Skip to content

feat: add aggchain params verification #1060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Oct 6, 2025
Merged

feat: add aggchain params verification #1060

merged 11 commits into from
Oct 6, 2025

Conversation

@goran-ethernal
Copy link
Contributor

@goran-ethernal goran-ethernal commented Sep 29, 2025
edited
Loading

🔄 Changes Summary

This PR adds verification of the aggchain params field on the FEP certificates.

It also separates the builder and verifier flows (PP and FEP).
Builder flows are used in aggsender-proposer to build certificates.
Verifier flows are used in aggsender-validator to verify certificates. Note here, that validator also needs to build certificates, so verifier flows inherit the builder flows as well. This makes them inherit their build certificate functions, and common fields which are needed in the verifier as well.

⚠️ Breaking Changes

NA

📋 Config Updates

Added new parameter to Validator.FEPConfig called OpNodeURL which is the URL to the op l2 node used for retreiving op data for FEP certificates:

[Validator.FEPConfig]
    OpNodeURL = "{{OpNodeURL}}"

✅ Testing

  • 🤖 Automatic: aggkit CI

🐞 Issues

@goran-ethernal goran-ethernal self-assigned this Sep 29, 2025
Copilot AI reviewed Sep 29, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds verification of the aggchain params field on FEP certificates by introducing a new verification step in the certificate validation process. The changes enable the validator to verify that the aggchain parameters in certificates match expected values computed from L1 and L2 network data.

  • Adds new VerifyAggchainData method to the AggsenderFlow interface and implements it for both PP and Aggchain prover flows
  • Introduces new GetAggregationProofPublicValuesData method to query aggregation proof data needed for verification
  • Updates configuration to include OpNodeURL parameter for connecting to OP L2 nodes

Reviewed Changes

Copilot reviewed 24 out of 25 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
config/default.go Adds OpNodeURL configuration parameter to FEP config template
cmd/run.go Updates validator instantiation to pass new aggchain FEP querier parameter
aggsender/validator/config.go Adds OpNodeURL field to FEPConfig struct
aggsender/validator/validate_certificate.go Implements aggchain data verification in certificate validation flow
aggsender/types/interfaces.go Adds VerifyAggchainData method to AggsenderFlow interface and GetAggregationProofPublicValuesData to AggchainFEPRollupQuerier
aggsender/flows/flow_*.go Implements VerifyAggchainData methods for both PP and Aggchain prover flows
aggsender/query/aggchain_fep_rollup_query.go Implements GetAggregationProofPublicValuesData method for aggchain FEP querying
aggsender/optimistic/*.go Refactors aggregation proof types from optimistichash package to types package

@goran-ethernal goran-ethernal force-pushed the feat/add-aggchain-params-verification branch 4 times, most recently from 3b5afe8 to a5592a5 Compare September 29, 2025 13:57
@goran-ethernal goran-ethernal marked this pull request as ready for review September 30, 2025 06:21
joanestebanr
joanestebanr reviewed Sep 30, 2025
View reviewed changes
Stefan-Ethernal
Stefan-Ethernal reviewed Sep 30, 2025
View reviewed changes
Stefan-Ethernal
Stefan-Ethernal approved these changes Sep 30, 2025
View reviewed changes
@goran-ethernal goran-ethernal force-pushed the feat/add-aggchain-params-verification branch from f9b748c to 41b70f8 Compare October 1, 2025 06:30
joanestebanr
joanestebanr reviewed Oct 2, 2025
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 3, 2025

Quality Gate Passed Quality Gate passed

Issues
7 New issues
0 Accepted issues

Measures
0 Security Hotspots
83.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

joanestebanr
joanestebanr reviewed Oct 3, 2025
View reviewed changes
@goran-ethernal goran-ethernal merged commit fbdd67c into feat/aggsender-multisig Oct 6, 2025
7 checks passed
@goran-ethernal goran-ethernal deleted the feat/add-aggchain-params-verification branch October 6, 2025 08:51
This was referenced Oct 6, 2025
Merged
Closed
Stefan-Ethernal added a commit that referenced this pull request Oct 10, 2025
@Stefan-Ethernal @goran-ethernal
@joanestebanr @rachit77 @temaniarpit27
feat: Aggsender multisig (#860)
aafe6cf 
## 🔄 Changes Summary

Enable the AggSender to work with multiple validator nodes in a
committee-based validation system. The implementation includes validator
services, multisig committee management, certificate validation
improvements, and enhanced gRPC communication protocols.

**Multisig Committee Support:** 
- Added `MultisigCommittee` type to manage signer sets and enforce
signature thresholds.
- Signers are represented as `SignerInfo` structs with both address and
URL for improved context and error reporting.
- Committee construction validates non-empty membership and non-zero
threshold, preventing misconfiguration.
- Dynamic signer management: methods for adding signers, duplicate
checks by address and URL.

**Aggsender Validator Refactor:**
- The Aggsender certificate validation flow was refactored to integrate
multisig logic.
- The multisig validation logic is applicable to both `PP` and `FEP`
certificates.
- Certificate validation now checks for contiguous certificates, last L2
block, and settlement status using new queries.
- Import bridge exit proof verification is handled via new logic using
`verifyClaimProofs`, ensuring only valid proofs pass.

**Certificate Metadata removal:**
- It is gone from the agglayer and therefore it is not sent anymore from
the aggsender either.
- Only thing worth noting is that, when calculating `CertificateID`,
instead of metadata field, which was used previously, we now use
`ZeroHash`.

**Smart contracts integration:**
- **AggchainFEP contract:** Removed querying of `TrustedSequencer`
address and rely on the signers committee instead
- **AggchainBase contract:** Retrieve the multisig committee from the
`AggchainBase` contract

**Agglayer integration:**
- Invoke the `GetNetworkState` API from agglayer to get the latest
settled imported bridge exit info.
- Multisig is populated into the certificate and sent to the Agglayer's
`SendCertificate` gRPC endpoint

## ⚠️ Breaking Changes
- 🛠️ **Config**: Make sure that `Mode` on the `Validator` and
`AggSender` are the same.
- 🔌 **API/CLI**: `aggkit` version (`v0.7.0`) that supports `multisig`
will now require updated contracts to run. At least version
`v12.1.0-rc.3` of `agglayer-contracts`, and a new version of `agglayer`
which supports `multisig`, which is the `v0.4.0` of `agglayer`.
- 🗑️ **Deprecated Features**: Aggsender Phase II validator signing logic

## 📋 Config Updates
- Added `AggSender.RequireCommitteeMembershipCheck = false` parameter,
which defines if a check on `aggsender proposer` startup will be
performed to see if the proposer is in the `multisig` committee.
- Added `Validator.RequireCommitteeMembershipCheck =
{{AggSender.RequireCommitteeMembershipCheck}}` parameter, which defines
if a check on `aggsender validator` startup will be performed to see if
the validator is in the `multisig` committee.
- Added `Validator.Mode = "PessimisticProof"` parameter, which acts the
same as the `AggSender.Mode`. It tells the validator that the network is
a `PP` network or an `FEP` network. It has to be the same as on
`aggsender proposer`.
- Added `Validator.FEPConfig.SovereignRollupAddr =
"{{AggSender.SovereignRollupAddr}}" parameter which is the address of
the `AggchainFEP` rollup on L1 for given network for which validator is
running.
- Added `Validator.FEPConfig.RequireNoBlockGap =
{{AggSender.RequireNoFEPBlockGap}}, which acts the same as the given
paremeter on `AggSender` (proposer) config, and tells the validator if
gaps in blocks in certificates are allowed in `FEP` network.

```toml
[AggSender]
RequireCommitteeMembershipCheck = false

[Validator]
# PessimisticProof or AggchainProof
Mode = "PessimisticProof"
RequireCommitteeMembershipCheck = {{AggSender.RequireCommitteeMembershipCheck}}
[Validator.FEPConfig]
	SovereignRollupAddr = "{{AggSender.SovereignRollupAddr}}"
	RequireNoBlockGap = "{{AggSender.RequireNoFEPBlockGap}}"
```

## ✅ Testing
- 🤖 **Automatic**: `aggkit` CI
- 🖱️ **Manual**: [Optional: Steps to verify]

## 🐞 Issues
- Closes #792 
## 🔗 Related PRs
- #814
- #832
- #838
- #839
- #843
- #842
- #846
- #858
- #847
- #865
- #861
- #863
- #875
- #876
- #881
- #877
- #898
- #920
- #913
- #926
- #945
- #951
- #954
- #957
- #955
- #974
- #978
- #985
- #989
- #984
- #998
- #1017
- #1028
- #1034
- #1024
- #1052
- #1067
- #1068
- #1050
- #1071
- #1072
- #1060
- #1087
- #1077
- #1073

---------

Co-authored-by: Goran Rojovic <[email protected]>
Co-authored-by: Goran Rojovic <[email protected]>
Co-authored-by: Joan Esteban <[email protected]>
Co-authored-by: Rachit Sonthalia <[email protected]>
Co-authored-by: Arpit Temani <[email protected]>
Co-authored-by: Copilot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Stefan-Ethernal Stefan-Ethernal Stefan-Ethernal approved these changes

@joanestebanr joanestebanr joanestebanr approved these changes

Assignees

@goran-ethernal goran-ethernal

Labels

aggsender aggsender-validator

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@goran-ethernal @Stefan-Ethernal @joanestebanr