agglayer · goran-ethernal · Sep 8, 2025 · Sep 8, 2025
diff --git a/agglayer/types/types.go b/agglayer/types/types.go
@@ -498,50 +498,6 @@ func (c *Certificate) CertificateID() common.Hash {
 	)
 }
 
-// PPHashToSign is the actual hash that needs to be signed by the aggsender
-// as expected by the agglayer for the PP flow
-func (c *Certificate) PPHashToSign() common.Hash {
-	globalIndexHashes := make([][]byte, len(c.ImportedBridgeExits))
-	for i, importedBridgeExit := range c.ImportedBridgeExits {
-		globalIndexHashes[i] = importedBridgeExit.GlobalIndex.Hash().Bytes()
-	}
-
-	return crypto.Keccak256Hash(
-		c.NewLocalExitRoot.Bytes(),
-		crypto.Keccak256Hash(globalIndexHashes...).Bytes(),
-	)
-}
-
-// FEPHashToSign is the actual hash that needs to be signed by the aggsender
-// as expected by the agglayer for the FEP flow
-func (c *Certificate) FEPHashToSign() common.Hash {
-	chunks := make([][]byte, 0, len(c.ImportedBridgeExits))
-	for _, importedBridgeExit := range c.ImportedBridgeExits {
-		indexBytes := importedBridgeExit.GlobalIndexToLittleEndianBytes()
-		hashBytes := importedBridgeExit.BridgeExit.Hash().Bytes()
-
-		combined := make([]byte, 0, len(indexBytes)+len(hashBytes))
-		combined = append(combined, indexBytes...) // combine into one slice
-		combined = append(combined, hashBytes...)  // combine into one slice
-		chunks = append(chunks, combined)
-	}
-
-	importedBridgeExitsHash := crypto.Keccak256(chunks...)
-
-	aggchainParams := aggkitcommon.EmptyBytesHash
-	aggchainDataProof, ok := c.AggchainData.(*AggchainDataProof)
-	if ok {
-		aggchainParams = aggchainDataProof.AggchainParams.Bytes()
-	}
-
-	return crypto.Keccak256Hash(
-		c.NewLocalExitRoot.Bytes(),
-		importedBridgeExitsHash,
-		aggkitcommon.Uint64ToLittleEndianBytes(c.Height),
-		aggchainParams,
-	)
-}
-
 // SignedCertificate is the struct that contains the certificate and the signature of the signer
 // NOTE: this is an old and deprecated struct, only to be used for backward compatibility
 type SignedCertificate struct {

diff --git a/agglayer/types/types_test.go b/agglayer/types/types_test.go
@@ -11,7 +11,6 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/agglayer/aggkit/bridgesync"
 	aggkitcommon "github.com/agglayer/aggkit/common"
 	"github.com/agglayer/aggkit/db"
 	"github.com/agglayer/aggkit/l1infotreesync"
@@ -549,43 +548,6 @@ func TestCertificate_Hash(t *testing.T) {
 	require.Equal(t, calculatedHash, expectedHash)
 }
 
-func TestCertificate_HashToSign(t *testing.T) {
-	t.Parallel()
-
-	c := &Certificate{
-		NewLocalExitRoot: common.HexToHash("0xabcd"),
-		ImportedBridgeExits: []*ImportedBridgeExit{
-			{
-				GlobalIndex: &GlobalIndex{
-					MainnetFlag: true,
-					RollupIndex: 23,
-					LeafIndex:   1,
-				},
-			},
-			{
-				GlobalIndex: &GlobalIndex{
-					MainnetFlag: false,
-					RollupIndex: 15,
-					LeafIndex:   2,
-				},
-			},
-		},
-	}
-
-	globalIndexHashes := make([][]byte, len(c.ImportedBridgeExits))
-	for i, importedBridgeExit := range c.ImportedBridgeExits {
-		globalIndexHashes[i] = importedBridgeExit.GlobalIndex.Hash().Bytes()
-	}
-
-	expectedHash := crypto.Keccak256Hash(
-		c.NewLocalExitRoot[:],
-		crypto.Keccak256Hash(globalIndexHashes...).Bytes(),
-	)
-
-	certHash := c.PPHashToSign()
-	require.Equal(t, expectedHash, certHash)
-}
-
 func TestClaimFromMainnnet_MarshalJSON(t *testing.T) {
 	t.Parallel()
 
@@ -1364,94 +1326,6 @@ func TestAggchainDataMultisigWithProof_MarshalUnmarshalJSON(t *testing.T) {
 	}
 }
 
-func TestCertificate_FEPHashToSign(t *testing.T) {
-	t.Parallel()
-
-	bridgeExit := &BridgeExit{
-		LeafType: LeafTypeAsset,
-		TokenInfo: &TokenInfo{
-			OriginNetwork:      0,
-			OriginTokenAddress: common.HexToAddress("0x1234"),
-		},
-		DestinationNetwork: 1,
-		DestinationAddress: common.HexToAddress("0x1234"),
-		Amount:             big.NewInt(1000),
-		Metadata:           []byte{0x01, 0x02, 0x03},
-	}
-
-	testCases := []struct {
-		name         string
-		certificate  *Certificate
-		expectedHash common.Hash
-	}{
-		{
-			name:        "Empty Certificate",
-			certificate: &Certificate{},
-			expectedHash: crypto.Keccak256Hash(
-				common.Hash{}.Bytes(),
-				aggkitcommon.EmptyBytesHash,
-				aggkitcommon.Uint64ToLittleEndianBytes(0),
-				aggkitcommon.EmptyBytesHash,
-			),
-		},
-		{
-			name: "With Aggchain Data Proof",
-			certificate: &Certificate{
-				NewLocalExitRoot: common.HexToHash("0xdef456"),
-				Height:           100,
-				AggchainData: &AggchainDataProof{
-					AggchainParams: common.HexToHash("0x123abc"),
-				},
-			},
-			expectedHash: crypto.Keccak256Hash(
-				common.HexToHash("0xdef456").Bytes(),
-				aggkitcommon.EmptyBytesHash,
-				aggkitcommon.Uint64ToLittleEndianBytes(100),
-				common.HexToHash("0x123abc").Bytes(),
-			),
-		},
-		{
-			name: "With Imported Bridge Exits",
-			certificate: &Certificate{
-				NewLocalExitRoot: common.HexToHash("0xdef456"),
-				Height:           100,
-				ImportedBridgeExits: []*ImportedBridgeExit{
-					{
-						GlobalIndex: &GlobalIndex{
-							MainnetFlag: true,
-							RollupIndex: 0,
-							LeafIndex:   1,
-						},
-						BridgeExit: bridgeExit,
-					},
-				},
-				AggchainData: &AggchainDataProof{
-					AggchainParams: common.HexToHash("0x123abc"),
-				},
-			},
-			expectedHash: crypto.Keccak256Hash(
-				common.HexToHash("0xdef456").Bytes(),
-				crypto.Keccak256(aggkitcommon.BigIntToLittleEndianBytes(
-					bridgesync.GenerateGlobalIndex(true, 0, 1),
-				), bridgeExit.Hash().Bytes()),
-				aggkitcommon.Uint64ToLittleEndianBytes(100),
-				common.HexToHash("0x123abc").Bytes(),
-			),
-		},
-	}
-
-	for _, tc := range testCases {
-		tc := tc
-
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			hash := tc.certificate.FEPHashToSign()
-			require.Equal(t, tc.expectedHash, hash)
-		})
-	}
-}
-
 func TestCertificate_Validate(t *testing.T) {
 	t.Run("fails cert nil", func(t *testing.T) {
 		var cert *Certificate

diff --git a/aggsender/aggsender_test.go b/aggsender/aggsender_test.go
@@ -264,7 +264,6 @@ func TestSendCertificate_NoClaims(t *testing.T) {
 	signedCertificate, err := aggSender.sendCertificate(ctx)
 	require.NoError(t, err)
 	require.NotNil(t, signedCertificate)
-	require.NotNil(t, signedCertificate.AggchainData)
 	require.NotNil(t, signedCertificate.ImportedBridgeExits)
 	require.Len(t, signedCertificate.BridgeExits, 1)
 

diff --git a/aggsender/flows/flow_aggchain_prover.go b/aggsender/flows/flow_aggchain_prover.go
@@ -325,12 +325,7 @@ func (a *AggchainProverFlow) BuildCertificate(ctx context.Context,
 		cert.CustomChainData = buildParams.AggchainProof.CustomChainData
 	}
 
-	signedCert, err := a.signCertificate(ctx, cert)
-	if err != nil {
-		return nil, fmt.Errorf("aggchainProverFlow - error signing certificate: %w", err)
-	}
-
-	return signedCert, nil
+	return cert, nil
 }
 
 // UpdateAggchainData updates the AggchainData field in certificate with the multisig if needed
@@ -403,48 +398,6 @@ func (a *AggchainProverFlow) getLastProvenBlock(fromBlock uint64, lastCertificat
 	return fromBlock - 1
 }
 
-// signCertificate signs a certificate with the aggsender key
-func (a *AggchainProverFlow) signCertificate(
-	ctx context.Context, cert *agglayertypes.Certificate) (*agglayertypes.Certificate, error) {
-	aggchainData, ok := cert.AggchainData.(*agglayertypes.AggchainDataProof)
-	if !ok {
-		return nil, fmt.Errorf("aggchainProverFlow - signCertificate - AggchainData is not of type AggchainDataProof")
-	}
-
-	hashToSign := cert.FEPHashToSign()
-	sig, err := a.certificateSigner.SignHash(ctx, hashToSign)
-	if err != nil {
-		return nil, err
-	}
-
-	aggchainData.Signature = sig
-
-	a.log.Infof("aggchainProverFlow - Signed certificate. Sequencer address: %s. "+
-		"New local exit root: %s. Aggchain Params: %s. Height: %d Hash signed: %s",
-		a.certificateSigner.PublicAddress().String(),
-		cert.NewLocalExitRoot.String(),
-		aggchainData.AggchainParams.String(),
-		cert.Height,
-		hashToSign.String(),
-	)
-
-	return cert, nil
-}
-
-// ValidateCertificate validates the certificate for the FEP specific things
-func (a *AggchainProverFlow) ValidateCertificate(ctx context.Context, cert *agglayertypes.Certificate) error {
-	if cert == nil {
-		return fmt.Errorf("aggchainProverFlow - ValidateCertificate - certificate is nil")
-	}
-
-	_, ok := cert.AggchainData.(*agglayertypes.AggchainDataProof)
-	if !ok {
-		return fmt.Errorf("aggchainProverFlow - ValidateCertificate - AggchainData is not of type AggchainDataProof")
-	}
-
-	return nil
-}
-
 // Signer returns the signer used to sign the certificate
 func (a *AggchainProverFlow) Signer() signertypes.Signer {
 	return a.certificateSigner

diff --git a/aggsender/flows/flow_aggchain_prover_test.go b/aggsender/flows/flow_aggchain_prover_test.go
@@ -488,14 +488,14 @@ func Test_AggchainProverFlow_BuildCertificate(t *testing.T) {
 
 	testCases := []struct {
 		name           string
-		mockFn         func(*mocks.BridgeQuerier, *mocks.LERQuerier, *mocks.Signer)
+		mockFn         func(*mocks.BridgeQuerier, *mocks.LERQuerier)
 		buildParams    *types.CertificateBuildParams
 		expectedError  string
 		expectedResult *agglayertypes.Certificate
 	}{
 		{
 			name: "error building certificate",
-			mockFn: func(mockL2BridgeQuerier *mocks.BridgeQuerier, mockLERQuerier *mocks.LERQuerier, mockSigner *mocks.Signer) {
+			mockFn: func(mockL2BridgeQuerier *mocks.BridgeQuerier, mockLERQuerier *mocks.LERQuerier) {
 				mockLERQuerier.EXPECT().GetLastLocalExitRoot().Return(types.EmptyLER, nil)
 				mockL2BridgeQuerier.EXPECT().GetExitRootByIndex(mock.Anything, uint32(0)).Return(common.Hash{}, errors.New("some error"))
 			},
@@ -510,10 +510,8 @@ func Test_AggchainProverFlow_BuildCertificate(t *testing.T) {
 		},
 		{
 			name: "success building certificate",
-			mockFn: func(mockL2BridgeQuerier *mocks.BridgeQuerier, mockLERQuerier *mocks.LERQuerier, mockSigner *mocks.Signer) {
+			mockFn: func(mockL2BridgeQuerier *mocks.BridgeQuerier, mockLERQuerier *mocks.LERQuerier) {
 				mockL2BridgeQuerier.EXPECT().OriginNetwork().Return(uint32(1))
-				mockSigner.EXPECT().PublicAddress().Return(common.HexToAddress("0x123"))
-				mockSigner.EXPECT().SignHash(mock.Anything, mock.Anything).Return([]byte("signature"), nil)
 				mockLERQuerier.EXPECT().GetLastLocalExitRoot().Return(types.EmptyLER, nil)
 			},
 			buildParams: &types.CertificateBuildParams{
@@ -557,7 +555,6 @@ func Test_AggchainProverFlow_BuildCertificate(t *testing.T) {
 					Context: map[string][]byte{
 						"key1": []byte("value1"),
 					},
-					Signature: []byte("signature"),
 				},
 			},
 		},
@@ -572,7 +569,7 @@ func Test_AggchainProverFlow_BuildCertificate(t *testing.T) {
 			mockL2BridgeQuerier := mocks.NewBridgeQuerier(t)
 			mockLERQuerier := mocks.NewLERQuerier(t)
 			if tc.mockFn != nil {
-				tc.mockFn(mockL2BridgeQuerier, mockLERQuerier, mockSigner)
+				tc.mockFn(mockL2BridgeQuerier, mockLERQuerier)
 			}
 			flowBase := NewBaseFlow(
 				logger,
@@ -781,73 +778,6 @@ func Test_AggchainProverFlow_CheckInitialStatus(t *testing.T) {
 	}
 }
 
-func Test_AggchainProverFlow_ValidateCertificate(t *testing.T) {
-	t.Parallel()
-
-	ctx := t.Context()
-
-	testCases := []struct {
-		name          string
-		certificate   *agglayertypes.Certificate
-		expectedError string
-	}{
-		{
-			name:          "certificate is nil",
-			certificate:   nil,
-			expectedError: "aggchainProverFlow - ValidateCertificate - certificate is nil",
-		},
-		{
-			name: "AggchainData is not of type AggchainDataProof",
-			certificate: &agglayertypes.Certificate{
-				AggchainData: &agglayertypes.AggchainDataSignature{},
-			},
-			expectedError: "aggchainProverFlow - ValidateCertificate - AggchainData is not of type AggchainDataProof",
-		},
-		{
-			name: "AggchainData is nil",
-			certificate: &agglayertypes.Certificate{
-				AggchainData: nil,
-			},
-			expectedError: "aggchainProverFlow - ValidateCertificate - AggchainData is not of type AggchainDataProof",
-		},
-		{
-			name: "success - valid certificate with AggchainDataProof",
-			certificate: &agglayertypes.Certificate{
-				AggchainData: &agglayertypes.AggchainDataProof{
-					Proof:          []byte("some-proof"),
-					Version:        "0.1",
-					Vkey:           []byte("some-vkey"),
-					AggchainParams: common.HexToHash("0x123"),
-					Context: map[string][]byte{
-						"key1": []byte("value1"),
-					},
-					Signature: []byte("signature"),
-				},
-			},
-			expectedError: "",
-		},
-	}
-
-	for _, tc := range testCases {
-		tc := tc
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			logger := log.WithFields("flowManager", "Test_AggchainProverFlow_ValidateCertificate")
-			flow := &AggchainProverFlow{
-				log: logger,
-			}
-
-			err := flow.ValidateCertificate(ctx, tc.certificate)
-			if tc.expectedError != "" {
-				require.ErrorContains(t, err, tc.expectedError)
-			} else {
-				require.NoError(t, err)
-			}
-		})
-	}
-}
-
 func Test_AggchainProverFlow_GenerateBuildParams(t *testing.T) {
 	t.Parallel()