@LHerskind raised this on slack about the block header not being verified on L1, so a lot of things can be faked when proposing a block. To fix this, we can commit to the values used in propose by sha hashing them in the circuit and aggregating these hashes to the root rollup to be checked during proving:
- When proposing a block, L1 will also compute the sha hash of the values and store it in the
BlockLog.
- When proving an epoch, L1 will check that each hash in the root rollup's public inputs matches the corresponding hash in the rollup store.
This new hash (any name suggestions?) will replace the current blockHash in BlockLog, which currently is a block header hash. Below is a break down of everything in the block header and which should be included in this new hash:
[last_archive]
✅ root: Broadcasted when a block is proposed. This value also commit to the real block header hash.
✖ next_available_leaf_index: Not used on L1. Used by circuit to progress archive root.
[content_commitment]
❓ num_txs: Can remove it if we don't need the min height to consume a l2toL1Message.
✅ blobs_hash
✅ in_hash
✅ out_hash
[state]
✖ l1_to_l2_message_tree: Not used on L1.
✖ partial: Not used on L1.
[global_variables]
✖ chain_id: It's the same for all the blocks. We can export it from root rollup and check this once for an epoch.
✖ version: Same as above.
✖ block_number: L1 can derive the actual block number. And the circuits make sure that the numbers increment correctly. So we only need to check the start block number of an epoch.
✅ slot_number
✅ timestamp
✅ coinbase: Not used in propose. But included to ensure that any prover with the txs can rebuild the full header and get started on proving.
✅ fee_recipient: Same as above.
✅ gas_fees
✖ total_fees: Not used in propose. It's propagated to root rollup and used when proving.
✅ total_mana_used
@LHerskind raised this on slack about the block header not being verified on L1, so a lot of things can be faked when proposing a block. To fix this, we can commit to the values used in
proposeby sha hashing them in the circuit and aggregating these hashes to the root rollup to be checked during proving:BlockLog.This new hash (any name suggestions?) will replace the current
blockHashinBlockLog, which currently is a block header hash. Below is a break down of everything in the block header and which should be included in this new hash:[last_archive]
✅
root: Broadcasted when a block is proposed. This value also commit to the real block header hash.✖
next_available_leaf_index: Not used on L1. Used by circuit to progress archive root.[content_commitment]
❓
num_txs: Can remove it if we don't need the min height to consume a l2toL1Message.✅
blobs_hash✅
in_hash✅
out_hash[state]
✖
l1_to_l2_message_tree: Not used on L1.✖
partial: Not used on L1.[global_variables]
✖
chain_id: It's the same for all the blocks. We can export it from root rollup and check this once for an epoch.✖
version: Same as above.✖
block_number: L1 can derive the actual block number. And the circuits make sure that the numbers increment correctly. So we only need to check the start block number of an epoch.✅
slot_number✅
timestamp✅
coinbase: Not used in propose. But included to ensure that any prover with the txs can rebuild the full header and get started on proving.✅
fee_recipient: Same as above.✅
gas_fees✖
total_fees: Not used in propose. It's propagated to root rollup and used when proving.✅
total_mana_used