From 7fe3bd50fe60c54b2a79fc98a69c2472dd75c284 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Fri, 21 Jun 2024 11:13:17 +0900 Subject: [PATCH 1/3] improve prover config validation Signed-off-by: Jun Kimura --- relay/config.go | 6 ++++-- relay/operator.go | 7 ++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/relay/config.go b/relay/config.go index 0019773..cb07664 100644 --- a/relay/config.go +++ b/relay/config.go @@ -106,10 +106,12 @@ func (pc ProverConfig) Validate() error { if l := len(pc.Operators); l > 1 { return fmt.Errorf("Operators: currently only one or zero(=permissionless) operator is supported, but got %v", l) } - if pc.OperatorsEip712Params != nil { + if len(pc.Operators) > 0 || pc.OperatorsEip712Params != nil { if pc.OperatorSigner == nil { - return fmt.Errorf("OperatorSigner must be set if OperatorsEip712Params is set") + return fmt.Errorf("OperatorSigner must be set if Operators or OperatorsEip712Params is set") } + } + if pc.OperatorsEip712Params != nil { signerConfig, ok := pc.OperatorSigner.GetCachedValue().(signer.SignerConfig) if !ok { return fmt.Errorf("failed to cast OperatorSigner's config: %T", pc.OperatorSigner.GetCachedValue()) diff --git a/relay/operator.go b/relay/operator.go index caceb1a..c3fc621 100644 --- a/relay/operator.go +++ b/relay/operator.go @@ -17,7 +17,7 @@ import ( ) func (pr *Prover) IsOperatorEnabled() bool { - return pr.eip712Signer != nil && pr.config.OperatorsEip712Params != nil + return len(pr.config.Operators) > 0 } func (pr *Prover) GetOperators() ([]common.Address, error) { @@ -41,6 +41,11 @@ func (pr *Prover) GetOperatorsThreshold() Fraction { } func (pr *Prover) updateOperators(counterparty core.Chain, nonce uint64, newOperators []common.Address, threshold Fraction) error { + if !pr.IsOperatorEnabled() { + return fmt.Errorf("operator is not enabled") + } else if pr.config.OperatorsEip712Params == nil { + return fmt.Errorf("operator EIP712 parameters are not set") + } if nonce == 0 { return fmt.Errorf("invalid nonce: %v", nonce) } From 79d6a1d0d58a18ac9def6661bc7c8be63a994d5a Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Fri, 21 Jun 2024 11:23:24 +0900 Subject: [PATCH 2/3] fix to create an ELC after building client state and consensus state Signed-off-by: Jun Kimura --- relay/prover.go | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/relay/prover.go b/relay/prover.go index c771c22..fb2ede0 100644 --- a/relay/prover.go +++ b/relay/prover.go @@ -109,12 +109,6 @@ func (pr *Prover) GetChainID() string { // These states will be submitted to the counterparty chain as MsgCreateClient. // If `height` is nil, the latest finalized height is selected automatically. func (pr *Prover) CreateInitialLightClientState(height exported.Height) (exported.ClientState, exported.ConsensusState, error) { - if res, err := pr.createELC(pr.config.ElcClientId, height); err != nil { - return nil, nil, fmt.Errorf("failed to create ELC: %w", err) - } else if res == nil { - pr.getLogger().Info("no need to create ELC", "elc_client_id", pr.config.ElcClientId) - } - ops, err := pr.GetOperators() if err != nil { return nil, nil, err @@ -123,6 +117,7 @@ func (pr *Prover) CreateInitialLightClientState(height exported.Height) (exporte for _, op := range ops { operators = append(operators, op.Bytes()) } + clientState := &lcptypes.ClientState{ LatestHeight: clienttypes.Height{}, Mrenclave: pr.config.GetMrenclave(), @@ -135,6 +130,13 @@ func (pr *Prover) CreateInitialLightClientState(height exported.Height) (exporte OperatorsThresholdDenominator: pr.GetOperatorsThreshold().Denominator, } consensusState := &lcptypes.ConsensusState{} + + if res, err := pr.createELC(pr.config.ElcClientId, height); err != nil { + return nil, nil, fmt.Errorf("failed to create ELC: %w", err) + } else if res == nil { + pr.getLogger().Info("no need to create ELC", "elc_client_id", pr.config.ElcClientId) + } + // NOTE after creates client, register an enclave key into the client state return clientState, consensusState, nil } From f1f19bc70cd93844bd816c8c78fa668883770a0b Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Fri, 21 Jun 2024 11:36:35 +0900 Subject: [PATCH 3/3] improve operator config validations Signed-off-by: Jun Kimura --- relay/config.go | 30 +++++++++++++++++++++++++----- relay/operator.go | 17 ++++++++++++----- 2 files changed, 37 insertions(+), 10 deletions(-) diff --git a/relay/config.go b/relay/config.go index cb07664..cf81563 100644 --- a/relay/config.go +++ b/relay/config.go @@ -105,19 +105,39 @@ func (pc ProverConfig) Validate() error { } if l := len(pc.Operators); l > 1 { return fmt.Errorf("Operators: currently only one or zero(=permissionless) operator is supported, but got %v", l) + } else if l == 0 { + return nil } - if len(pc.Operators) > 0 || pc.OperatorsEip712Params != nil { - if pc.OperatorSigner == nil { - return fmt.Errorf("OperatorSigner must be set if Operators or OperatorsEip712Params is set") - } + + // ----- operators config validation ----- + + if pc.OperatorSigner == nil { + return fmt.Errorf("OperatorSigner must be set if Operators or OperatorsEip712Params is set") } - if pc.OperatorsEip712Params != nil { + { signerConfig, ok := pc.OperatorSigner.GetCachedValue().(signer.SignerConfig) if !ok { return fmt.Errorf("failed to cast OperatorSigner's config: %T", pc.OperatorSigner.GetCachedValue()) } else if err := signerConfig.Validate(); err != nil { return fmt.Errorf("failed to validate the OperatorSigner's config: %v", err) } + signer, err := signerConfig.Build() + if err != nil { + return fmt.Errorf("failed to build the OperatorSigner: %v", err) + } + addr, err := NewEIP712Signer(signer).GetSignerAddress() + if err != nil { + return fmt.Errorf("failed to get the OperatorSigner's address: %v", err) + } + op, err := decodeOperatorAddress(pc.Operators[0]) + if err != nil { + return fmt.Errorf("failed to decode operator address: %v", err) + } + if addr != op { + return fmt.Errorf("OperatorSigner's address must be equal to the first operator's address: %v != %v", addr, op) + } + } + if pc.OperatorsEip712Params != nil { switch params := pc.OperatorsEip712Params.(type) { case *ProverConfig_OperatorsEip712EvmChainParams: if params.OperatorsEip712EvmChainParams.ChainId == 0 { diff --git a/relay/operator.go b/relay/operator.go index c3fc621..d09c597 100644 --- a/relay/operator.go +++ b/relay/operator.go @@ -22,12 +22,11 @@ func (pr *Prover) IsOperatorEnabled() bool { func (pr *Prover) GetOperators() ([]common.Address, error) { var operators []common.Address - for _, operator := range pr.config.Operators { - addrStr := strings.TrimPrefix(operator, "0x") - if len(addrStr) != 40 { - return nil, fmt.Errorf("invalid operator address length %v", len(addrStr)) + for i, operator := range pr.config.Operators { + addr, err := decodeOperatorAddress(operator) + if err != nil { + return nil, fmt.Errorf("failed to decode operator address: index=%v, operator=%v %w", i, operator, err) } - addr := common.HexToAddress(operator) operators = append(operators, addr) } return operators, nil @@ -144,3 +143,11 @@ func (s EIP712Signer) GetSignerAddress() (common.Address, error) { } return crypto.PubkeyToAddress(*pubKey), nil } + +func decodeOperatorAddress(s string) (common.Address, error) { + addrStr := strings.TrimPrefix(s, "0x") + if len(addrStr) != 40 { + return common.Address{}, fmt.Errorf("invalid operator address length %v", len(addrStr)) + } + return common.HexToAddress(s), nil +}