mds1
commented
1 month ago We can use the Tenderly simulation API for this. This may require users providing their own tenderly data (I believe TENDERLY_ACCESS_TOKEN, TENDERLY_USER, and TENDERLY_PROJECT_SLUG are the three components needed). This API will return JSON that contains everything shown in the UI. We can parse this to extract the domain and message hashes and ensure it matches what forge provides
In the _postCheck hooks (one in SignFromJson and one in NestedSignFromJson, we have access to the SimulationPayload which should be all the info needed for the simulation (aside from Tenderly API auth credentials)
To see a sample Tenderly response you can make a request to their API for an existing transaction hash: https://api.tenderly.co/api/v1/public-contract/{chainId}/trace/{txHash}. No API key is needed for existing transactions, and the data returned should be a nearly identical format to the simulation API
Recently, due to a bug fixed in https://github.com/base-org/contract-deployments/pull/166/files, we were getting different hashes sent to the ledger devices compared to the ones in the Tenderly simulation. It would be great if we can detect this by automatically checking the domain and message hashes sent to Ledger matches the ones in the simulation. This may require us to migrate away from Tenderly to a more programmatically parsable one.
See https://www.notion.so/oplabs/PM-48-Wrong-message-hash-sent-to-Signers-Ledger-during-an-L2-contract-upgrade-c893131d9daa440bad6fe09c848db54d for the original postmortem