From 643bd17c393503ae685df465e58b450192731a6d Mon Sep 17 00:00:00 2001 From: Daniel Wang <99078276+dantaik@users.noreply.github.com> Date: Tue, 2 Apr 2024 21:13:33 +0800 Subject: [PATCH] fix(protocol): fix guardian prover (#16606) --- .../contracts/L1/provers/GuardianProver.sol | 21 ++++++++++++------- .../contracts/verifiers/GuardianVerifier.sol | 12 ++++++++--- .../test/L1/TaikoL1LibProvingWithTiers.t.sol | 2 +- .../test/verifiers/GuardianVerifier.t.sol | 8 ++++--- .../protocol/test/verifiers/SgxVerifier.t.sol | 3 ++- 5 files changed, 31 insertions(+), 15 deletions(-) diff --git a/packages/protocol/contracts/L1/provers/GuardianProver.sol b/packages/protocol/contracts/L1/provers/GuardianProver.sol index 6ef953849e4..4b997364b72 100644 --- a/packages/protocol/contracts/L1/provers/GuardianProver.sol +++ b/packages/protocol/contracts/L1/provers/GuardianProver.sol @@ -15,8 +15,13 @@ contract GuardianProver is Guardians { /// @param blockId The block ID. /// @param blockHash The block hash. /// @param approved If the proof is approved. + /// @param proofData The proof data. event GuardianApproval( - address indexed addr, uint256 indexed blockId, bytes32 blockHash, bool approved + address indexed addr, + uint256 indexed blockId, + bytes32 indexed blockHash, + bool approved, + bytes proofData ); /// @notice Initializes the contract. @@ -30,8 +35,7 @@ contract GuardianProver is Guardians { /// @param _meta The block's metadata. /// @param _tran The valid transition. /// @param _proof The tier proof. - /// @return approved_ If the minimum number of participants sent the same proof, and proving - /// transaction is fired away returns true, false otherwise. + /// @return approved_ True if the minimum number of approval is acquired, false otherwise. function approve( TaikoData.BlockMetadata calldata _meta, TaikoData.Transition calldata _tran, @@ -42,15 +46,18 @@ contract GuardianProver is Guardians { nonReentrant returns (bool approved_) { - if (_proof.tier != LibTiers.TIER_GUARDIAN) revert INVALID_PROOF(); - bytes32 hash = keccak256(abi.encode(_meta, _tran)); + if (_proof.tier != LibTiers.TIER_GUARDIAN) { + revert INVALID_PROOF(); + } + + bytes32 hash = keccak256(abi.encode(_meta, _tran, _proof.data)); approved_ = approve(_meta.id, hash); + emit GuardianApproval(msg.sender, _meta.id, _tran.blockHash, approved_, _proof.data); + if (approved_) { deleteApproval(hash); ITaikoL1(resolve("taiko", false)).proveBlock(_meta.id, abi.encode(_meta, _tran, _proof)); } - - emit GuardianApproval(msg.sender, _meta.id, _tran.blockHash, approved_); } } diff --git a/packages/protocol/contracts/verifiers/GuardianVerifier.sol b/packages/protocol/contracts/verifiers/GuardianVerifier.sol index 26f1bcd5d61..6153d59c9b4 100644 --- a/packages/protocol/contracts/verifiers/GuardianVerifier.sol +++ b/packages/protocol/contracts/verifiers/GuardianVerifier.sol @@ -2,6 +2,7 @@ pragma solidity 0.8.24; import "../common/EssentialContract.sol"; +import "../L1/tiers/ITierProvider.sol"; import "./IVerifier.sol"; /// @title GuardianVerifier @@ -9,7 +10,8 @@ import "./IVerifier.sol"; contract GuardianVerifier is EssentialContract, IVerifier { uint256[50] private __gap; - error PERMISSION_DENIED(); + error GV_INVALID_PROOF(); + error GV_PERMISSION_DENIED(); /// @notice Initializes the contract. /// @param _owner The owner of this contract. msg.sender will be used if this value is zero. @@ -22,13 +24,17 @@ contract GuardianVerifier is EssentialContract, IVerifier { function verifyProof( Context calldata _ctx, TaikoData.Transition calldata, - TaikoData.TierProof calldata + TaikoData.TierProof calldata _proof ) external view { + if (_proof.tier != LibTiers.TIER_GUARDIAN) { + revert GV_INVALID_PROOF(); + } + if (_ctx.msgSender != resolve("guardian_prover", false)) { - revert PERMISSION_DENIED(); + revert GV_PERMISSION_DENIED(); } } } diff --git a/packages/protocol/test/L1/TaikoL1LibProvingWithTiers.t.sol b/packages/protocol/test/L1/TaikoL1LibProvingWithTiers.t.sol index 1d945354559..c18de722d62 100644 --- a/packages/protocol/test/L1/TaikoL1LibProvingWithTiers.t.sol +++ b/packages/protocol/test/L1/TaikoL1LibProvingWithTiers.t.sol @@ -624,7 +624,7 @@ contract TaikoL1LibProvingWithTiers is TaikoL1TestBase { blockHash, stateRoot, LibTiers.TIER_GUARDIAN, - GuardianVerifier.PERMISSION_DENIED.selector + GuardianVerifier.GV_PERMISSION_DENIED.selector ); vm.roll(block.number + 15 * 12); diff --git a/packages/protocol/test/verifiers/GuardianVerifier.t.sol b/packages/protocol/test/verifiers/GuardianVerifier.t.sol index 62da3490899..ea10d791d0e 100644 --- a/packages/protocol/test/verifiers/GuardianVerifier.t.sol +++ b/packages/protocol/test/verifiers/GuardianVerifier.t.sol @@ -37,7 +37,8 @@ contract TestGuardianVerifier is TaikoL1TestBase { }); // TierProof - TaikoData.TierProof memory proof = TaikoData.TierProof({ tier: 0, data: "" }); + TaikoData.TierProof memory proof = + TaikoData.TierProof({ tier: LibTiers.TIER_GUARDIAN, data: "" }); // `verifyProof()` gv.verifyProof(ctx, transition, proof); @@ -65,10 +66,11 @@ contract TestGuardianVerifier is TaikoL1TestBase { }); // TierProof - TaikoData.TierProof memory proof = TaikoData.TierProof({ tier: 0, data: "" }); + TaikoData.TierProof memory proof = + TaikoData.TierProof({ tier: LibTiers.TIER_GUARDIAN, data: "" }); // `verifyProof()` with invalid ctx.prover - vm.expectRevert(GuardianVerifier.PERMISSION_DENIED.selector); + vm.expectRevert(GuardianVerifier.GV_PERMISSION_DENIED.selector); gv.verifyProof(ctx, transition, proof); } } diff --git a/packages/protocol/test/verifiers/SgxVerifier.t.sol b/packages/protocol/test/verifiers/SgxVerifier.t.sol index 84fad1104fe..116c9e6c119 100644 --- a/packages/protocol/test/verifiers/SgxVerifier.t.sol +++ b/packages/protocol/test/verifiers/SgxVerifier.t.sol @@ -255,7 +255,8 @@ contract TestSgxVerifier is TaikoL1TestBase, AttestationBase { }); // TierProof - TaikoData.TierProof memory proof = TaikoData.TierProof({ tier: 0, data: "" }); + TaikoData.TierProof memory proof = + TaikoData.TierProof({ tier: LibTiers.TIER_GUARDIAN, data: "" }); // `verifyProof()` sv.verifyProof(ctx, transition, proof);