Skip to content

feat: add system config consensus to deprecate clique #72

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ranchalp wants to merge 3 commits into from
Closed

feat: add system config consensus to deprecate clique #72

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9cfaad5
Create and initialize SystemSignerRegistry keeping track of signers
ranchalp Jan 15, 2025
03dc404
Keep only curent signer
ranchalp Jan 16, 2025
77c6e58
Deploy and Initialize L1 System Config
ranchalp Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 25 additions & 1 deletion scripts/foundry/InitializeL1ScrollOwner.s.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ import {ScrollChain} from "../../src/L1/rollup/ScrollChain.sol";
import {ScrollOwner} from "../../src/misc/ScrollOwner.sol";
import {Whitelist} from "../../src/L2/predeploys/Whitelist.sol";

import {SystemSignerRegistry} from "../../src/L1/system-contract/SystemSignerRegistry.sol";


// solhint-disable max-states-count
// solhint-disable state-visibility
// solhint-disable var-name-mixedcase
Expand Down Expand Up @@ -63,6 +66,9 @@ contract InitializeL1ScrollOwner is Script {
address L1_ENFORCED_TX_GATEWAY_PROXY_ADDR = vm.envAddress("L1_ENFORCED_TX_GATEWAY_PROXY_ADDR");
address L1_WHITELIST_ADDR = vm.envAddress("L1_WHITELIST_ADDR");

address SYSTEM_CONTRACT_ADDR = vm.envAddress("SYSTEM_CONTRACT_ADDR");


ScrollOwner owner;

function run() external {
Expand All @@ -81,7 +87,8 @@ contract InitializeL1ScrollOwner is Script {
configL1GatewayRouter();
configL1CustomERC20Gateway();
configL1ERC721Gateway();
configL1ERC1155Gateway();
configL1ERC1155Gateway();
configSystemContract();

configL1USDCGateway();
configEnforcedTxGateway();
Expand Down Expand Up @@ -272,4 +279,21 @@ contract InitializeL1ScrollOwner is Script {
owner.updateAccess(L1_ENFORCED_TX_GATEWAY_PROXY_ADDR, _selectors, SCROLL_MULTISIG_NO_DELAY_ROLE, true);
owner.updateAccess(L1_ENFORCED_TX_GATEWAY_PROXY_ADDR, _selectors, EMERGENCY_MULTISIG_NO_DELAY_ROLE, true);
}

function configSystemContract() internal {
// If we already have deployed it, just do:
SystemSignerRegistry sys = SystemSignerRegistry(SYSTEM_CONTRACT_ADDR);

// sys has a normal constructor that set the "owner" to `ScrollOwner`.
// Now we want to let the Security Council call `addSigner(...)` with no delay.
bytes4[] memory selectors = new bytes4[](1);
selectors[0] = sys.addSigner.selector;

owner.updateAccess(
SYSTEM_CONTRACT_ADDR, // the system contract
selectors, // array of function selectors (onlyOwner)
SECURITY_COUNCIL_NO_DELAY_ROLE,
true
);
}
}
2 changes: 1 addition & 1 deletion src/L1/L1ScrollMessenger.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
// SPDX-License-Identifier: MIT

pragma solidity =0.8.24;

import {IScrollChain} from "./rollup/IScrollChain.sol";
Expand All @@ -10,6 +9,7 @@ import {IScrollMessenger} from "../libraries/IScrollMessenger.sol";
import {ScrollMessengerBase} from "../libraries/ScrollMessengerBase.sol";
import {WithdrawTrieVerifier} from "../libraries/verifier/WithdrawTrieVerifier.sol";


import {IMessageDropCallback} from "../libraries/callbacks/IMessageDropCallback.sol";

// solhint-disable avoid-low-level-calls
Expand Down
65 changes: 65 additions & 0 deletions src/L1/system-contract/SystemSignerRegistry.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
// SPDX-License-Identifier: MIT
pragma solidity =0.8.24;

import "@openzeppelin/contracts/access/Ownable.sol";

/**
* @dev Example "SystemSignerRegistry" storing `(startBlock, signer)` pairs.
* The getSigners() function returns parallel arrays for block numbers and addresses,
*
*/
contract SystemSignerRegistry is Ownable {
Copy link
Contributor

@Thegaram Thegaram Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to make this upgradable?

Copy link
Contributor

@Thegaram Thegaram Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not model this after OP's? https://github.com/ethereum-optimism/optimism/blob/develop/packages/contracts-bedrock/src/L1/SystemConfig.sol (see for example _setUnsafeBlockSigner).

@zimpha what do you think about storing multiple configs here (including gas coefficients, max gas limit, etc.)? Or is that too expensive gas-wise?

Copy link
Member

@zimpha zimpha Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can add these config here, we can pack related parameters into single uint256. Then the gas overhead will be minimum.

Copy link
Contributor

@Thegaram Thegaram Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant the gas overhead of CALL (e.g. systemContract.getGasParams()), not just SLOAD, is that acceptable?

struct Signer {
uint64 startBlock;
Copy link
Contributor

@Thegaram Thegaram Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't we decide against having the startBlock here?

Copy link

@jonastheis jonastheis Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

iirc we discussed it here but didn't reach a conclusion

Copy link
Contributor Author

@ranchalp ranchalp Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did not know that had been discussed (missed that slack conversation), and had not thought of the eventual syncing from L1 thing.

I guess it technically works, but I would advice to explicitly list a blockNum (even if we have power to decide whatever blockNum we want). The reason is that otherwise the zkproof must accept any of two valid keys for commits that happened after a transition from an old signer to the new one (since for all L1 knows the change happened at the first block after the previous commit or at the last one of the current commit?).

I do agree though that it is easier to implement for now to just allow switching and accept blocks in this transitional commit from either of the signers.

Copy link
Contributor

@Thegaram Thegaram Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason is that otherwise the zkproof must accept any of two valid keys

Which zkproof do you mean? If you mean when we finalize bundles, currently we don't prove anything about the block signatures.

Copy link
Contributor Author

@ranchalp ranchalp Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I see. Let me put it back with one signer then and forget about this orderly switching with blockNum for now (bringing it back in the future probably).

address signer;
}

Signer[] private signers;
Copy link
Contributor

@Thegaram Thegaram Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Signer[] private signers;
mapping (address => bool) public isAuthorizedSigner;

Copy link
Contributor

@Thegaram Thegaram Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to consider how l2geth will read this contract.

  • If it just polls the latest state asking "am I authorized?", then a mapping is suitable.
  • If it just polls the latest state asking "what is the list of current authorized signers?", then an array is suitable.
  • If it fetches events, then I'd still go with mapping.

Copy link
Member

@zimpha zimpha Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will we have multiple authorized signer in the same time?

Copy link
Contributor Author

@ranchalp ranchalp Jan 16, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, we should not have multiple authorized signers at the same time in this implementation: a new key will replace the old one even if specifying the same blockNum, although for this I need to make the list in DESC order. (if we go with the easier, optimism-like implementation, then we have multiple authorized sequencers actually, i.e. see this other comment).

Copy link
Contributor

@Thegaram Thegaram Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having multiple makes key rotation a bit more convenient. But if we want to keep it simple, we can also just have one (currentAuthorizedSigner).


constructor(address _owner) {
_transferOwnership(_owner);
}

/**
* @dev Add a (startBlock, signer) pair. Only the owner can do this.
*/
function addSigner(uint64 _startBlock, address _signer) external onlyOwner {
require(_signer != address(0), "Zero address not allowed");
signers.push(Signer({startBlock: _startBlock, signer: _signer}));
}

/**
* @dev Remove a signer by matching both startBlock & signer, or just signer (you choose).
*
*/
function removeSigner(uint64 _startBlock, address _signer) external onlyOwner {
uint256 length = signers.length;
for (uint256 i = 0; i < length; i++) {
// If you only want to match signer, ignore _startBlock
if (signers[i].startBlock == _startBlock && signers[i].signer == _signer) {
if (i < length - 1) {
signers[i] = signers[length - 1];
}
signers.pop();
return;
}
}
revert("Signer not found");
}

/**
* @dev Return two parallel arrays: blockNumbers and signers.
*
*/
function getSigners() external view returns (uint64[] memory, address[] memory) {
uint256 len = signers.length;
uint64[] memory blocks = new uint64[](len);
address[] memory addrs = new address[](len);

for (uint256 i = 0; i < len; i++) {
blocks[i] = signers[i].startBlock;
addrs[i] = signers[i].signer;
}
return (blocks, addrs);
}
}
Loading