feat: add proxy contract

[tac0turtle]

Description

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Performance improvement
• Refactoring

Related Issues

Fixes #(issue)

Checklist

• I have performed a self-review of my code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published

Testing

Additional Notes

[gemini-code-assist]

Summary of Changes

Hello @tac0turtle, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new AdminProxy smart contract designed to streamline the management of administrative privileges for various on-chain components, such as precompiles and other contracts. It addresses the challenge of bootstrapping administrative control in a new blockchain environment by allowing the contract to be deployed at genesis with no initial owner, enabling a secure first-come claim mechanism. The contract also facilitates safe transitions of ownership, particularly to multi-signature wallets, ensuring robust governance.

Highlights

• New AdminProxy Contract: Introduced the AdminProxy contract, designed to centralize and manage administrative rights for various on-chain components like precompiles and other contracts.
• Genesis Deployment Mechanism: Implemented a Solidity script (GenerateAdminProxyAlloc.s.sol) to generate genesis allocation JSON, enabling the AdminProxy to be deployed at a deterministic address with an initial zero owner, allowing for a secure first-come claim.
• Secure Ownership Management: The AdminProxy contract supports a robust two-step ownership transfer process (transferOwnership and acceptOwnership), facilitating safe handoff to multisig wallets or other governance contracts.
• Flexible Execution Capabilities: The proxy provides execute, executeBatch, and executeWithValue functions, allowing the owner to perform arbitrary calls on target contracts, including batch operations and transactions involving Ether.
• Comprehensive Test Coverage: A thorough test suite (AdminProxy.t.sol) has been added, covering all core functionalities including ownership lifecycle, various execution scenarios, and integration with mock precompiles and fee vaults.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[claude]

Claude finished @tac0turtle's task —— View job

---

Code Review: AdminProxy Contract Implementation

I've completed a thorough review of the AdminProxy contract and associated files. Overall, this is a well-designed and implemented solution for the genesis admin bootstrap problem. Here's my detailed analysis:

✅ Strengths

1. Solid Architecture & Problem Solution

• Clear problem statement: Solves the bootstrap problem where multisig admins can't be deployed at genesis
• Clean separation of concerns: Proxy pattern allows flexible ownership transitions
• Genesis-compatible design: Storage-based owner initialization eliminates race conditions

2. Security Best Practices

• Two-step ownership transfer: Prevents accidental transfers with transferOwnership() + acceptOwnership()
• Proper access control: onlyOwner modifier consistently applied
• Input validation: Zero address checks, array length validation
• Event emission: All critical state changes emit events for transparency

3. Comprehensive Testing

• Excellent test coverage: 453 lines covering all functionality
• Edge case testing: Tests error conditions, batch operations, integration scenarios
• Genesis simulation: test_GenesisSimulation_FullFlow() validates the complete lifecycle
• Mock implementations: Realistic testing with MockMintPrecompile and FeeVault integration

4. Documentation Quality

• Thorough documentation: 380-line markdown with detailed setup instructions
• Clear examples: Concrete usage patterns and code snippets
• Genesis integration guide: Step-by-step deployment instructions

⚠️ Issues & Recommendations

1. Critical Issue: CEI Pattern Violation

Location: contracts/src/AdminProxy.sol:74-76

The acceptOwnership() function violates the Checks-Effects-Interactions pattern:

// Current (problematic)
emit OwnershipTransferred(owner, msg.sender);  // Interaction
owner = msg.sender;                            // Effect
pendingOwner = address(0);                     // Effect

Recommendation: Move state changes before event emission:

address previousOwner = owner;
owner = msg.sender;
pendingOwner = address(0);
emit OwnershipTransferred(previousOwner, owner);

2. Script Maintainability Issues

Location: contracts/script/GenerateAdminProxyAlloc.s.sol:53,68

• Hardcoded addresses on lines 53 and 68 instead of using the SUGGESTED_ADDRESS constant
• Inconsistency risk if the constant is ever changed

Recommendation: Use the constant consistently:

console.log('      "mintAdmin": "%s",', vm.toString(SUGGESTED_ADDRESS));

3. Documentation Inconsistency

Location: docs/contracts/admin_proxy.md (multiple references)

The documentation contains references to a "claim mechanism" that was removed in commit 6947233. This creates confusion about the actual functionality.

Recommendation: Remove all references to claiming and clarify that ownership is set directly at genesis.

🔍 Minor Issues

4. Missing Custom Error

The existing reviews correctly identified that using NotOwner error in a hypothetical claim function would be misleading. While this function doesn't exist in the current implementation, consider adding specific errors for different failure scenarios.

5. Genesis File Enhancement Suggestion

Consider updating etc/ev-reth-genesis.json to include the AdminProxy allocation as a reference example, as suggested in the review comments.

✅ Code Quality Assessment

Performance: ✅ Excellent

• Minimal gas consumption with direct storage operations
• Batch operations for efficiency
• No unnecessary computational overhead

Security: ✅ Strong

• No obvious security vulnerabilities
• Proper access controls and input validation
• Two-step ownership transfer prevents common mistakes
• Genesis deployment eliminates front-running risks

Test Coverage: ✅ Comprehensive

• Unit tests for all functions
• Integration tests with real contract interactions
• Edge cases and error conditions covered
• Genesis simulation validates complete workflow

Maintainability: ✅ Good

• Clean, readable code with good documentation
• Modular design with clear responsibilities
• Well-structured test organization

🎯 Recommendations Summary

1. Fix CEI violation in acceptOwnership() (security best practice)
2. Use constants consistently in the script files (maintainability)
3. Clean up documentation to remove claim mechanism references (clarity)
4. Consider adding AdminProxy example to genesis file (usability)

📊 Overall Assessment

This is a high-quality implementation that successfully addresses a real architectural challenge. The code demonstrates strong Solidity knowledge, comprehensive testing practices, and thorough documentation. The identified issues are relatively minor and can be easily addressed.

Recommendation: ✅ Approve with minor fixes

The contract is ready for deployment once the CEI pattern issue is resolved. The other issues are non-blocking improvements for maintainability and documentation clarity.

---

Todo List

• Read and analyze all changed files
• Review AdminProxy contract implementation
• Examine test suite coverage and quality
• Check documentation and script files
• Provide comprehensive review feedback

[gemini-code-assist]

Code Review

This pull request introduces an AdminProxy contract, a utility script for genesis allocation, and a comprehensive test suite. The overall implementation is robust and well-tested. My feedback focuses on improving error clarity and maintainability in the AdminProxy contract and its associated script, and adhering to Solidity best practices.

[gemini-code-assist]

The NotOwner error is misleading in this context. The function should fail because ownership has already been claimed, not because the caller isn't the owner. Using a more specific custom error would improve the contract's clarity. For example, you could add error OwnershipAlreadyClaimed(); with the other custom errors and use it here.

        if (owner != address(0)) revert OwnershipAlreadyClaimed();

[gemini-code-assist]

To adhere to the Checks-Effects-Interactions (CEI) pattern, state modifications should occur before external interactions like emitting events. This is a security best practice that helps prevent reentrancy vulnerabilities, even if no direct exploit is apparent here.

        address previousOwner = owner;
        owner = msg.sender;
        pendingOwner = address(0);
        emit OwnershipTransferred(previousOwner, owner);

[damiannolan]

would generally agree

[damiannolan]

Looks excellent, really nice! Just one thing in the markdown doc that jumps out as inconsistent, otherwise LGTM.

Should we update the example genesis to include the admin proxy alloc and set it as mint admin? https://github.com/evstack/ev-reth/blob/main/etc/ev-reth-genesis.json
I'm fine with it either way I think, but it might be useful.

I think it would be good to link the AdminProxy doc and reference it in both the contracts README.md (https://github.com/evstack/ev-reth/blob/main/contracts/README.md) and also in the precompiles readme where the mint admin is mentioned it could be useful to link it too.

[damiannolan]

Fairly comprehensive, nice doc!

[damiannolan]

TIL that vm.prank() changes msg.sender in sol tests

[damiannolan]

What is this? Is this a relic from previous iteration, it seems to not align with the implementation

Suggests to me that at some point you were considering a claim mechanism for the admin proxy after genesis if the owner is 0x00

[damiannolan]

Ah, I see it was removed in 6947233, but this seems to have stuck around

[randygrok]

looks great! I think executeWithValue does not have error tests, with revert.