Skip to content

feat: update hash to sign by the aggsender validators #847

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 12, 2025
Merged

feat: update hash to sign by the aggsender validators #847

merged 3 commits into from
Aug 12, 2025

Conversation

@Stefan-Ethernal
Copy link
Contributor

@Stefan-Ethernal Stefan-Ethernal commented Aug 11, 2025
edited
Loading

🔄 Changes Summary

The hash for the aggsender validator is calculated based on this comment.

commitment = keccak256_combine([
    certificate.new_local_exit_root,
    commit_imported_bridge_exits: certificate.claim_hash(), // defined below
    certificate.height,
    certificate.aggchain_params, // nil value if no aggchain proof
    certificate_id // re-computed only on the agglayer, but free input for the PP
]);

/// keccak(ib[0].global_index # ib[0].bridge_exit_hash # .. # ib[n].global_index # ib[n].bridge_exit_hash)
fn claim_hash() -> Digest {
    keccak256_combine(self.imported_bridge_exits.iter().map(|ibe| {
        [
            ibe.global_index.as_le_slice(),
            ibe.bridge_exit_hash.as_slice(),
        ]
        .concat()
    }))
}

⚠️ Breaking Changes

  • 🛠️ Config: N/A
  • 🔌 API/CLI: N/A
  • 🗑️ Deprecated Features: N/A

📋 Config Updates

  • 🧾 Diff/Config snippet: N/A

✅ Testing

  • 🤖 Automatic: [Optional: Enumerate E2E tests]
  • 🖱️ Manual: N/A

🐞 Issues

🔗 Related PRs

  • N/A

📝 Notes

  • N/A

@Stefan-Ethernal Stefan-Ethernal self-assigned this Aug 11, 2025
@Stefan-Ethernal Stefan-Ethernal marked this pull request as ready for review August 11, 2025 10:44
@Stefan-Ethernal Stefan-Ethernal requested review from a team and goran-ethernal August 11, 2025 10:44
goran-ethernal
goran-ethernal approved these changes Aug 11, 2025
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 12, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
93.8% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@Stefan-Ethernal Stefan-Ethernal merged commit 99a8dba into feat/aggsender-multisig Aug 12, 2025
22 checks passed
@Stefan-Ethernal Stefan-Ethernal deleted the feat/calculate-has-to-sign-by-validator branch August 12, 2025 09:17
@Stefan-Ethernal Stefan-Ethernal mentioned this pull request Sep 9, 2025
Merged
Stefan-Ethernal added a commit that referenced this pull request Oct 10, 2025
@Stefan-Ethernal @goran-ethernal
@joanestebanr @rachit77 @temaniarpit27
feat: Aggsender multisig (#860)
aafe6cf 
## 🔄 Changes Summary

Enable the AggSender to work with multiple validator nodes in a
committee-based validation system. The implementation includes validator
services, multisig committee management, certificate validation
improvements, and enhanced gRPC communication protocols.

**Multisig Committee Support:** 
- Added `MultisigCommittee` type to manage signer sets and enforce
signature thresholds.
- Signers are represented as `SignerInfo` structs with both address and
URL for improved context and error reporting.
- Committee construction validates non-empty membership and non-zero
threshold, preventing misconfiguration.
- Dynamic signer management: methods for adding signers, duplicate
checks by address and URL.

**Aggsender Validator Refactor:**
- The Aggsender certificate validation flow was refactored to integrate
multisig logic.
- The multisig validation logic is applicable to both `PP` and `FEP`
certificates.
- Certificate validation now checks for contiguous certificates, last L2
block, and settlement status using new queries.
- Import bridge exit proof verification is handled via new logic using
`verifyClaimProofs`, ensuring only valid proofs pass.

**Certificate Metadata removal:**
- It is gone from the agglayer and therefore it is not sent anymore from
the aggsender either.
- Only thing worth noting is that, when calculating `CertificateID`,
instead of metadata field, which was used previously, we now use
`ZeroHash`.

**Smart contracts integration:**
- **AggchainFEP contract:** Removed querying of `TrustedSequencer`
address and rely on the signers committee instead
- **AggchainBase contract:** Retrieve the multisig committee from the
`AggchainBase` contract

**Agglayer integration:**
- Invoke the `GetNetworkState` API from agglayer to get the latest
settled imported bridge exit info.
- Multisig is populated into the certificate and sent to the Agglayer's
`SendCertificate` gRPC endpoint

## ⚠️ Breaking Changes
- 🛠️ **Config**: Make sure that `Mode` on the `Validator` and
`AggSender` are the same.
- 🔌 **API/CLI**: `aggkit` version (`v0.7.0`) that supports `multisig`
will now require updated contracts to run. At least version
`v12.1.0-rc.3` of `agglayer-contracts`, and a new version of `agglayer`
which supports `multisig`, which is the `v0.4.0` of `agglayer`.
- 🗑️ **Deprecated Features**: Aggsender Phase II validator signing logic

## 📋 Config Updates
- Added `AggSender.RequireCommitteeMembershipCheck = false` parameter,
which defines if a check on `aggsender proposer` startup will be
performed to see if the proposer is in the `multisig` committee.
- Added `Validator.RequireCommitteeMembershipCheck =
{{AggSender.RequireCommitteeMembershipCheck}}` parameter, which defines
if a check on `aggsender validator` startup will be performed to see if
the validator is in the `multisig` committee.
- Added `Validator.Mode = "PessimisticProof"` parameter, which acts the
same as the `AggSender.Mode`. It tells the validator that the network is
a `PP` network or an `FEP` network. It has to be the same as on
`aggsender proposer`.
- Added `Validator.FEPConfig.SovereignRollupAddr =
"{{AggSender.SovereignRollupAddr}}" parameter which is the address of
the `AggchainFEP` rollup on L1 for given network for which validator is
running.
- Added `Validator.FEPConfig.RequireNoBlockGap =
{{AggSender.RequireNoFEPBlockGap}}, which acts the same as the given
paremeter on `AggSender` (proposer) config, and tells the validator if
gaps in blocks in certificates are allowed in `FEP` network.

```toml
[AggSender]
RequireCommitteeMembershipCheck = false

[Validator]
# PessimisticProof or AggchainProof
Mode = "PessimisticProof"
RequireCommitteeMembershipCheck = {{AggSender.RequireCommitteeMembershipCheck}}
[Validator.FEPConfig]
	SovereignRollupAddr = "{{AggSender.SovereignRollupAddr}}"
	RequireNoBlockGap = "{{AggSender.RequireNoFEPBlockGap}}"
```

## ✅ Testing
- 🤖 **Automatic**: `aggkit` CI
- 🖱️ **Manual**: [Optional: Steps to verify]

## 🐞 Issues
- Closes #792 
## 🔗 Related PRs
- #814
- #832
- #838
- #839
- #843
- #842
- #846
- #858
- #847
- #865
- #861
- #863
- #875
- #876
- #881
- #877
- #898
- #920
- #913
- #926
- #945
- #951
- #954
- #957
- #955
- #974
- #978
- #985
- #989
- #984
- #998
- #1017
- #1028
- #1034
- #1024
- #1052
- #1067
- #1068
- #1050
- #1071
- #1072
- #1060
- #1087
- #1077
- #1073

---------

Co-authored-by: Goran Rojovic <[email protected]>
Co-authored-by: Goran Rojovic <[email protected]>
Co-authored-by: Joan Esteban <[email protected]>
Co-authored-by: Rachit Sonthalia <[email protected]>
Co-authored-by: Arpit Temani <[email protected]>
Co-authored-by: Copilot <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rachit77 rachit77 rachit77 approved these changes

@goran-ethernal goran-ethernal goran-ethernal approved these changes

Assignees

@Stefan-Ethernal Stefan-Ethernal

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Stefan-Ethernal @rachit77 @goran-ethernal