johba/harb
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: address review feedback for #769

Browse source 
- Apply PRIVATE_KEY env-var fallback to UpgradeOptimizer.sol (missed in first pass)
- Add comment on zero-sentinel silent-fallback behaviour in all four scripts
- Remove spurious view modifier from BaseDeploy.run() (violated by vm.readFile)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
openhands 2026-03-19 00:26:04 +00:00
parent 9632693b8a
commit db6abda17e
4 changed files with 14 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
onchain/script/BaseDeploy.sol
View file

@ -3,8 +3,9 @@ pragma solidity ^0.8.19;
import "forge-std/Script.sol"; import "forge-std/Script.sol";
contract BaseDeploy is Script { contract BaseDeploy is Script {
function run() public view { function run() public {
// Base data // Base data
// PRIVATE_KEY=0 / empty silently falls back to .secret (0 is an invalid secp256k1 key).
uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0));
if (privateKey == 0) { if (privateKey == 0) {
string memory seedPhrase = vm.readFile(".secret"); string memory seedPhrase = vm.readFile(".secret");

1
onchain/script/BootstrapVWAPPhase2.s.sol
View file

@ -36,6 +36,7 @@ contract BootstrapVWAPPhase2 is Script {
address lmAddress = vm.envAddress("LM_ADDRESS"); address lmAddress = vm.envAddress("LM_ADDRESS");
LiquidityManager lm = LiquidityManager(payable(lmAddress)); LiquidityManager lm = LiquidityManager(payable(lmAddress));
// PRIVATE_KEY=0 / empty silently falls back to .secret (0 is an invalid secp256k1 key).
uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0));
if (privateKey == 0) { if (privateKey == 0) {
string memory seedPhrase = vm.readFile(".secret"); string memory seedPhrase = vm.readFile(".secret");

1
onchain/script/DeployBase.sol
View file

@ -37,6 +37,7 @@ contract DeployBase is Script {
IUniswapV3Pool public pool; IUniswapV3Pool public pool;
function run() public { function run() public {
// PRIVATE_KEY=0 / empty silently falls back to .secret (0 is an invalid secp256k1 key).
uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0)); uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0));
if (privateKey == 0) { if (privateKey == 0) {
string memory seedPhrase = vm.readFile(".secret"); string memory seedPhrase = vm.readFile(".secret");

12
onchain/script/UpgradeOptimizer.sol
View file

@ -12,6 +12,10 @@ import "forge-std/Script.sol";
* OPTIMIZER_PROXY=0x... forge script script/UpgradeOptimizer.sol \ * OPTIMIZER_PROXY=0x... forge script script/UpgradeOptimizer.sol \
* --rpc-url <RPC_URL> --broadcast * --rpc-url <RPC_URL> --broadcast
* *
* Key injection (checked in order):
* 1. PRIVATE_KEY env var (hex private key for CI/CD)
* 2. .secret file (BIP-39 seed phrase for local use)
*
* The caller must be the proxy admin (the address that called initialize()). * The caller must be the proxy admin (the address that called initialize()).
*/ */
contract UpgradeOptimizer is Script { contract UpgradeOptimizer is Script {
@ -19,8 +23,12 @@ contract UpgradeOptimizer is Script {
address proxyAddress = vm.envAddress("OPTIMIZER_PROXY"); address proxyAddress = vm.envAddress("OPTIMIZER_PROXY");
require(proxyAddress != address(0), "OPTIMIZER_PROXY env var required"); require(proxyAddress != address(0), "OPTIMIZER_PROXY env var required");
string memory seedPhrase = vm.readFile(".secret"); // PRIVATE_KEY=0 / empty silently falls back to .secret (0 is an invalid secp256k1 key).
uint256 privateKey = vm.deriveKey(seedPhrase, 0); uint256 privateKey = vm.envOr("PRIVATE_KEY", uint256(0));
if (privateKey == 0) {
string memory seedPhrase = vm.readFile(".secret");
privateKey = vm.deriveKey(seedPhrase, 0);
}
vm.startBroadcast(privateKey); vm.startBroadcast(privateKey);
address sender = vm.addr(privateKey); address sender = vm.addr(privateKey);