From f1f19bc70cd93844bd816c8c78fa668883770a0b Mon Sep 17 00:00:00 2001
From: Jun Kimura <jun.kimura@datachain.jp>
Date: Fri, 21 Jun 2024 11:36:35 +0900
Subject: [PATCH] improve operator config validations

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>
---
 relay/config.go   | 30 +++++++++++++++++++++++++-----
 relay/operator.go | 17 ++++++++++++-----
 2 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/relay/config.go b/relay/config.go
index cb07664..cf81563 100644
--- a/relay/config.go
+++ b/relay/config.go
@@ -105,19 +105,39 @@ func (pc ProverConfig) Validate() error {
 	}
 	if l := len(pc.Operators); l > 1 {
 		return fmt.Errorf("Operators: currently only one or zero(=permissionless) operator is supported, but got %v", l)
+	} else if l == 0 {
+		return nil
 	}
-	if len(pc.Operators) > 0 || pc.OperatorsEip712Params != nil {
-		if pc.OperatorSigner == nil {
-			return fmt.Errorf("OperatorSigner must be set if Operators or OperatorsEip712Params is set")
-		}
+
+	// ----- operators config validation -----
+
+	if pc.OperatorSigner == nil {
+		return fmt.Errorf("OperatorSigner must be set if Operators or OperatorsEip712Params is set")
 	}
-	if pc.OperatorsEip712Params != nil {
+	{
 		signerConfig, ok := pc.OperatorSigner.GetCachedValue().(signer.SignerConfig)
 		if !ok {
 			return fmt.Errorf("failed to cast OperatorSigner's config: %T", pc.OperatorSigner.GetCachedValue())
 		} else if err := signerConfig.Validate(); err != nil {
 			return fmt.Errorf("failed to validate the OperatorSigner's config: %v", err)
 		}
+		signer, err := signerConfig.Build()
+		if err != nil {
+			return fmt.Errorf("failed to build the OperatorSigner: %v", err)
+		}
+		addr, err := NewEIP712Signer(signer).GetSignerAddress()
+		if err != nil {
+			return fmt.Errorf("failed to get the OperatorSigner's address: %v", err)
+		}
+		op, err := decodeOperatorAddress(pc.Operators[0])
+		if err != nil {
+			return fmt.Errorf("failed to decode operator address: %v", err)
+		}
+		if addr != op {
+			return fmt.Errorf("OperatorSigner's address must be equal to the first operator's address: %v != %v", addr, op)
+		}
+	}
+	if pc.OperatorsEip712Params != nil {
 		switch params := pc.OperatorsEip712Params.(type) {
 		case *ProverConfig_OperatorsEip712EvmChainParams:
 			if params.OperatorsEip712EvmChainParams.ChainId == 0 {
diff --git a/relay/operator.go b/relay/operator.go
index c3fc621..d09c597 100644
--- a/relay/operator.go
+++ b/relay/operator.go
@@ -22,12 +22,11 @@ func (pr *Prover) IsOperatorEnabled() bool {
 
 func (pr *Prover) GetOperators() ([]common.Address, error) {
 	var operators []common.Address
-	for _, operator := range pr.config.Operators {
-		addrStr := strings.TrimPrefix(operator, "0x")
-		if len(addrStr) != 40 {
-			return nil, fmt.Errorf("invalid operator address length %v", len(addrStr))
+	for i, operator := range pr.config.Operators {
+		addr, err := decodeOperatorAddress(operator)
+		if err != nil {
+			return nil, fmt.Errorf("failed to decode operator address: index=%v, operator=%v %w", i, operator, err)
 		}
-		addr := common.HexToAddress(operator)
 		operators = append(operators, addr)
 	}
 	return operators, nil
@@ -144,3 +143,11 @@ func (s EIP712Signer) GetSignerAddress() (common.Address, error) {
 	}
 	return crypto.PubkeyToAddress(*pubKey), nil
 }
+
+func decodeOperatorAddress(s string) (common.Address, error) {
+	addrStr := strings.TrimPrefix(s, "0x")
+	if len(addrStr) != 40 {
+		return common.Address{}, fmt.Errorf("invalid operator address length %v", len(addrStr))
+	}
+	return common.HexToAddress(s), nil
+}