`msg.sender` during deploy scripts is not EOA wallet addr

[calnix]

Component

Forge

Have you ensured that all of these are up to date?

• [X] Foundry
• [X] Foundryup

What version of Foundry are you on?

forge 0.2.0

What command(s) is the bug in?

forge script script/Deploy.s.sol:DeployHome --rpc-url sepolia --broadcast --verify -vvvv --etherscan-api-key sepolia

Operating System

Windows

Describe the bug

Ref repo: https://github.com/calnix/X-ChainToken/blob/main/script/Deploy.s.sol

I was initially running the deploy script above, using msg.sender as a param for variables such as delegate and owner, which are then passed into respective contracts, constructors.

• On deployment, I expected msg.sender to be my wallet address which is 0xdE05a1Abb121113a33eeD248BD91ddC254d5E9Db
• Instead, in some cases it was 0x1804c8AB1F12E6bbf3894d4083f33e07309d1f38. I have no idea where this address comes from.

At first, this effect was sporadic - first two contracts on sepolia were fine, but the remote contract on Polygon had a wonky msg.sender.

Subsequently, it became more pronounced, and I hardcoded my address instead of using msg.sender.

(Using windows 10, natively; without WSL)

[ramenforbreakfast]

To pinpoint exactly what issue you are encountering, you'll need to be more specific about how you've configured your wallet at 0xdE05..., are you using a env var, keystore, or ledger?

I don't exactly have your issue but I've been researching today on how forge decides who broadcasts a transaction when vm.broadcast is called and this might be helpful to you https://github.com/foundry-rs/foundry/pull/7454.

In that PR, they've updated the docs to be more clear on how a signer is chosen (you'll also probably want to update foundry since this seems to be a recent addition)

/// Broadcasting address is determined by checking the following in order:
/// 1. If `--sender` argument was provided, that address is used.
/// 2. If exactly one signer (e.g. private key, hw wallet, keystore) is set when `forge broadcast` is invoked, that signer is used.
/// 3. Otherwise, default foundry sender (1804c8AB1F12E6bbf3894d4083f33e07309d1f38) is used.

As a sidenote, does anyone know how the docs at https://book.getfoundry.sh get updated? #7454 looks like it was merged, yet I see the same outdated explanation for the broadcast cheatcode here https://book.getfoundry.sh/cheatcodes/broadcast

I would also like clarification on how someone can retrieve the broadcasting address? #7454 claimed to have solved the issue where --sender had to be specified in addition to --account, which it did. However, msg.sender will still return the default foundry sender, thus while I can verify after the fact that indeed the script is broadcasting using my keystore wallet, I can't log or check within the script that forge is using broadcast address I intended.

[zerosnacks]

Tentatively marking as resolved by https://github.com/foundry-rs/foundry/pull/7454

@ramenforbreakfast thanks for your comment, indeed the rules for determining the sender are as follows:

    /// Broadcasting address is determined by checking the following in order:
    /// 1. If `--sender` argument was provided, that address is used.
    /// 2. If exactly one signer (e.g. private key, hw wallet, keystore) is set when `forge broadcast` is invoked, that signer is used.
    /// 3. Otherwise, default foundry sender (1804c8AB1F12E6bbf3894d4083f33e07309d1f38) is used.

When deploying without a --sender specified we now throw a warning:

Error: 
You seem to be using Foundry's default sender. Be sure to set your own --sender.

Without more details on the specific deployment flow it is difficult to narrow this down. Feel free to re-open with a minimal reproduction example.

[mhxw]

I encountered the same issue with the latest version. I didn’t use the --sender flag, and I would like to deploy the code without specifying --sender. @zerosnacks

• version

  foundryup: installed - forge 0.2.0 (e16a75b 2024-09-15T00:22:35.343615000Z)
  foundryup: installed - cast 0.2.0 (e16a75b 2024-09-15T00:22:35.330620000Z)
  foundryup: installed - anvil 0.2.0 (e16a75b 2024-09-15T00:22:35.371909000Z)
  foundryup: installed - chisel 0.2.0 (e16a75b 2024-09-15T00:22:35.317955000Z)

• code

  contract DeployContract is BaseScript {
  error InvalidAddress(address normal, address thrower, address txOrigin);
  
  function run() external {
        uint256 deployerPrivateKey = vm.envUint("PRIVATE_KEY");
  
        address deployer = vm.rememberKey(deployerPrivateKey);
        vm.startBroadcast(deployer);
  
        if (msg.sender != deployer) {
            revert InvalidAddress(deployer, msg.sender, tx.origin);
        }
        ...
  }

• command

  forge fmt && forge clean && forge build
  source .env
  forge script script/Deploy.s.sol \
  --rpc-url $BASE_SEPOLIA_RPC_URL \
  -vvvv

forge fmt && forge clean && forge build && source .env
forge script script/Deploy.s.sol \
--rpc-url $BASE_SEPOLIA_RPC_URL \
--broadcast \
--verify \
--etherscan-api-key $BASE_SEPOLIA_KEY \
-vvvv

• error