fix: reduce potential setOperatorReceiver spam by requiring valid pubkey ownership

Author: ZERGUCCI

src/pol/interfaces/IBlockRewardController.sol

@@ -167,8 +167,9 @@ interface IBlockRewardController is IPOLErrors {
 
     /**
      * @notice Sets or updates the receiver address for an operator's base BGT rewards
-     * @dev Only the operator can set their receiver
+     * @dev Only the operator associated with the provided pubkey can set their receiver
+     * @param pubkey The validator's public key used to retrieve the operator from the deposit contract
      * @param receiver The address that will receive base BGT rewards. Set to address(0) to receive rewards directly
      */
-    function setOperatorReceiver(address receiver) external;
+    function setOperatorReceiver(bytes calldata pubkey, address receiver) external;
 }

src/pol/rewards/BlockRewardController.sol

@@ -260,12 +260,21 @@ contract BlockRewardController is IBlockRewardController, OwnableUpgradeable, UU
 
     /**
      * @notice Sets or updates the receiver address for an operator's base BGT rewards
-     * @dev Only the operator can set their receiver
+     * @dev Only the operator associated with the provided pubkey can set their receiver
+     * @param pubkey The validator's public key used to retrieve the operator from the deposit contract
      * @param receiver The address that will receive base BGT rewards. Set to address(0) to receive rewards directly
      */
-    function setOperatorReceiver(address receiver) external {
-        address oldReceiver = operatorReceivers[msg.sender];
-        operatorReceivers[msg.sender] = receiver;
-        emit OperatorReceiverUpdated(msg.sender, oldReceiver, receiver);
+    function setOperatorReceiver(bytes calldata pubkey, address receiver) external {
+        // Get the operator address from the deposit contract using the provided pubkey
+        address operator = beaconDepositContract.getOperator(pubkey);
+        
+        // Ensure that only the operator can set their receiver
+        if (msg.sender != operator) {
+            NotOperator.selector.revertWith();
+        }
+        
+        address oldReceiver = operatorReceivers[operator];
+        operatorReceivers[operator] = receiver;
+        emit OperatorReceiverUpdated(operator, oldReceiver, receiver);
     }
 }

test/mock/pol/NoopBlockRewardController.sol

@@ -64,5 +64,5 @@ contract NoopBlockRewardController is IBlockRewardController {
     function setDistributor(address _distributor) external { }
 
     /// @inheritdoc IBlockRewardController
-    function setOperatorReceiver(address _receiver) external { }
+    function setOperatorReceiver(bytes calldata pubkey, address _receiver) external { }
 }

test/pol/BlockRewardController.t.sol

@@ -266,7 +266,7 @@ contract BlockRewardControllerTest is POLTest {
         address receiver = makeAddr("receiver");
         // Set receiver for operator
         vm.prank(operator);
-        blockRewardController.setOperatorReceiver(receiver);
+        blockRewardController.setOperatorReceiver(valData.pubkey, receiver);
 
         // Verify receiver is set correctly
         assertEq(blockRewardController.operatorReceivers(operator), receiver);
@@ -289,11 +289,11 @@ contract BlockRewardControllerTest is POLTest {
         address receiver = makeAddr("receiver");
         // First set a receiver
         vm.prank(operator);
-        blockRewardController.setOperatorReceiver(receiver);
+        blockRewardController.setOperatorReceiver(valData.pubkey, receiver);
 
         // Then clear it by setting to address(0)
         vm.prank(operator);
-        blockRewardController.setOperatorReceiver(address(0));
+        blockRewardController.setOperatorReceiver(valData.pubkey, address(0));
 
         // Verify receiver is cleared
         assertEq(blockRewardController.operatorReceivers(operator), address(0));
@@ -339,7 +339,7 @@ contract BlockRewardControllerTest is POLTest {
         // Setup receivers in BlockRewardController
         address receiver1 = makeAddr("receiver1");
         vm.prank(operator);
-        blockRewardController.setOperatorReceiver(receiver1);
+        blockRewardController.setOperatorReceiver(valData.pubkey, receiver1);
 
         // Don't set receiver for operator2
 
@@ -453,4 +453,27 @@ contract BlockRewardControllerTest is POLTest {
         amount = _bound(amount, 1, type(uint128).max / 2);
         _helper_ActivateBoost(user, user, pubkey, amount);
     }
+
+    /// @dev Should fail if not the operator tries to set receiver
+    function test_SetOperatorReceiver_FailIfNotOperator() public {
+        // Try to set receiver from a non-operator address
+        address nonOperator = makeAddr("nonOperator");
+        vm.prank(nonOperator);
+        vm.expectRevert(IPOLErrors.NotOperator.selector);
+        blockRewardController.setOperatorReceiver(valData.pubkey, address(1));
+    }
+
+    /// @dev Should successfully set operator receiver when called by the operator
+    function test_SetOperatorReceiver_Success() public {
+        address receiver = makeAddr("receiver");
+        
+        // Set receiver as the operator
+        vm.prank(operator);
+        vm.expectEmit(true, true, true, true);
+        emit IBlockRewardController.OperatorReceiverUpdated(operator, address(0), receiver);
+        blockRewardController.setOperatorReceiver(valData.pubkey, receiver);
+        
+        // Verify receiver is set correctly
+        assertEq(blockRewardController.operatorReceivers(operator), receiver);
+    }
 }