMOpcodesPresentInBytecodeTest:testScanEVMOpcodesPresentSimple() (gas: 879)
+LibExtrospectERC1167ProxyTest:testIsERC1167ProxySuffixFail(bytes,address) (runs: 2048, μ: 4396, ~: 4299)
 LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachableInvalid() (gas: 1142)
 LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachableJumpdest() (gas: 1954)
 LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachablePush1() (gas: 789)
 LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachablePush4() (gas: 1024)
-LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachableReference(bytes) (runs: 2048, μ: 11882, ~: 12259)
+LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachableReference(bytes) (runs: 2048, μ: 41242, ~: 12259)
 LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachableReportedFalsePositive() (gas: 1713108)
 LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachableReportedFalsePositiveBytecode() (gas: 1664573)
 LibExtrospectScanEVMOpcodesReachableInBytecodeTest:testScanEVMOpcodesReachableReturn() (gas: 1122)

.github/workflows/rainix.yaml

@@ -28,4 +28,5 @@ jobs:
           ETH_RPC_URL: ${{ secrets.CI_DEPLOY_RPC_URL }}
           ETHERSCAN_API_KEY: ${{ secrets.EXPLORER_VERIFICATION_KEY }}
           DEPLOY_VERIFIER: 'etherscan'
+          RPC_URL_ARBITRUM_FORK: ${{ secrets.CI_DEPLOY_ARBITRUM_RPC_URL }}
         run: nix develop -c ${{ matrix.task }}

.gitignore

@@ -1,2 +1,3 @@
 out
-cache
+cache
+.env

foundry.lock

@@ -1,8 +1,8 @@
 {
   "lib/forge-std": {
-    "rev": "b8f065fda83b8cd94a6b2fec8fcd911dc3b444fd"
+    "rev": "1801b0541f4fda118a10798fd3486bb7051c5dd6"
   },
   "lib/rain.solmem": {
-    "rev": "228b35c6725877e7fbcd2432b4c692357f16f510"
+    "rev": "26bce6197383f193e35326bab4d4424cf6eafde7"
   }
 }

src/interface/IExtrospectInterpreterV1.sol

@@ -21,29 +21,30 @@ import {
 /// @dev https://eips.ethereum.org/EIPS/eip-214#specification
 //forge-lint: disable-next-line(incorrect-shift)
 uint256 constant NON_STATIC_OPS = (1 << uint256(EVM_OP_CREATE)) | (1 << uint256(EVM_OP_CREATE2))
-//forge-lint: disable-next-line(incorrect-shift)
-| (1 << uint256(EVM_OP_LOG0)) | (1 << uint256(EVM_OP_LOG1)) | (1 << uint256(EVM_OP_LOG2)) | (1 << uint256(EVM_OP_LOG3))
-//forge-lint: disable-next-line(incorrect-shift)
-| (1 << uint256(EVM_OP_LOG4)) | (1 << uint256(EVM_OP_SSTORE)) | (1 << uint256(EVM_OP_SELFDESTRUCT))
-//forge-lint: disable-next-line(incorrect-shift)
-| (1 << uint256(EVM_OP_CALL));
+    //forge-lint: disable-next-line(incorrect-shift)
+    | (1 << uint256(EVM_OP_LOG0)) | (1 << uint256(EVM_OP_LOG1)) | (1 << uint256(EVM_OP_LOG2))
+    | (1 << uint256(EVM_OP_LOG3))
+    //forge-lint: disable-next-line(incorrect-shift)
+    | (1 << uint256(EVM_OP_LOG4)) | (1 << uint256(EVM_OP_SSTORE)) | (1 << uint256(EVM_OP_SELFDESTRUCT))
+    //forge-lint: disable-next-line(incorrect-shift)
+    | (1 << uint256(EVM_OP_CALL));
 
 /// @dev The interpreter ops allowlist is stricter than the static ops list.
 uint256 constant INTERPRETER_DISALLOWED_OPS = NON_STATIC_OPS
-// Interpreter cannot store so it has no reason to load from storage.
-//forge-lint: disable-next-line(incorrect-shift)
-| (1 << uint256(EVM_OP_SLOAD))
-// Interpreter MUST NOT delegate call as we have no idea what could run and
-// it could easily mutate the interpreter if allowed.
-//forge-lint: disable-next-line(incorrect-shift)
-| (1 << uint256(EVM_OP_DELEGATECALL))
-// Interpreter MUST use static call only.
-//forge-lint: disable-next-line(incorrect-shift)
-| (1 << uint256(EVM_OP_CALLCODE))
-// Interpreter MUST use static call only.
-// Redundant with static list for clarity as static list allows 0 value calls.
-//forge-lint: disable-next-line(incorrect-shift)
-| (1 << uint256(EVM_OP_CALL));
+    // Interpreter cannot store so it has no reason to load from storage.
+    //forge-lint: disable-next-line(incorrect-shift)
+    | (1 << uint256(EVM_OP_SLOAD))
+    // Interpreter MUST NOT delegate call as we have no idea what could run and
+    // it could easily mutate the interpreter if allowed.
+    //forge-lint: disable-next-line(incorrect-shift)
+    | (1 << uint256(EVM_OP_DELEGATECALL))
+    // Interpreter MUST use static call only.
+    //forge-lint: disable-next-line(incorrect-shift)
+    | (1 << uint256(EVM_OP_CALLCODE))
+    // Interpreter MUST use static call only.
+    // Redundant with static list for clarity as static list allows 0 value calls.
+    //forge-lint: disable-next-line(incorrect-shift)
+    | (1 << uint256(EVM_OP_CALL));
 
 /// @title IExtrospectInterpreterV1
 /// @notice External functions for offchain processing to determine if an

src/lib/EVMOpcodes.sol

@@ -171,5 +171,5 @@ uint8 constant EVM_OP_SELFDESTRUCT = 0xFF;
 
 //forge-lint: disable-next-line(incorrect-shift)
 uint256 constant HALTING_BITMAP = (1 << EVM_OP_STOP) | (1 << EVM_OP_RETURN) | (1 << EVM_OP_REVERT)
-//forge-lint: disable-next-line(incorrect-shift)
-| (1 << EVM_OP_INVALID) | (1 << EVM_OP_SELFDESTRUCT);
+    //forge-lint: disable-next-line(incorrect-shift)
+    | (1 << EVM_OP_INVALID) | (1 << EVM_OP_SELFDESTRUCT);

src/lib/LibExtrospectBytecode.sol

@@ -12,6 +12,14 @@ import {EVM_OP_JUMPDEST, HALTING_BITMAP} from "./EVMOpcodes.sol";
 library LibExtrospectBytecode {
     using LibBytes for bytes;
 
+    /// Thrown when bytecode metadata is not trimmed as expected.
+    error MetadataNotTrimmed();
+
+    /// Thrown when the bytecode hash does not match the expected value.
+    /// @param expected The expected bytecode hash.
+    /// @param actual The actual bytecode hash.
+    error BytecodeHashMismatch(bytes32 expected, bytes32 actual);
+
     /// https://docs.soliditylang.org/en/latest/metadata.html#encoding-of-the-metadata-hash-in-the-bytecode
     ///
     /// The encoding is not super complex, but requires having a CBOR decoder to
@@ -37,6 +45,8 @@ library LibExtrospectBytecode {
     /// parts still have constant length.
     ///
     /// NOTE bytecode is mutated in place.
+    /// @param bytecode The bytecode to trim metadata from.
+    /// @return didTrim Whether metadata was detected and trimmed.
     //forge-lint: disable-next-line(mixed-case-function)
     function trimSolidityCBORMetadata(bytes memory bytecode) internal pure returns (bool didTrim) {
         uint256 length = bytecode.length;
@@ -59,6 +69,23 @@ library LibExtrospectBytecode {
         }
     }
 
+    /// Checks that the bytecode of an account, after trimming Solidity CBOR
+    /// metadata, matches an expected hash. Reverts if the metadata was not
+    /// trimmed or if the hash does not match after trimming.
+    /// @param account The account whose bytecode to check.
+    /// @param expected The expected hash of the trimmed bytecode.
+    function checkCBORTrimmedBytecodeHash(address account, bytes32 expected) internal view {
+        bytes memory bytecode = account.code;
+        bool didTrim = LibExtrospectBytecode.trimSolidityCBORMetadata(bytecode);
+        if (!didTrim) {
+            revert MetadataNotTrimmed();
+        }
+        bytes32 actual = keccak256(bytecode);
+        if (expected != actual) {
+            revert BytecodeHashMismatch(expected, actual);
+        }
+    }
+
     /// Scans for opcodes that are reachable during execution of a contract.
     /// Adapted from https://github.com/MrLuit/selfdestruct-detect/blob/master/src/index.ts
     /// @param bytecode The bytecode to scan.

src/lib/LibExtrospectERC1167Proxy.sol

@@ -81,8 +81,10 @@ library LibExtrospectERC1167Proxy {
                     uint256 implementationAddressOffset = ERC1167_IMPLEMENTATION_ADDRESS_OFFSET;
                     uint256 implementationAddressMask = type(uint160).max;
                     assembly ("memory-safe") {
-                        implementationAddress :=
-                            and(mload(add(bytecode, implementationAddressOffset)), implementationAddressMask)
+                        implementationAddress := and(
+                            mload(add(bytecode, implementationAddressOffset)),
+                            implementationAddressMask
+                        )
                     }
                 }
             }

test/lib/LibExtrospectTestProd.sol

@@ -0,0 +1,13 @@
+// SPDX-License-Identifier: LicenseRef-DCL-1.0
+// SPDX-FileCopyrightText: Copyright (c) 2020 Rain Open Source Software Ltd
+pragma solidity ^0.8.25;
+
+import {Vm} from "forge-std/StdCheats.sol";
+
+library LibExtrospectTestProd {
+    uint256 constant PROD_TEST_BLOCK_NUMBER_ARBITRUM = 424463066;
+
+    function createSelectForkArbitrum(Vm vm) internal {
+        vm.createSelectFork(vm.envString("RPC_URL_ARBITRUM_FORK"), PROD_TEST_BLOCK_NUMBER_ARBITRUM);
+    }
+}

test/src/concrete/Extrospection.ERC1167Proxy.t.sol

@@ -26,8 +26,9 @@ contract ExtrospectionERC1167ProxyTest is Test {
         // Proxy can't be extrospection, otherwise we'll etch over it.
         vm.assume(proxy != address(extrospection));
         // Proxy can't be a precompile either.
-        vm.assume(uint160(proxy) > 10);
-        // Force incorrect proxy implementation into the proxy address.
+        vm.assume(uint160(proxy) > type(uint160).max / 2);
+        vm.assume(proxy.code.length == 0);
+
         vm.etch(proxy, bytecode);
 
         (bool result, address implementation) = extrospection.isERC1167Proxy(proxy);