Merge pull request #1433 from OffchainLabs/address-verifier

Use IsSequencer mapping

arbnode/node.go

@@ -813,15 +813,15 @@ func createNodeImpl(
 	var txPublisher TransactionPublisher
 	var coordinator *SeqCoordinator
 	var sequencer *Sequencer
-	var bpVerifier *contracts.BatchPosterVerifier
+	var bpVerifier *contracts.AddressVerifier
 	if deployInfo != nil && l1client != nil {
 		sequencerInboxAddr := deployInfo.SequencerInbox
 
 		seqInboxCaller, err := bridgegen.NewSequencerInboxCaller(sequencerInboxAddr, l1client)
 		if err != nil {
 			return nil, err
 		}
-		bpVerifier = contracts.NewBatchPosterVerifier(seqInboxCaller)
+		bpVerifier = contracts.NewAddressVerifier(seqInboxCaller)
 	}
 
 	if config.Sequencer.Enable {

arbnode/seq_coordinator.go

@@ -121,7 +121,7 @@ var TestSeqCoordinatorConfig = SeqCoordinatorConfig{
 	Signing:           signature.DefaultSignVerifyConfig,
 }
 
-func NewSeqCoordinator(dataSigner signature.DataSignerFunc, bpvalidator *contracts.BatchPosterVerifier, streamer *TransactionStreamer, sequencer *Sequencer, sync *SyncMonitor, config SeqCoordinatorConfig) (*SeqCoordinator, error) {
+func NewSeqCoordinator(dataSigner signature.DataSignerFunc, bpvalidator *contracts.AddressVerifier, streamer *TransactionStreamer, sequencer *Sequencer, sync *SyncMonitor, config SeqCoordinatorConfig) (*SeqCoordinator, error) {
 	redisCoordinator, err := redisutil.NewRedisCoordinator(config.RedisUrl)
 	if err != nil {
 		return nil, err

broadcastclient/broadcastclient.go

@@ -140,10 +140,10 @@ func NewBroadcastClient(
 	txStreamer TransactionStreamerInterface,
 	confirmedSequencerNumberListener chan arbutil.MessageIndex,
 	fatalErrChan chan error,
-	bpVerifier contracts.BatchPosterVerifierInterface,
+	addrVerifier contracts.AddressVerifierInterface,
 	adjustCount func(int32),
 ) (*BroadcastClient, error) {
-	sigVerifier, err := signature.NewVerifier(&config.Verifier, bpVerifier)
+	sigVerifier, err := signature.NewVerifier(&config.Verifier, addrVerifier)
 	if err != nil {
 		return nil, err
 	}

broadcastclient/broadcastclient_test.go

@@ -156,14 +156,14 @@ func (ts *dummyTransactionStreamer) AddBroadcastMessages(feedMessages []*broadca
 
 func newTestBroadcastClient(config Config, listenerAddress net.Addr, chainId uint64, currentMessageCount arbutil.MessageIndex, txStreamer TransactionStreamerInterface, confirmedSequenceNumberListener chan arbutil.MessageIndex, feedErrChan chan error, validAddr *common.Address) (*BroadcastClient, error) {
 	port := listenerAddress.(*net.TCPAddr).Port
-	var bpv contracts.BatchPosterVerifierInterface
+	var av contracts.AddressVerifierInterface
 	if validAddr != nil {
 		config.Verifier.AcceptSequencer = true
-		bpv = contracts.NewMockBatchPosterVerifier(*validAddr)
+		av = contracts.NewMockAddressVerifier(*validAddr)
 	} else {
 		config.Verifier.AcceptSequencer = false
 	}
-	return NewBroadcastClient(config, fmt.Sprintf("ws://127.0.0.1:%d/", port), chainId, currentMessageCount, txStreamer, confirmedSequenceNumberListener, feedErrChan, bpv, func(_ int32) {})
+	return NewBroadcastClient(config, fmt.Sprintf("ws://127.0.0.1:%d/", port), chainId, currentMessageCount, txStreamer, confirmedSequenceNumberListener, feedErrChan, av, func(_ int32) {})
 }
 
 func startMakeBroadcastClient(ctx context.Context, t *testing.T, clientConfig Config, addr net.Addr, index int, expectedCount int, chainId uint64, wg *sync.WaitGroup, sequencerAddr *common.Address) {

broadcastclients/broadcastclients.go

@@ -28,7 +28,7 @@ func NewBroadcastClients(
 	txStreamer broadcastclient.TransactionStreamerInterface,
 	confirmedSequenceNumberListener chan arbutil.MessageIndex,
 	fatalErrChan chan error,
-	bpVerifier contracts.BatchPosterVerifierInterface,
+	addrVerifier contracts.AddressVerifierInterface,
 ) (*BroadcastClients, error) {
 	urlCount := len(config.URLs)
 	if urlCount <= 0 {
@@ -47,7 +47,7 @@ func NewBroadcastClients(
 			txStreamer,
 			confirmedSequenceNumberListener,
 			fatalErrChan,
-			bpVerifier,
+			addrVerifier,
 			func(delta int32) { clients.adjustCount(delta) },
 		)
 		if err != nil {

das/aggregator.go

@@ -60,7 +60,7 @@ type Aggregator struct {
 	maxAllowedServiceStoreFailures int
 	keysetHash                     [32]byte
 	keysetBytes                    []byte
-	bpVerifier                     *contracts.BatchPosterVerifier
+	addrVerifier                   *contracts.AddressVerifier
 }
 
 type ServiceDetails struct {
@@ -153,9 +153,9 @@ func NewAggregatorWithSeqInboxCaller(
 		os.Exit(0)
 	}
 
-	var bpVerifier *contracts.BatchPosterVerifier
+	var addrVerifier *contracts.AddressVerifier
 	if seqInboxCaller != nil {
-		bpVerifier = contracts.NewBatchPosterVerifier(seqInboxCaller)
+		addrVerifier = contracts.NewAddressVerifier(seqInboxCaller)
 	}
 
 	return &Aggregator{
@@ -166,7 +166,7 @@ func NewAggregatorWithSeqInboxCaller(
 		maxAllowedServiceStoreFailures: config.AggregatorConfig.AssumedHonest - 1,
 		keysetHash:                     keysetHash,
 		keysetBytes:                    ksBuf.Bytes(),
-		bpVerifier:                     bpVerifier,
+		addrVerifier:                   addrVerifier,
 	}, nil
 }
 
@@ -196,16 +196,16 @@ type storeResponse struct {
 // signature is not checked, which is useful for testing.
 func (a *Aggregator) Store(ctx context.Context, message []byte, timeout uint64, sig []byte) (*arbstate.DataAvailabilityCertificate, error) {
 	log.Trace("das.Aggregator.Store", "message", pretty.FirstFewBytes(message), "timeout", time.Unix(int64(timeout), 0), "sig", pretty.FirstFewBytes(sig))
-	if a.bpVerifier != nil {
+	if a.addrVerifier != nil {
 		actualSigner, err := DasRecoverSigner(message, timeout, sig)
 		if err != nil {
 			return nil, err
 		}
-		isBatchPoster, err := a.bpVerifier.IsBatchPoster(ctx, actualSigner)
+		isBatchPosterOrSequencer, err := a.addrVerifier.IsBatchPosterOrSequencer(ctx, actualSigner)
 		if err != nil {
 			return nil, err
 		}
-		if !isBatchPoster {
+		if !isBatchPosterOrSequencer {
 			return nil, errors.New("store request not properly signed")
 		}
 	}

das/sign_after_store_das.go

@@ -79,7 +79,7 @@ type SignAfterStoreDAS struct {
 	keysetHash     [32]byte
 	keysetBytes    []byte
 	storageService StorageService
-	bpVerifier     *contracts.BatchPosterVerifier
+	addrVerifier   *contracts.AddressVerifier
 
 	// Extra batch poster verifier, for local installations to have their
 	// own way of testing Stores.
@@ -137,9 +137,9 @@ func NewSignAfterStoreDASWithSeqInboxCaller(
 		return nil, err
 	}
 
-	var bpVerifier *contracts.BatchPosterVerifier
+	var addrVerifier *contracts.AddressVerifier
 	if seqInboxCaller != nil {
-		bpVerifier = contracts.NewBatchPosterVerifier(seqInboxCaller)
+		addrVerifier = contracts.NewAddressVerifier(seqInboxCaller)
 	}
 
 	var extraBpVerifier func(message []byte, timeout uint64, sig []byte) bool
@@ -175,7 +175,7 @@ func NewSignAfterStoreDASWithSeqInboxCaller(
 		keysetHash:      ksHash,
 		keysetBytes:     ksBuf.Bytes(),
 		storageService:  storageService,
-		bpVerifier:      bpVerifier,
+		addrVerifier:    addrVerifier,
 		extraBpVerifier: extraBpVerifier,
 	}, nil
 }
@@ -189,16 +189,16 @@ func (d *SignAfterStoreDAS) Store(
 		verified = d.extraBpVerifier(message, timeout, sig)
 	}
 
-	if !verified && d.bpVerifier != nil {
+	if !verified && d.addrVerifier != nil {
 		actualSigner, err := DasRecoverSigner(message, timeout, sig)
 		if err != nil {
 			return nil, err
 		}
-		isBatchPoster, err := d.bpVerifier.IsBatchPoster(ctx, actualSigner)
+		isBatchPosterOrSequencer, err := d.addrVerifier.IsBatchPosterOrSequencer(ctx, actualSigner)
 		if err != nil {
 			return nil, err
 		}
-		if !isBatchPoster {
+		if !isBatchPosterOrSequencer {
 			return nil, errors.New("store request not properly signed")
 		}
 	}

util/contracts/batch_poster_verifier.go → util/contracts/address_verifier.go

@@ -13,7 +13,7 @@ import (
 	"github.com/offchainlabs/nitro/solgen/go/bridgegen"
 )
 
-type BatchPosterVerifier struct {
+type AddressVerifier struct {
 	seqInboxCaller *bridgegen.SequencerInboxCaller
 	cache          map[common.Address]bool
 	cacheExpiry    time.Time
@@ -24,17 +24,17 @@ type BatchPosterVerifier struct {
 // consequences of a false positive (accepting a Store from a recently retired batch poster), but we don't want
 // to accept the consequences of a false negative (rejecting a Store from a recently added batch poster).
 
-var batchPosterVerifierLifetime = time.Hour
+var addressVerifierLifetime = time.Hour
 
-func NewBatchPosterVerifier(seqInboxCaller *bridgegen.SequencerInboxCaller) *BatchPosterVerifier {
-	return &BatchPosterVerifier{
+func NewAddressVerifier(seqInboxCaller *bridgegen.SequencerInboxCaller) *AddressVerifier {
+	return &AddressVerifier{
 		seqInboxCaller: seqInboxCaller,
 		cache:          make(map[common.Address]bool),
-		cacheExpiry:    time.Now().Add(batchPosterVerifierLifetime),
+		cacheExpiry:    time.Now().Add(addressVerifierLifetime),
 	}
 }
 
-func (bpv *BatchPosterVerifier) IsBatchPoster(ctx context.Context, addr common.Address) (bool, error) {
+func (bpv *AddressVerifier) IsBatchPosterOrSequencer(ctx context.Context, addr common.Address) (bool, error) {
 	bpv.mutex.Lock()
 	if time.Now().After(bpv.cacheExpiry) {
 		if err := bpv.flushCache_locked(ctx); err != nil {
@@ -48,44 +48,52 @@ func (bpv *BatchPosterVerifier) IsBatchPoster(ctx context.Context, addr common.A
 	}
 	bpv.mutex.Unlock()
 
-	isBatchPoster, err := bpv.seqInboxCaller.IsBatchPoster(&bind.CallOpts{Context: ctx}, addr)
+	result, err := bpv.seqInboxCaller.IsBatchPoster(&bind.CallOpts{Context: ctx}, addr)
 	if err != nil {
 		return false, err
 	}
-	if isBatchPoster {
+	if !result {
+		var err error
+		result, err = bpv.seqInboxCaller.IsSequencer(&bind.CallOpts{Context: ctx}, addr)
+		if err != nil {
+			return false, err
+		}
+	}
+	if result {
 		bpv.mutex.Lock()
 		bpv.cache[addr] = true
 		bpv.mutex.Unlock()
+		return true, nil
 	}
-	return isBatchPoster, nil
+	return result, nil
 }
 
-func (bpv *BatchPosterVerifier) FlushCache(ctx context.Context) error {
+func (bpv *AddressVerifier) FlushCache(ctx context.Context) error {
 	bpv.mutex.Lock()
 	defer bpv.mutex.Unlock()
 	return bpv.flushCache_locked(ctx)
 }
 
-func (bpv *BatchPosterVerifier) flushCache_locked(ctx context.Context) error {
+func (bpv *AddressVerifier) flushCache_locked(ctx context.Context) error {
 	bpv.cache = make(map[common.Address]bool)
-	bpv.cacheExpiry = time.Now().Add(batchPosterVerifierLifetime)
+	bpv.cacheExpiry = time.Now().Add(addressVerifierLifetime)
 	return nil
 }
 
-func NewMockBatchPosterVerifier(validAddr common.Address) *MockBatchPosterVerifier {
-	return &MockBatchPosterVerifier{
+func NewMockAddressVerifier(validAddr common.Address) *MockAddressVerifier {
+	return &MockAddressVerifier{
 		validAddr: validAddr,
 	}
 }
 
-type MockBatchPosterVerifier struct {
+type MockAddressVerifier struct {
 	validAddr common.Address
 }
 
-func (bpv *MockBatchPosterVerifier) IsBatchPoster(_ context.Context, addr common.Address) (bool, error) {
+func (bpv *MockAddressVerifier) IsBatchPosterOrSequencer(_ context.Context, addr common.Address) (bool, error) {
 	return addr == bpv.validAddr, nil
 }
 
-type BatchPosterVerifierInterface interface {
-	IsBatchPoster(ctx context.Context, addr common.Address) (bool, error)
+type AddressVerifierInterface interface {
+	IsBatchPosterOrSequencer(ctx context.Context, addr common.Address) (bool, error)
 }

util/signature/sign_verify.go

@@ -39,7 +39,7 @@ var DefaultSignVerifyConfig = SignVerifyConfig{
 	Symmetric:         TestSimpleHmacConfig,
 }
 
-func NewSignVerify(config *SignVerifyConfig, signerFunc DataSignerFunc, bpValidator contracts.BatchPosterVerifierInterface) (*SignVerify, error) {
+func NewSignVerify(config *SignVerifyConfig, signerFunc DataSignerFunc, bpValidator contracts.AddressVerifierInterface) (*SignVerify, error) {
 	var fallback *SimpleHmac
 	if config.SymmetricFallback {
 		var err error

util/signature/verifier.go

@@ -19,7 +19,7 @@ import (
 type Verifier struct {
 	config        *VerifierConfig
 	authorizedMap map[common.Address]struct{}
-	bpValidator   contracts.BatchPosterVerifierInterface
+	addrVerifier  contracts.AddressVerifierInterface
 }
 
 type VerifierConfig struct {
@@ -62,19 +62,19 @@ var TestingFeedVerifierConfig = VerifierConfig{
 	},
 }
 
-func NewVerifier(config *VerifierConfig, bpValidator contracts.BatchPosterVerifierInterface) (*Verifier, error) {
+func NewVerifier(config *VerifierConfig, addrVerifier contracts.AddressVerifierInterface) (*Verifier, error) {
 	authorizedMap := make(map[common.Address]struct{}, len(config.AllowedAddresses))
 	for _, addrString := range config.AllowedAddresses {
 		addr := common.HexToAddress(addrString)
 		authorizedMap[addr] = struct{}{}
 	}
-	if bpValidator == nil && !config.Dangerous.AcceptMissing && config.AcceptSequencer {
+	if addrVerifier == nil && !config.Dangerous.AcceptMissing && config.AcceptSequencer {
 		return nil, errors.New("cannot read batch poster addresses")
 	}
 	return &Verifier{
 		config:        config,
 		authorizedMap: authorizedMap,
-		bpValidator:   bpValidator,
+		addrVerifier:  addrVerifier,
 	}, nil
 }
 
@@ -107,20 +107,20 @@ func (v *Verifier) verifyClosure(ctx context.Context, sig []byte, hash common.Ha
 		return nil
 	}
 
-	if v.config.Dangerous.AcceptMissing && v.bpValidator == nil {
+	if v.config.Dangerous.AcceptMissing && v.addrVerifier == nil {
 		return nil
 	}
 
-	if !v.config.AcceptSequencer || v.bpValidator == nil {
+	if !v.config.AcceptSequencer || v.addrVerifier == nil {
 		return ErrSignerNotApproved
 	}
 
-	batchPoster, err := v.bpValidator.IsBatchPoster(ctx, addr)
+	batchPosterOrSequencer, err := v.addrVerifier.IsBatchPosterOrSequencer(ctx, addr)
 	if err != nil {
 		return err
 	}
 
-	if !batchPoster {
+	if !batchPosterOrSequencer {
 		return ErrSignerNotApproved
 	}
 

util/signature/verifier_test.go

@@ -82,7 +82,7 @@ func TestVerifierBatchPoster(t *testing.T) {
 	signingAddr := crypto.PubkeyToAddress(privateKey.PublicKey)
 	dataSigner := DataSignerFromPrivateKey(privateKey)
 
-	bpVerifier := contracts.NewMockBatchPosterVerifier(signingAddr)
+	bpVerifier := contracts.NewMockAddressVerifier(signingAddr)
 	config := TestingFeedVerifierConfig
 	config.AcceptSequencer = true
 	verifier, err := NewVerifier(&config, bpVerifier)