Skip to content

Fallback Inbox contract changes #278

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 32 commits into
base: celo-integration-rebase-14.1
Choose a base branch
from
Open

Fallback Inbox contract changes #278

wants to merge 32 commits into from

Conversation

@philippecamacho
Copy link
Collaborator

@philippecamacho philippecamacho commented Nov 14, 2025
edited
Loading

Closes https://app.asana.com/1/1208976916964769/project/1209423958092927/task/1211849813289225?focus=true

This PR:

  • Make changes to the Inbox contract so that it allows two batchers. The specification of this contract change can be found at https://eng-wiki.espressosys.com/mainch36.html#:Components:Base%20Layer%20Batch%20Validation:Batch%20Inbox%20Contract (see paragraph "Allowing different batchers")
  • Extend the CI test suite to run L1 contract tests
  • Remove the concept of preapproved batcher key and replace it with the non TEE batcher key, while introducing the TEE batcher key.
  • Remove test TestRotateBatcherKey as the batcher key rotation will happen in the Inbox contract.
  • NOT RELATED to the fallback inbox contract changes, but the circle ci tests that are failing have been deactivated for now. We can reactivate them later once they pass.

This PR does not:

  • Implement the full fallback mechanism. This will be addressed in another PR.

Key places to review:

  • Focus on the smart contract changes, in particular packages/contracts-bedrock/test/L1/BatchInbox.t.sol.

How to test this PR:

cd packages/contracts-bedrock/
forge test  --match-path test/L1/BatchInbox.t.sol

Things tested

  • The core logic of the new inbox contract with about handling two batchers and allowing to switch from one to another. See packages/contracts-bedrock/test/L1/BatchInbox.t.sol.

@philippecamacho philippecamacho mentioned this pull request Nov 14, 2025
Closed
@philippecamacho philippecamacho force-pushed the philippe/fallback-contracts-change-new branch from b09bfab to 62d96d3 Compare November 14, 2025 20:06
@philippecamacho philippecamacho marked this pull request as ready for review November 15, 2025 15:18
dailinsubjam
dailinsubjam reviewed Nov 18, 2025
View reviewed changes
@philippecamacho
Changes to the inbox contract. Test TestBatchInbox_SwitchActiveBatche…
d624920 
…r passing.
@philippecamacho
Fix logical error in the Inbox contract.
2f577a9
@philippecamacho
Fix golint errors
5cd563c
@philippecamacho
Remove unneeded changes.
621381c
@philippecamacho
Fix configuration
c6d0463
@philippecamacho
Inbox contract unit test.
204b7f9
@philippecamacho
Remove integration test for Inbox contract that was confusing.
506396c
@philippecamacho
Fix solidity formatting.
2959348
@philippecamacho
Fix configuration
df974d8
@philippecamacho
Run the L1 contracts tests in CI.
487ffef
@philippecamacho
Pinpoint forge version
cc9fc85
@philippecamacho
Trying to fix configuration issue for e2e tests.
6d1e500
@philippecamacho
Small configuration change.
1fc082c
@philippecamacho
Swapping batchers in batch inbox contract constructor.
17b53ca
@philippecamacho
Remove redundant concept of preApprovedBatcherKey.
eb79980
@philippecamacho
Document BatchInbox.sol contract.
82c66f0
@philippecamacho
Add a test to ensure the TEE and non TEE batchers addresses are diffe…
4db44a4 
…rent.
@philippecamacho
Check formatting before running the tests.
6c255c2
@philippecamacho
Ensure the devnet uses two different addresses for the TEE and non TE…
a0a3974 
…E batchers.
@philippecamacho
Improve handling of configuration variables.
c5675ec
@philippecamacho
Allow two batcher having the same address.
6088792
@philippecamacho
Only authenticate batcher in Inbox contract for the non TEE case.
dcbdf2f
@philippecamacho philippecamacho force-pushed the philippe/fallback-contracts-change-new branch from fcd5832 to 9af9291 Compare November 26, 2025 16:47
shenkeyao
shenkeyao reviewed Nov 26, 2025
View reviewed changes
packages/contracts-bedrock/test/L1/BatchInbox.t.sol
contract MockBatchAuthenticator {
mapping(bytes32 => bool) private validHashes;

function setValidBatchInfo(bytes32 hash, bool valid) external {
Copy link
Member

@shenkeyao shenkeyao Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Similar to the comment above, setBatchValidity might be a better name.

packages/contracts-bedrock/test/L1/BatchInbox.t.sol
/// @title MockBatchAuthenticator
/// @notice Mock implementation for testing - only implements validBatchInfo
contract MockBatchAuthenticator {
mapping(bytes32 => bool) private validHashes;
Copy link
Member

@shenkeyao shenkeyao Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: hashValidities might be a more accurate name since the mapped bool might be false.

packages/contracts-bedrock/test/L1/BatchInbox.t.sol
validHashes[hash] = valid;
}

function validBatchInfo(bytes32 hash) external view returns (bool) {
Copy link
Member

@shenkeyao shenkeyao Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Similar to the comment above, batchValidity might be a better name.

packages/contracts-bedrock/test/L1/BatchInbox.t.sol

function setUp() public virtual {
authenticator = new MockBatchAuthenticator();
inbox = new BatchInbox(nonTeeBatcher, IBatchAuthenticator(address(authenticator)), deployer);
Copy link
Member

@shenkeyao shenkeyao Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will test_fallback_nonTeeBatcherDoesNotRequireAuth fail if we don't construct a BatchInbox with the nonTeeBatcher here, similar to test_fallback_unauthorizedAddressReverts? If so, do we have any setup for the teeBatcher? I guess there is, otherwise there's no way to distinguish authorized vs. unauthorized batchers, but I just don't find it in this file.

These are questions to check my understanding, not requesting any changes.

op-e2e/config/init.go
if allocType == AllocTypeEspressoWithoutEnclave {
batcherPk, err := crypto.HexToECDSA(ESPRESSO_PRE_APPROVED_BATCHER_PRIVATE_KEY)
// Configure Espresso allocation types
if allocType == AllocTypeEspresso || allocType == AllocTypeEspressoWithoutEnclave || allocType == AllocTypeEspressoWithEnclave {
Copy link
Member

@shenkeyao shenkeyao Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we have AllocTypeEspresso when we also have *WithEnclave and *WithoutEnclave?

Copy link
Member

@shenkeyao shenkeyao Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh AllocTypeEspresso isn't introduced in this PR. @QuentinI looks like these three types were added from these two PRs on the same day: #110 and #144. Maybe there was some merge weirdness and we only wanted to keep the With and Without types?

op-e2e/config/init.go
if allocType == AllocTypeEspressoWithEnclave {
intent.Chains[0].EspressoEnabled = true
intent.Chains[0].NonTeeBatcher = crypto.PubkeyToAddress(batcherPk.PublicKey)
intent.Chains[0].TeeBatcher = crypto.PubkeyToAddress(batcherPk.PublicKey)
Copy link
Member

@shenkeyao shenkeyao Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it for simplicity that we now set TeeBatcher even when allocType == AllocTypeEspressoWithoutEnclave? I think it's fine to set but not use it--just wanted to make sure it's intentional to put it in this condition clause.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dailinsubjam dailinsubjam dailinsubjam left review comments

@shenkeyao shenkeyao shenkeyao left review comments

@alysiahuggins alysiahuggins Awaiting requested review from alysiahuggins

@QuentinI QuentinI Awaiting requested review from QuentinI

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@philippecamacho @dailinsubjam @shenkeyao