Replace onchain Nitro cert verification with Automata ZK verifier#197
Merged
leopoldjoy merged 26 commits intojoby.thundil/CHAIN-3293-migrate-multiproof-contracts-to-basecontractsfrom Mar 5, 2026
Conversation
jjtny1
force-pushed
the
joby.thundil/CHAIN-3293-migrate-multiproof-contracts-to-basecontracts
branch
from
9efb20a to
ee8c3b9
Compare
…d ISemver to multiproof contracts, wire SystemConfigGlobal into standard deploy pipeline
…er proof format to match AggregateVerifier's l1head change
…fig, add multiproof fields to sepolia.json and hardhat.json, remove separate nitro config files
leopoldjoy
force-pushed
the
feat/switch-nitro-certificate-verification-to-zk
branch
from
faf9f1c to
e2ec02c
Compare
…oys, exclude AggregateVerifier (uses custom bool instead of OZ _initialized)
jackchuma
reviewed
Mar 3, 2026
…k, iterate PCRs, add nitroEnclaveVerifier to Input, revert sepolia.json owner, remove redundant CI recipe
…-basecontracts' into feat/switch-nitro-certificate-verification-to-zk
…-basecontracts' into feat/switch-nitro-certificate-verification-to-zk
…-basecontracts' into feat/switch-nitro-certificate-verification-to-zk
…-basecontracts' into feat/switch-nitro-certificate-verification-to-zk
jackchuma
reviewed
Mar 3, 2026
jjtny1
approved these changes
Mar 4, 2026
Contributor
jjtny1
left a comment
jjtny1
left a comment
There was a problem hiding this comment.
Aside from Jack's comments, lgtm
…eploy config, and parameterize hardcoded l2ChainID/block intervals in DeployImplementations
…heck correct version() number
* use a proof threshold and allow ZK proofs after TEE nullification * pr feedback * update deployment scripts and tests * allow tee nullfiication when a zk proof exists. extend timestamp in this case to allow for zk nullification
jackchuma
approved these changes
Mar 5, 2026
leopoldjoy
merged commit 3e6f2e7
into
joby.thundil/CHAIN-3293-migrate-multiproof-contracts-to-basecontracts
2 of 3 checks passed
jjtny1
added a commit
that referenced
this pull request
Mar 6, 2026
* initial commit * Refactor tests and simplify verifier * Refactor proof verification methods to consolidate TEE and ZK proof handling into a single function, improving code clarity and maintainability. Update tests accordingly to reflect the new verification structure. * refactor tests and errors * Prevent proofs from extending resolution time * ZK proof allows game creator to immediately reclaim bond * Additional tests * Refactor test cases to standardize warp duration and improve naming conventions for clarity in Nullify tests. * Add validation to ensure parent game has a proof before creating a child game in AggregateVerifier. Implement corresponding test case to verify this behavior. * Use calldata and remove unused variable * Make internal verify functions consistent * fix: can claim bond after nullifying a challenge * prevent challenges if parent or game itself is invalid * Enhance AggregateVerifier to include hashes for TEE and ZK images, and rollup configuration. Update verification methods to use a journal hash instead of root claims. Modify MockVerifier and tests accordingly. * Add ReentrancyGuard to AggregateVerifier and protect claimCredit function * Add constant for initialize calldata size in AggregateVerifier and update validation check to use this constant * Add test to validate failure on invalid calldata size in AggregateVerifier * Refactor l2BlockNumber function to l2SequenceNumber in AggregateVerifier, updating documentation and logic to clarify its purpose as the L2 sequence number. * Refactor visibility of state variables in AggregateVerifier from internal to public, enhancing accessibility for contract interactions. * Moved wasRespectedGameTypeWhenCreated for storage optimization * Remove underscores from constructor variables * IDIsputeGame compliance * Remove implicit returns * Add CreditClaimed event and update claimCredit logic in AggregateVerifier to emit event upon credit transfer * Rename getParentGameStatus to _getParentGameStatus in AggregateVerifier for consistency with internal function naming conventions. * Refactor return logic in getParentGameStatus to improve clarity by consolidating the return statement for the first dispute game scenario. * solidity style guide * forge fmt * Fix tests * remove unused imports * Named imports, reorganized imports, defined errors directly * linter * Add underscores to deal with compiler warnings * Refactor and have consistent comments * Update verifier interface to include image ID * Added feature where a proof is required for initialization * Added feature where a proof is required for initialization * Add back in IDisputeGame inheritance * forge fmt * refactor proof format * game type validation on challenging game * Add delayedWETH * forge fmt * Check challenging game validity when claiming credit * Add TEEVerifier and SystemConfigGlobal contracts and update AggregateVerifier to include l1OriginNumber in journal * fix(TEEVerifier): use correct EIP-2935 address and raw calldata for blockhash lookups * Refactor TEE contracts and deployment script based on PR review feedback * Refactor TEE contracts and deployment script based on PR review feedback * Remove underscore-prefixed parameters from mock contracts per style guide * Add comprehensive tests for TEEVerifier, SystemConfigGlobal, and DevSystemConfigGlobal; fix proof format in existing tests * Update teeProposer to match proposer address * correct teeImageHash in Sepolia deploy config * Moving TEE proposer to TEEVerifier * fix TEE comment * feat: intermediate roots for nullification * move L1 origin hash check from TEEVerifier to AggregateVerifier * fix tests * forge fmt * feat: split deploy configs and scripts into no-nitro and with-nitro variants * refactor _verifyProof * added block interval tests and cleaned up some errors * forge fmt * verify proof earlier during initialize * revert last commit * refactor initialize * refactor * fix: register TEE proposer during deployment and add intermediateBlockInterval to WithNitro script * use l1head for proofs after initialization * forge fmt * Fix comments from PR feedback Co-authored-by: Leopold Joy <leo@leopoldjoy.com> * step 1 fix dependencies and op commit * make multiproof compatible with base contracts * fix imports in scripts * fix mocks * format and seperate out multiproof tests * add tests to just and gen semver * fix tests * rm unecessary op commit * apply optimism patch for multiproof * move multiproof tests * move files and delete multiproof test usage and profile * remove remappings of nitro and op enclave * undo multiproof changes and solady import change * support AggregateVerifier in initalizer test * fix import path * semver * semver * semver * deterministic semverlock * add comment * refactor multiproof patch changes. fix typo * semver * fmt * semver * fix tests * fix tests where bytecodes size was different * fmt * semver * semver * semver * make aggregateverifies excluded like faultdispute game. fix systemconfiggloabal initialize * fmt * fix tests * semver * rm just test-multiproof * Replace onchain Nitro cert verification with Automata ZK verifier (#197) * Replace onchain Nitro cert verification with Automata ZK verifier, add ISemver to multiproof contracts, wire SystemConfigGlobal into standard deploy pipeline * Integrate multiproof config into standard DeployConfig, fix TEEVerifier proof format to match AggregateVerifier's l1head change * Fix fmt * Replace aws-nitro-enclave-attestation submodule with no-git dependency in Makefile * Consolidate deploy configs: migrate dev scripts to standard DeployConfig, add multiproof fields to sepolia.json and hardhat.json, remove separate nitro config files * Regenerate snapshots for updated and new multiproof contracts * Fix Initializable test: guard ETHLockbox entries for non-interop deploys, exclude AggregateVerifier (uses custom bool instead of OZ _initialized) * Add test-multiproof recipe to Justfile for CI * Address PR feedback: extract GameType local var, stricter pubKey check, iterate PCRs, add nitroEnclaveVerifier to Input, revert sepolia.json owner, remove redundant CI recipe * Resolve merge conflicts and regenerate semver-lock snapshots * Regenerate semver-lock with CI profile for correct bytecode hashes * Regenerate semver-lock with all compiler profiles including dispute * Regenerate semver-lock.json to remove stale dispute profile entries * Fix misleading TEEVerifier comment, require nitroEnclaveVerifier in deploy config, and parameterize hardcoded l2ChainID/block intervals in DeployImplementations * Reset semvar versioning in SystemConfigGlobal * Regenerate semver-lock.json for SystemConfigGlobal and TEEVerifier changes * correct SystemConfigGlobal.t.sol testInitialization() test cases to check correct version() number * use a proof threshold and allow ZK proofs after TEE nullification (#199) * use a proof threshold and allow ZK proofs after TEE nullification * pr feedback * update deployment scripts and tests * allow tee nullfiication when a zk proof exists. extend timestamp in this case to allow for zk nullification * Fix stack-too-deep in DeployImplementations and regenerate semver-lock * add multiproofProofThreshold to DeployConfig.s.sol to fix CI failures * Correct semver comment * Regenerate semver-lock following fix --------- Co-authored-by: roger-bai-coinbase <roger.bai@coinbase.com> * pr feedback: delete unecessary snapshots --------- Co-authored-by: Roger Bai <roger.bai@coinbase.com> Co-authored-by: Leopold Joy <leo@leopoldjoy.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR:
NitroValidator/CertManagerwith externalNitroEnclaveVerifier(Risc0 ZK path) inSystemConfigGlobal.ISemvertoSystemConfigGlobal,TEEVerifier, andAggregateVerifier.SystemConfigGlobalinto standardDeploy.s.solpipeline andInitializable.t.sol.DeployConfig.s.soland migrates dev deploy scripts to use it, removing separatesepolia-no-nitro.json/sepolia-with-nitro.jsonconfig files.TEEVerifierproof format to matchAggregateVerifier'sl1headchange (85 bytes instead of 149).pubKeylength check inSystemConfigGlobal.registerSignerfor defense-in-depth.