fix: pin getAttesters reads to a single L1 block (A-819)#23920
Merged
spalladino merged 1 commit intoJun 9, 2026
Conversation
getAttesters issued an unpinned getActiveAttesterCount read followed by N chunked getAttestersFromIndicesAtTime reads, each defaulting to `latest`. Across a block boundary or reorg the count and chunks could observe different attester sets, producing an inconsistent or truncated result for sets larger than the 1000-entry chunk size. Fetch the current block once and thread its number as a blockNumber option through getActiveAttesterCount and every chunked read so they all evaluate against the same L1 block.
spalladino
approved these changes
Jun 9, 2026
spalladino
deleted the
phil/a-819-audit-164-getattesters-stale-timestamp-across-chunked-rpc
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes A-819 (Audit #164).
Problem
RollupContract.getAttesters(yarn-project/ethereum/src/contracts/rollup.ts) made several sequential RPC reads with no pinned block:getActiveAttesterCount()(read atlatest)getAttestersFromIndicesAtTime(...)reads, one per 1000 indices (each read atlatest)The
tstimestamp argument was already captured once and reused consistently across chunks, so the literal "stale timestamp across chunks" framing of the title doesn't occur. The real defect is that the reads are not pinned to a single L1 block: across a block boundary or reorg, the count and the individual chunk reads can observe different attester sets, yielding an inconsistent or truncated result. This only bites for attester sets larger than the 1000-entry chunk size, read precisely across a set-changing block — hence low impact, but real.Fix
Fetch the current block once in
getAttesters, then thread itsnumberas ablockNumberoption throughgetActiveAttesterCountand every chunkedgetAttestersFromIndicesAtTimeread so they all evaluate against the same L1 block. This follows the existingcheckBlockTag(options?.blockNumber, ...)pattern already used by many reads inrollup.ts(e.g.getCheckpointNumber,status,canPruneAtTime).getActiveAttesterCountandGSEContract.getAttestersFromIndicesAtTimenow accept an optional{ blockNumber }.Testing
Verified the full TypeScript build passes. No automated test added: reproducing the block-drift race deterministically would require anvil plus a hook to advance an L1 block between the count read and the chunk reads (or deep viem-client mocking), which isn't justified for this low-impact, pattern-following change. The block-pinning behavior mirrors other pinned reads in the same file.