feat: add slashing support to verifyAndUpdate signature#29
feat: add slashing support to verifyAndUpdate signature#29RonTuretzky wants to merge 2 commits intomainfrom
Conversation
BREAKING CHANGE: Modified verifyAndUpdate function signature to enable on-chain slashing verification. ## Changes The signed message now includes all values needed for slashing: ```solidity // OLD (not slashable): sha256(abi.encode(transitionIndex, address(this), targetFunction, storageUpdates)) // NEW (slashable): sha256(abi.encode(transitionIndex, address(this), anchorHash, callerAddress, contractCalldata, storageUpdates)) ``` ### New Parameters - `anchorHash` (bytes32): Block hash anchoring execution to specific Ethereum state - `callerAddress` (address): The msg.sender for the original call - `contractCalldata` (bytes): Full calldata with arguments (replaces `targetFunction`) ### Why This Enables Slashing With these values, a challenger can: 1. Generate an SP1 proof of correct execution using the signed inputs 2. Compare proven storage updates with signed storage updates 3. If they differ, submit slashing proof to EigenLayer ### Migration Operators must update their signing logic to include the new fields. The `getMessageHash` function has been updated accordingly.
| * @notice Base SDK for implementing Gas Killer functionality in contracts | ||
| * @dev Inherit from this contract to add Gas Killer capabilities to your contract | ||
| * | ||
| * ## Slashing Support |
There was a problem hiding this comment.
would rather see this in a README or not included at all in the contract comments at all.
| * @param storageUpdates The storage updates to verify | ||
| * @param transitionIndex The transition index | ||
| * @param targetFunction The target function selector | ||
| * @param anchorHash The block hash anchoring the execution to a specific Ethereum state |
There was a problem hiding this comment.
i think "blockHash" would be clearer, personally
There was a problem hiding this comment.
i think blockhash can be very confusing , as the ancor block can be any strictly smaller block than the current block hash and is the basis for the simulation
There was a problem hiding this comment.
then imo it should be anchorBlockHash. "Hash" is an ambiguous thing, "block hash" is a precise thing. The "anchor" descriptor is nice, but I don't think it's enough on it's own
| * @param transitionIndex The transition index | ||
| * @param targetFunction The target function selector | ||
| * @param anchorHash The block hash anchoring the execution to a specific Ethereum state | ||
| * @param callerAddress The address that initiated the original call (msg.sender) |
There was a problem hiding this comment.
am I understanding this correctly? This should just be msg.sender instead of a argument to this function?
There was a problem hiding this comment.
its not the msg.sender of this call ( some operatoir for the avs or the avs egress address) it is whoever signed the original tx data
There was a problem hiding this comment.
Ok in that case, i'd remove the msg.sender comment. It's confusing
2 participants
Summary
This PR modifies the
verifyAndUpdatefunction signature to enable on-chain slashing verification via SP1 zkVM proofs.Breaking Change
The signed message format has changed:
New Parameters
anchorHashbytes32callerAddressaddresscontractCalldatabytestargetFunction)Why This Enables Slashing
With the current signature (only
targetFunction), a challenger cannot:With the new signature, a challenger can:
Anchor Block Clarification
If execution happens at block N:
anchorHash= hash of block NRelated Work
docs/GAS_KILLER_SLASHING_SPEC.mdin sp1-contract-call repoMigration Required
Operators must update their signing logic to:
anchorHashcallerAddresscontractCalldatainstead of just the 4-byte selectorTest plan