-
Notifications
You must be signed in to change notification settings - Fork 12
op-node+op-batcher: replace fallback-auth lead time with derivation-side enforcement delay #468
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from 3 commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -119,21 +119,21 @@ func (ds *BlobDataSource) open(ctx context.Context) ([]blobOrCalldata, error) { | |
| // creates a placeholder blobOrCalldata element for each returned blob hash that must be populated | ||
| // by fillBlobPointers after blob bodies are retrieved. | ||
| // | ||
| // Pre-Espresso (the L1 origin time of `ref` is < *EspressoTime, or unset), | ||
| // this runs upstream Optimism semantics: filter by batch inbox + sender == | ||
| // batcher. | ||
| // Before Espresso event-auth is enforced (Espresso inactive at the L1 origin time of | ||
| // `ref`, or within BatchAuthEnforcementDelay of activation), this runs upstream | ||
| // Optimism semantics: filter by batch inbox + sender == batcher. | ||
| // | ||
| // Post-Espresso, it collects all authenticated batch hashes from a lookback | ||
| // Once enforced, it collects all authenticated batch hashes from a lookback | ||
| // window once and rejects any batch whose commitment hash is not in the | ||
| // authenticated set. For blob transactions, the batch hash is computed from | ||
| // the concatenated blob versioned hashes. | ||
| func dataAndHashesFromTxs(ctx context.Context, txs types.Transactions, config *DataSourceConfig, batcherAddr common.Address, fetcher L1Fetcher, ref eth.L1BlockRef, logger log.Logger) ([]blobOrCalldata, []common.Hash, error) { | ||
| // Only collect authenticated batch commitments when the Espresso fork is | ||
| // active at the L1 origin time of the block we're scanning. Pre-fork, the | ||
| // upstream sender-based authorization path is used and authenticatedHashes | ||
| // is unused. | ||
| // Only collect authenticated batch commitments once event-based authentication is | ||
| // enforced at the L1 origin time of the block we're scanning (Espresso active plus | ||
| // the enforcement grace period). Before that, the upstream sender-based | ||
| // authorization path is used and authenticatedHashes is unused. | ||
| var authenticatedHashes map[common.Hash]common.Address | ||
| if config.rollupCfg.IsEspresso(ref.Time) { | ||
| if isEspressoAuthEnforced(config.rollupCfg, ref.Time) { | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
For chains that switch the BatchAuthenticator to a non-SystemConfig Espresso/TEE batcher at Useful? React with 👍 / 👎. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't see this as a major issue, the espresso hardfork is a one off event and it's easy for us to co-ordinate when to enable the espresso batcher. |
||
| var err error | ||
| authenticatedHashes, err = CollectAuthenticatedBatches( | ||
| ctx, fetcher, ref, config.rollupCfg.BatchAuthenticatorAddress, config.batchAuthCaches, logger, | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -165,12 +165,13 @@ func isAuthorizedBatchSender(tx *types.Transaction, l1Signer types.Signer, batch | |
| // block (passed as l1OriginTime), mirroring the data-source layer's ecotoneTime | ||
| // treatment. | ||
| // | ||
| // Pre-Espresso (l1OriginTime < *EspressoTime, or unset): | ||
| // Before enforcement (Espresso inactive, or within BatchAuthEnforcementDelay of | ||
| // activation): | ||
| // | ||
| // upstream behavior — the L1 sender of the transaction must match the configured | ||
| // batcher address. The authenticatedHashes map is unused. | ||
| // | ||
| // Post-Espresso: | ||
| // Once enforced: | ||
| // | ||
| // the batch's commitment hash must appear in authenticatedHashes (i.e. a | ||
| // BatchInfoAuthenticated event was emitted for this commitment within the | ||
|
|
@@ -188,8 +189,9 @@ func isBatchTxAuthorized( | |
| l1OriginTime uint64, | ||
| logger log.Logger, | ||
| ) bool { | ||
| if !dsCfg.rollupCfg.IsEspresso(l1OriginTime) { | ||
| // Pre-fork: upstream sender-based authorization. | ||
| if !isEspressoAuthEnforced(dsCfg.rollupCfg, l1OriginTime) { | ||
| // Pre-enforcement (pre-fork or within the grace period): upstream | ||
| // sender-based authorization. | ||
| return isAuthorizedBatchSender(tx, dsCfg.l1Signer, batcherAddr, logger) | ||
| } | ||
| // Post-fork: the commitment must have been authenticated within the lookback window. | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This comment is now not fully correct
Collaborator
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Good catch! |
||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.