remove claim ownership

Author: tac0turtle

contracts/script/GenerateAdminProxyAlloc.s.sol

@@ -6,40 +6,56 @@ import {AdminProxy} from "../src/AdminProxy.sol";
 
 /// @title GenerateAdminProxyAlloc
 /// @notice Generates genesis alloc JSON for deploying AdminProxy at a deterministic address
-/// @dev Run with: forge script script/GenerateAdminProxyAlloc.s.sol -vvv
+/// @dev Run with: OWNER=0xYourAddress forge script script/GenerateAdminProxyAlloc.s.sol -vvv
 ///
 /// This script outputs the bytecode and storage layout needed to deploy AdminProxy
-/// in the genesis block. The contract is deployed with owner = address(0), allowing
-/// the first caller to claim ownership post-genesis.
+/// in the genesis block. The owner is set directly in storage slot 0.
 ///
 /// Usage:
-/// 1. Run this script to get the bytecode
-/// 2. Add to genesis.json alloc section at desired address (e.g., 0x...AD00)
-/// 3. Set that address as mintAdmin in chainspec config
+/// 1. Set OWNER env var to your initial admin EOA address
+/// 2. Run this script to get the bytecode and storage
+/// 3. Add to genesis.json alloc section at desired address (e.g., 0x...Ad00)
+/// 4. Set that address as mintAdmin in chainspec config
 contract GenerateAdminProxyAlloc is Script {
     // Suggested deterministic address for AdminProxy
     // Using a memorable address in the precompile-adjacent range
     address constant SUGGESTED_ADDRESS = 0x000000000000000000000000000000000000Ad00;
 
     function run() external {
+        // Get owner from environment, default to zero if not set
+        address owner = vm.envOr("OWNER", address(0));
+
         // Deploy to get runtime bytecode
         AdminProxy proxy = new AdminProxy();
 
         // Get runtime bytecode (not creation code)
         bytes memory runtimeCode = address(proxy).code;
 
+        // Convert owner to storage slot value (left-padded to 32 bytes)
+        bytes32 ownerSlotValue = bytes32(uint256(uint160(owner)));
+
         console.log("========== AdminProxy Genesis Alloc ==========");
         console.log("");
         console.log("Suggested address:", SUGGESTED_ADDRESS);
+        console.log("Owner (from OWNER env):", owner);
         console.log("");
+
+        if (owner == address(0)) {
+            console.log("WARNING: OWNER not set! Set OWNER env var to your admin EOA.");
+            console.log("Example: OWNER=0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266 forge script ...");
+            console.log("");
+        }
+
         console.log("Add this to your genesis.json 'alloc' section:");
         console.log("");
         console.log("{");
         console.log('  "alloc": {');
         console.log('    "000000000000000000000000000000000000Ad00": {');
         console.log('      "balance": "0x0",');
         console.log('      "code": "0x%s",', vm.toString(runtimeCode));
-        console.log('      "storage": {}');
+        console.log('      "storage": {');
+        console.log('        "0x0": "0x%s"', vm.toString(ownerSlotValue));
+        console.log("      }");
         console.log("    }");
         console.log("  }");
         console.log("}");
@@ -58,30 +74,37 @@ contract GenerateAdminProxyAlloc is Script {
         console.log("==============================================");
         console.log("");
         console.log("Post-genesis steps:");
-        console.log("1. Call claimOwnership() from desired EOA");
+        console.log("1. Owner can immediately use the proxy (no claiming needed)");
         console.log("2. Deploy multisig (e.g., Safe)");
         console.log("3. Call transferOwnership(multisigAddress)");
         console.log("4. From multisig, call acceptOwnership()");
         console.log("");
 
         // Also output raw values for programmatic use
         console.log("Raw bytecode length:", runtimeCode.length);
+        console.log("Owner storage slot (0x0):", vm.toString(ownerSlotValue));
     }
 }
 
 /// @title GenerateAdminProxyAllocJSON
 /// @notice Outputs just the JSON snippet for easy copy-paste
+/// @dev Run with: OWNER=0xYourAddress forge script script/GenerateAdminProxyAlloc.s.sol:GenerateAdminProxyAllocJSON -vvv
 contract GenerateAdminProxyAllocJSON is Script {
     function run() external {
+        address owner = vm.envOr("OWNER", address(0));
+
         AdminProxy proxy = new AdminProxy();
         bytes memory runtimeCode = address(proxy).code;
+        bytes32 ownerSlotValue = bytes32(uint256(uint160(owner)));
 
         // Output minimal JSON that can be merged into genesis
         string memory json = string(
             abi.encodePacked(
                 '{"000000000000000000000000000000000000Ad00":{"balance":"0x0","code":"0x',
                 vm.toString(runtimeCode),
-                '","storage":{}}}'
+                '","storage":{"0x0":"0x',
+                vm.toString(ownerSlotValue),
+                '"}}}'
             )
         );
 

contracts/src/AdminProxy.sol

@@ -3,18 +3,22 @@ pragma solidity ^0.8.24;
 
 /// @title AdminProxy
 /// @notice A proxy contract for managing admin rights to precompiles and other contracts.
-/// @dev Deployed at genesis with zero owner, allowing first-come claim. Supports two-step
+/// @dev Deployed at genesis with owner set via storage slot. Supports two-step
 /// ownership transfer for safe handoff to multisigs or other governance contracts.
 ///
 /// This contract solves the bootstrap problem where admin addresses (e.g., multisigs)
 /// are not known at genesis time. The proxy is set as admin in the chainspec, and
-/// ownership can be claimed and transferred post-genesis.
+/// an initial EOA owner is set in genesis storage. Post-genesis, ownership can be
+/// transferred to a multisig.
+///
+/// Storage Layout:
+///   - Slot 0: owner (address)
+///   - Slot 1: pendingOwner (address)
 ///
 /// Usage:
-/// 1. Deploy at genesis with zero owner (via genesis alloc)
+/// 1. Deploy at genesis via alloc with owner set in storage slot 0
 /// 2. Set proxy address as `mintAdmin` in chainspec and as FeeVault owner
-/// 3. Post-genesis: call claimOwnership() to become initial owner
-/// 4. Deploy multisig, then transferOwnership() -> acceptOwnership() to hand off
+/// 3. Post-genesis: deploy multisig, then transferOwnership() -> acceptOwnership()
 contract AdminProxy {
     /// @notice Current owner of the proxy
     address public owner;
@@ -51,18 +55,9 @@ contract AdminProxy {
         _;
     }
 
-    /// @notice Initialize with zero owner - first caller can claim ownership
-    constructor() {
-        owner = address(0);
-    }
-
-    /// @notice Claim ownership when owner is zero (genesis bootstrap)
-    /// @dev Can only be called once, when owner is address(0)
-    function claimOwnership() external {
-        if (owner != address(0)) revert NotOwner();
-        owner = msg.sender;
-        emit OwnershipTransferred(address(0), msg.sender);
-    }
+    /// @notice Constructor is empty - owner is set via genesis storage slot 0
+    /// @dev When deploying at genesis, set storage["0x0"] to the owner address
+    constructor() {}
 
     /// @notice Start two-step ownership transfer
     /// @param newOwner Address of the new owner (e.g., multisig)