feat: Use address instead of pubkeys for security council#3108
Open
ercecan wants to merge 14 commits intoneeds-auditfrom
Open
feat: Use address instead of pubkeys for security council#3108ercecan wants to merge 14 commits intoneeds-auditfrom
ercecan wants to merge 14 commits intoneeds-auditfrom
Conversation
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR implements a significant security upgrade by switching from public key-based signature verification to address-based verification for the security council, using EIP-712 structured messages. The change involves recovering public keys from signatures and comparing the derived Ethereum addresses against expected addresses stored in initial values.
Key Changes:
- Updated signature size from 64 to 65 bytes to include the recovery ID (v value) necessary for public key recovery
- Implemented public key recovery from signatures with proper handling of low-s normalization and recovery ID extraction
- Replaced all security council public key constants with Ethereum addresses across different networks (Mainnet, Testnet, Devnet, Nightly)
Reviewed changes
Copilot reviewed 8 out of 11 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
crates/sovereign-sdk/rollup-interface/src/state_machine/da.rs |
Updated signature size constant from 64 to 65 bytes with documentation |
crates/light-client-prover/src/circuit/method_id_verifier.rs |
Implemented public key recovery logic with proper error handling and address comparison |
crates/light-client-prover/src/circuit/initial_values.rs |
Replaced public key constants with Ethereum addresses for all networks |
crates/light-client-prover/src/circuit/mod.rs |
Updated function signatures to accept addresses instead of public keys |
crates/light-client-prover/src/tests/test_utils.rs |
Updated test utilities to generate addresses from public keys for testing |
crates/light-client-prover/src/tests/mod.rs |
Updated all test cases to use new address-based constants |
crates/light-client-prover/src/da_block_handler.rs |
Updated method call to use new address-based function |
guests/risc0/light-client-proof/bitcoin/src/bin/light_client_proof_bitcoin.rs |
Updated to use address-based constants and added alloy-primitives import |
guests/risc0/light-client-proof/bitcoin/Cargo.toml |
Added alloy-primitives dependency |
guests/risc0/light-client-proof/bitcoin/Cargo.lock |
Reflected dependency addition in lock file |
guests/risc0/light-client-proof/mock/src/bin/light_client_proof_mock.rs |
Updated to use new address-based constants |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Proving stats reportComparing patch(
|
Codecov Report❌ Patch coverage is
Additional details and impacted files
🚀 New features to boost your workflow:
|
…or-security-council
…or-security-council
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Initial pr for switching to eip712 structured message types for security council and lcp
Uses addresses instead of pubkeys to verify signatures, basically recovers pubkeys from signatures calculates the addresses and compares them