Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(protocol): Introduce oracle and system prover concept #13729

Merged
1 change: 1 addition & 0 deletions packages/protocol/contracts/L1/TaikoConfig.sol
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ library TaikoConfig {
maxBytesPerTxList: 120000,
minTxGasLimit: 21000,
proofCooldownPeriod: 30 minutes,
systemProofCooldownPeriod: 15 minutes,
// Only need 1 real zkp per 10 blocks.
// If block number is N, then only when N % 10 == 0, the real ZKP
// is needed. For mainnet, this must be 0 or 1.
Expand Down
3 changes: 2 additions & 1 deletion packages/protocol/contracts/L1/TaikoData.sol
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ library TaikoData {
uint256 minTxGasLimit;
uint256 txListCacheExpiry;
uint256 proofCooldownPeriod;
uint256 systemProofCooldownPeriod;
uint256 realProofSkipSize;
uint256 ethDepositGas;
uint256 ethDepositMaxFee;
Expand Down Expand Up @@ -93,7 +94,7 @@ library TaikoData {
bytes32 blockHash;
bytes32 signalRoot;
uint64 provenAt;
address prover; // 0x0 to mark as 'oracle proof'
address prover;
uint32 gasUsed;
}

Expand Down
3 changes: 3 additions & 0 deletions packages/protocol/contracts/L1/TaikoErrors.sol
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,14 @@ abstract contract TaikoErrors {
error L1_INVALID_ETH_DEPOSIT();
error L1_INVALID_EVIDENCE();
error L1_INVALID_METADATA();
error L1_INVALID_OVERWRITE();
error L1_INVALID_PARAM();
error L1_INVALID_PROOF();
error L1_INVALID_SYSTEM_PROVER_CONFIG();
error L1_NOT_ORACLE_PROVER();
error L1_ORACLE_DISABLED();
error L1_SAME_PROOF();
error L1_SYSTEM_PROOF_PROHIBTED();
error L1_TOO_MANY_BLOCKS();
error L1_TX_LIST_NOT_EXIST();
error L1_TX_LIST_HASH();
Expand Down
91 changes: 54 additions & 37 deletions packages/protocol/contracts/L1/libs/LibProving.sol
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,14 @@ library LibProving {
error L1_BLOCK_ID();
error L1_EVIDENCE_MISMATCH(bytes32 expected, bytes32 actual);
error L1_FORK_CHOICE_NOT_FOUND();
error L1_INVALID_PROOF();
error L1_INVALID_EVIDENCE();
error L1_INVALID_OVERWRITE();
error L1_INVALID_PROOF();
error L1_ORACLE_DISABLED();
error L1_SYSTEM_PROOF_PROHIBTED();
error L1_NOT_ORACLE_PROVER();
error L1_SAME_PROOF();
error L1_SYSTEM_PROOF_DISABLED();

function proveBlock(
TaikoData.State storage state,
Expand Down Expand Up @@ -60,42 +63,40 @@ library LibProving {
if (blk.metaHash != evidence.metaHash)
revert L1_EVIDENCE_MISMATCH(blk.metaHash, evidence.metaHash);

// Separate between oracle proof (which needs to be overwritten) and non-oracle but system proofs
address specialProver;
if (evidence.prover == address(0)) {
address oracleProver = resolver.resolve("oracle_prover", true);
if (oracleProver == address(0)) revert L1_ORACLE_DISABLED();

if (msg.sender != oracleProver) {
if (evidence.proof.length != 64) {
revert L1_NOT_ORACLE_PROVER();
} else {
uint8 v = uint8(evidence.verifierId);
bytes32 r;
bytes32 s;
bytes memory data = evidence.proof;
assembly {
r := mload(add(data, 32))
s := mload(add(data, 64))
}

// clear the proof before hashing evidence
evidence.verifierId = 0;
evidence.proof = new bytes(0);

if (
oracleProver !=
ecrecover(keccak256(abi.encode(evidence)), v, r, s)
) revert L1_NOT_ORACLE_PROVER();
}
}
specialProver = resolver.resolve("oracle_prover", false);
} else if (evidence.prover == address(1)) {
specialProver = resolver.resolve("system_prover", false);

if (
config.realProofSkipSize > 1 &&
blockId % config.realProofSkipSize != 0
) {
// For this block, real ZKP is not necessary, so the oracle
// proof will be treated as a real proof (by setting the prover
// to a non-zero value)
evidence.prover = oracleProver;
config.realProofSkipSize <= 1 ||
blockId % config.realProofSkipSize == 0
) revert L1_SYSTEM_PROOF_PROHIBTED();
}

if (specialProver != address(0) && msg.sender != specialProver) {
if (evidence.proof.length != 64) {
revert L1_NOT_ORACLE_PROVER();
} else {
uint8 v = uint8(evidence.verifierId);
bytes32 r;
bytes32 s;
bytes memory data = evidence.proof;
assembly {
r := mload(add(data, 32))
s := mload(add(data, 64))
}

// clear the proof before hashing evidence
evidence.verifierId = 0;
evidence.proof = new bytes(0);

if (
specialProver !=
ecrecover(keccak256(abi.encode(evidence)), v, r, s)
) revert L1_NOT_ORACLE_PROVER();
dantaik marked this conversation as resolved.
Show resolved Hide resolved
}
}

Expand Down Expand Up @@ -129,15 +130,30 @@ library LibProving {
] = fcId;
}
} else if (evidence.prover == address(0)) {
// This is the branch the oracle prover is trying to overwrite
fc = blk.forkChoices[fcId];

if (
fc.blockHash == evidence.blockHash &&
fc.signalRoot == evidence.signalRoot &&
fc.gasUsed == evidence.gasUsed
) revert L1_SAME_PROOF();
} else {
revert L1_ALREADY_PROVEN();
// This is the branch provers trying to overwrite
fc = blk.forkChoices[fcId];
// Only allow overwrite in case:
// - previous prover is oracle prover or system proof
dantaik marked this conversation as resolved.
Show resolved Hide resolved
// (the latter can be verified without being overwritten)
// - and blockHash/signalRoot/gasUsed are matching
// Revert otherwise.

if (fc.prover != address(0) && fc.prover != address(1))
Brechtpd marked this conversation as resolved.
Show resolved Hide resolved
revert L1_ALREADY_PROVEN();
davidtaikocha marked this conversation as resolved.
Show resolved Hide resolved

if (
fc.blockHash != evidence.blockHash ||
fc.signalRoot != evidence.signalRoot ||
fc.gasUsed != evidence.gasUsed
) revert L1_INVALID_OVERWRITE();
}

fc.blockHash = evidence.blockHash;
Expand All @@ -146,7 +162,8 @@ library LibProving {
fc.provenAt = uint64(block.timestamp);
fc.prover = evidence.prover;

if (evidence.prover != address(0)) {
// evidence.prover cannot be address(0) at this point - either oracle, system, or a regular prover
dantaik marked this conversation as resolved.
Show resolved Hide resolved
if (evidence.prover != address(1)) {
davidtaikocha marked this conversation as resolved.
Show resolved Hide resolved
uint256[9] memory inputs;

inputs[0] = uint256(
Expand Down
10 changes: 4 additions & 6 deletions packages/protocol/contracts/L1/libs/LibVerifying.sol
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@

pragma solidity ^0.8.18;

import {Test} from "forge-std/Test.sol";
import {console2} from "forge-std/console2.sol";
import {AddressResolver} from "../../common/AddressResolver.sol";
import {ISignalService} from "../../signal/ISignalService.sol";
import {LibTokenomics} from "./LibTokenomics.sol";
Expand Down Expand Up @@ -56,7 +58,6 @@ library LibVerifying {
config.proofTimeTarget == 0 ||
config.adjustmentQuotient == 0
) revert L1_INVALID_CONFIG();

uint64 timeNow = uint64(block.timestamp);
state.genesisHeight = uint64(block.number);
state.genesisTimestamp = timeNow;
Expand Down Expand Up @@ -97,8 +98,6 @@ library LibVerifying {
++i;
}

address oracleProver = resolver.resolve("oracle_prover", true);

while (i < state.numBlocks && processed < maxBlocks) {
blk = state.blocks[i % config.ringBufferSize];
assert(blk.blockId == i);
Expand All @@ -111,9 +110,8 @@ library LibVerifying {

if (fc.prover == address(0)) break;

uint256 proofCooldownPeriod = oracleProver == address(0) ||
fc.prover == oracleProver
? 0
uint256 proofCooldownPeriod = fc.prover == address(1)
davidtaikocha marked this conversation as resolved.
Show resolved Hide resolved
? config.systemProofCooldownPeriod
: config.proofCooldownPeriod;

if (block.timestamp < fc.provenAt + proofCooldownPeriod) break;
Expand Down
11 changes: 3 additions & 8 deletions packages/protocol/contracts/common/AddressResolver.sol
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ abstract contract AddressResolver {

error RESOLVER_DENIED();
error RESOLVER_INVALID_ADDR();
error RESOLVER_ZERO_ADDR(uint256 chainId, bytes32 name);

modifier onlyFromNamed(bytes32 name) {
if (msg.sender != resolve(name, false)) revert RESOLVER_DENIED();
Expand Down Expand Up @@ -81,13 +82,7 @@ abstract contract AddressResolver {
) private view returns (address payable addr) {
addr = payable(_addressManager.getAddress(chainId, name));

if (!allowZeroAddress) {
// We do not use custom error so this string-based
// error message is more helpful for diagnosis.
require(
addr != address(0),
string(abi.encode("AR:zeroAddr:", chainId, ".", name))
);
}
if (!allowZeroAddress && addr == address(0))
revert RESOLVER_ZERO_ADDR(chainId, name);
}
}
12 changes: 6 additions & 6 deletions packages/protocol/test/TaikoL1.sim.sol
Original file line number Diff line number Diff line change
Expand Up @@ -308,14 +308,14 @@ contract TaikoL1Simulation is TaikoL1TestBase {
];

proveBlock(
Bob,
Bob,
metas[blockId],
parentHashes[blockId],
parentGasUsed[blockId],
gasUsed[blockId],
blockHashes[blockId],
signalRoots[blockId],
false
signalRoots[blockId]
);
}
}
Expand Down Expand Up @@ -552,14 +552,14 @@ contract TaikoL1Simulation is TaikoL1TestBase {
];

proveBlock(
Bob,
Bob,
metas[blockId],
parentHashes[blockId],
parentGasUsed[blockId],
gasUsed[blockId],
blockHashes[blockId],
signalRoots[blockId],
false
signalRoots[blockId]
);
}
}
Expand Down Expand Up @@ -801,14 +801,14 @@ contract TaikoL1Simulation is TaikoL1TestBase {
];

proveBlock(
Bob,
Bob,
metas[blockId],
parentHashes[blockId],
parentGasUsed[blockId],
gasUsed[blockId],
blockHashes[blockId],
signalRoots[blockId],
false
signalRoots[blockId]
);
}
}
Expand Down
16 changes: 8 additions & 8 deletions packages/protocol/test/TaikoL1.t.sol
Original file line number Diff line number Diff line change
Expand Up @@ -73,14 +73,14 @@ contract TaikoL1Test is TaikoL1TestBase {
bytes32 blockHash = bytes32(1E10 + blockId);
bytes32 signalRoot = bytes32(1E9 + blockId);
proveBlock(
Bob,
Bob,
meta,
parentHash,
parentGasUsed,
gasUsed,
blockHash,
signalRoot,
false
signalRoot
);

verifyBlock(Carol, 1);
Expand Down Expand Up @@ -111,14 +111,14 @@ contract TaikoL1Test is TaikoL1TestBase {
bytes32 blockHash = bytes32(1E10 + blockId);
bytes32 signalRoot = bytes32(1E9 + blockId);
proveBlock(
Alice,
Alice,
meta,
parentHash,
parentGasUsed,
gasUsed,
blockHash,
signalRoot,
false
signalRoot
);
verifyBlock(Alice, 2);
parentHash = blockHash;
Expand Down Expand Up @@ -151,14 +151,14 @@ contract TaikoL1Test is TaikoL1TestBase {
bytes32 blockHash = bytes32(1E10 + blockId);
bytes32 signalRoot = bytes32(1E9 + blockId);
proveBlock(
Alice,
Alice,
meta,
parentHash,
parentGasUsed,
gasUsed,
blockHash,
signalRoot,
false
signalRoot
);
parentHash = blockHash;
parentGasUsed = gasUsed;
Expand Down Expand Up @@ -266,14 +266,14 @@ contract TaikoL1Test is TaikoL1TestBase {
signalRoot = bytes32(1E9 + blockId);

proveBlock(
Bob,
Bob,
meta,
parentHashes[blockId - 1],
blockId == 1 ? 0 : 1000000,
1000000,
blockHash,
signalRoot,
false
signalRoot
);
verifyBlock(Carol, 1);

Expand Down
Loading