feat(ev-deployer): part 3 - add Permit2 contract support

[randygrok]

Summary

• Add Uniswap Permit2 as a genesis-deployable contract in ev-deployer
• Patch EIP-712 immutables (_CACHED_CHAIN_ID, _CACHED_DOMAIN_SEPARATOR) at genesis time
• Add contracts/lib/permit2 git submodule for source verification
• Add e2e test verifying bytecode deployment and DOMAIN_SEPARATOR() correctness

Test plan

• Unit tests pass (cargo test -p ev-deployer — 32 passed)
• Bytecode verification test matches compiled source
• E2e genesis test verifies Permit2 bytecode + DOMAIN_SEPARATOR() via RPC

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6bd2b753-2618-44b5-8ffe-3934bdedeb82

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch ev-deployer-part3-permit2

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Claude finished @randygrok's task —— View job

---

PR Review: Permit2 Contract Support

Review Tasks

• Read repository guidelines (CLAUDE.md)
• Analyze core Permit2 contract implementation
• Review configuration and integration changes
• Examine e2e test modifications
• Check for security vulnerabilities
• Assess performance considerations
• Evaluate test coverage
• Provide comprehensive feedback

Code Quality & Best Practices ✅

Overall Assessment: High quality implementation with well-structured code following Rust best practices.

Strengths:

• Excellent documentation with clear module-level comments explaining the purpose and implementation details
• Proper separation of concerns with dedicated modules for each contract type
• Comprehensive unit tests covering edge cases and security scenarios
• Consistent error handling using eyre throughout
• Good use of type safety with alloy_primitives types

Security Analysis ✅

No critical security vulnerabilities found. The implementation follows secure practices:

✅ Immutable Patching Security:

• /bin/ev-deployer/src/contracts/permit2.rs:74-90 - Proper EIP-712 domain separator calculation using trusted constants
• /bin/ev-deployer/src/contracts/immutables.rs:25-35 - Bounds checking prevents buffer overflows during bytecode patching
• Hardcoded bytecode offsets are validated against the actual compiled artifact (line 196 test)

✅ Configuration Validation:

• /bin/ev-deployer/src/config.rs:156-195 - Comprehensive validation prevents deployment with invalid configurations
• Address collision detection in genesis merge (line 73-75)

✅ Cryptographic Implementation:

• Correct EIP-712 type hash: keccak256("EIP712Domain(string name,uint256 chainId,address verifyingContract)") (line 61)
• Proper domain separator computation matching Permit2 specification (lines 78-85)

Performance Considerations ✅

Efficient implementation with minimal performance impact:

• Bytecode patching is done once at genesis time, not runtime
• Storage operations use BTreeMap for deterministic ordering
• Git submodule approach avoids duplication while enabling source verification

Test Coverage Assessment ⚠️

Strong unit test coverage but missing E2E validation:

✅ Excellent Unit Tests:

• permit2.rs:111-233 - Comprehensive test suite covering all scenarios
• Domain separator validation for different chain IDs and addresses
• Bytecode verification against source using forge (line 196)
• EIP-712 constant validation

⚠️ E2E Test Gap:

• Test plan shows E2E test is incomplete: "[ ] E2e genesis test verifies Permit2 bytecode + DOMAIN_SEPARATOR() via RPC"
• E2E test script has comprehensive Permit2 verification (lines 244-262) but PR description indicates it's not complete

Specific Code Review

permit2.rs Implementation: ⭐ Excellent

• Well-documented immutable offsets with clear mapping table (lines 6-17)
• Secure domain separator calculation following EIP-712 spec
• Proper error handling and bounds checking

Configuration Integration: ✅ Clean

• Simple Permit2Config with just address field (lines 121-126)
• Proper validation in genesis merge logic
• Clean integration in TOML configuration

E2E Test Coverage: ⚠️ Incomplete

• Comprehensive verification planned but marked as incomplete in PR description
• Expected domain separator is hardcoded correctly (line 259: 0x6cda538cafce36292a6ef27740629597f85f6716f5694d26d5c59fc1d07cfd95)

Recommendations

1. Complete E2E Testing - The E2E test appears well-implemented but needs to pass
2. Consider Documentation - Add deployment documentation explaining the canonical address choice
3. Submodule Pinning - Ensure the permit2 submodule is pinned to a specific commit for reproducibility

Minor Issues

Git Submodule Addition: ✅ Appropriate

• Adds Uniswap's official Permit2 repository for source verification
• Enables bytecode verification against canonical source

Configuration Changes: ✅ Consistent

• Follows existing patterns for contract configuration
• Proper TOML structure and validation

Final Assessment

This is a well-implemented feature that adds Permit2 support securely and efficiently. The code quality is high, security practices are followed, and the implementation is thorough. The main concern is completing the E2E test validation to ensure the deployment works correctly end-to-end.

Recommendation: Approve after E2E test completion ✅

---