Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(protocol): fix an issue for ProverSet.proposeBlock #17521

Merged
merged 1 commit into from
Jun 8, 2024
Merged

fix(protocol): fix an issue for ProverSet.proposeBlock #17521

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion packages/protocol/contracts/team/proving/ProverSet.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ contract ProverSet is EssentialContract, IERC1271 {
bytes calldata _txList
)
external
onlyProver
Copy link
Contributor

@Brechtpd Brechtpd Jun 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't we need this check because of this:

taiko-mono/packages/protocol/contracts/L1/libs/LibProposing.sol

Lines 184 to 186 in d3037ad

if (params.hookCalls.length == 0) {
if (params.assignedProver != msg.sender) revert L1_NOT_SAME_ADDRESS();
_tko.transferFrom(msg.sender, address(this), _config.livenessBond);

So now anybody could propose a block through this contract, set no hooks and the assignedProver to the pool contract, and use the TAIKO in this contract as a bond for the proving no? And then the provers in this contract are forced to prove the block, which seems unwanted?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They still need an enabled prover to sign their blob at first?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You mean this check:

taiko-mono/packages/protocol/contracts/L1/libs/LibProposing.sol

Line 138 in d3037ad

&& ECDSA.recover(meta_.blobHash, params.signature) != msg.sender
? This check is only done when no blob is used, so then still a problem when a blob is used I think.

hmmm also does ECDSA.recover even support contracts? Looking at https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/cryptography/ECDSA.sol it doesn't seem to call isValidSignature anywhere for contract addresses.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are right, we may also need to whitelist the proposer addresses in proverSet @dantaik

payable
nonReentrant
{
ITaikoL1(taikoL1()).proposeBlock(_params, _txList);
Expand Down