Verify L1 signers per authorized range

Author: ranchalp

consensus/system_contract/consensus.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"math/big"
+	"sort"
 	"time"
 
 	"github.com/scroll-tech/go-ethereum/accounts"
@@ -122,7 +123,7 @@ func (s *SystemContract) verifyHeader(chain consensus.ChainHeaderReader, header
 		return errInvalidUncleHash
 	}
 	// Ensure that the difficulty is one
-	if header.Difficulty.Cmp(common.Big0) != 1 {
+	if header.Difficulty.Cmp(common.Big1) != 0 {
 		return errInvalidDifficulty
 	}
 	// Verify that the gas limit is <= 2^63-1
@@ -174,20 +175,48 @@ func (s *SystemContract) verifyCascadingFields(chain consensus.ChainHeaderReader
 		return err
 	}
 
-	signer, err := ecrecover(header)
+	if err := s.correctSigner(header); err != nil {
+		return err
+	}
+	return nil
+}
+
+// correctSigner checks that the actual block signer matches
+// the L1-authorized signer for this block's number.
+func (s *SystemContract) correctSigner(header *types.Header) error {
+	actualSigner, err := ecrecover(header)
 	if err != nil {
 		return err
 	}
 
-	s.lock.Lock()
-	defer s.lock.Unlock()
+	expectedSigner, err := s.findSignerSlice(header.Number.Uint64())
+	if err != nil {
+		return err // e.g. "no signer for block"
+	}
 
-	if signer != s.signerAddressL1 {
+	if actualSigner != expectedSigner {
 		return errUnauthorizedSigner
 	}
 	return nil
 }
 
+func (s *SystemContract) findSignerSlice(blockNum uint64) (common.Address, error) {
+	// Acquire read-lock before accessing s.signerAddressesL1
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+	transitions := s.signerAddressesL1
+	idx := sort.Search(len(transitions), func(i int) bool {
+		// We want the first transition with StartBlock > blockNum
+		return transitions[i].StartBlock > blockNum
+	})
+	// idx is now the insertion point for 'blockNum'
+	// so the real match is at idx-1 if idx > 0
+	if idx == 0 {
+		return common.Address{}, errors.New("no signer for block")
+	}
+	return transitions[idx-1].Signer, nil
+}
+
 // VerifyUncles implements consensus.Engine, always returning an error for any
 // uncles as this consensus mechanism doesn't permit uncles.
 func (s *SystemContract) VerifyUncles(chain consensus.ChainReader, block *types.Block) error {
@@ -300,7 +329,6 @@ func SealHash(header *types.Header) (hash common.Hash) {
 	return hash
 }
 
-
 // ecrecover extracts the Ethereum account address from a signed header.
 func ecrecover(header *types.Header) (common.Address, error) {
 	signature := header.Extra[0:]
@@ -368,4 +396,4 @@ func encodeSigHeader(w io.Writer, header *types.Header) {
 	if err := rlp.Encode(w, enc); err != nil {
 		panic("can't encode: " + err.Error())
 	}
-}
+}

consensus/system_contract/system_contract.go

@@ -16,12 +16,18 @@ const (
 	defaultSyncInterval = 10
 )
 
+type SignerAddressL1 struct {
+	StartBlock uint64
+	Signer     common.Address
+}
+
 // SystemContract
 type SystemContract struct {
 	config *params.SystemContractConfig // Consensus engine configuration parameters
 	client sync_service.EthClient
 
-	signerAddressL1 common.Address // Address of the signer stored in L1 System Contract
+	signerAddressL1   common.Address // Address of the signer stored in L1 System Contract
+	signerAddressesL1 []SignerAddressL1
 
 	signer common.Address // Ethereum address of the signing key
 	signFn SignerFn       // Signer function to authorize hashes with
@@ -77,6 +83,7 @@ func (s *SystemContract) Start() {
 			case <-s.ctx.Done():
 				return
 			case <-syncTicker.C:
+				//TODO here
 				blockNumber := big.NewInt(-1) // todo: get block number from L1BlocksContract (l1 block hash relay) or other source (depending on exact design)
 				address, err := s.client.StorageAt(s.ctx, s.config.SystemContractAddress, s.config.SystemContractSlot, blockNumber)
 				if err != nil {
@@ -94,4 +101,4 @@ func (s *SystemContract) Start() {
 func (s *SystemContract) Close() error {
 	s.cancel()
 	return nil
-}
+}