AggLayer: Add claim unsetting mechanism #2703
Description
Description
The Solidity sovereign chain bridge (BridgeL2SovereignChain.sol) provides unsetMultipleClaims(uint256[] calldata globalIndexes), gated by onlyGlobalExitRootRemover. Each unset updates a running hash chain (unsetGlobalIndexHashChain = efficientKeccak256(unsetGlobalIndexHashChain, globalIndex)) and calls _unsetClaimedBitmap(globalIndex) to XOR the corresponding claim bit back. Claim unsetting is something sovereign chains can opt into, not a hard requirement from the base bridge protocol.
The Miden bridge's claim nullifier system is irreversible. In bridge_in.masm, the set_and_check_claimed procedure writes [1, 0, 0, 0] to the CLAIM_NULLIFIERS_SLOT map under the key Poseidon2::hash_elements(leaf_index, source_bridge_network), and panics if the old value was non-zero. No reverse operation exists to clear a set nullifier.
Impact
If a claim is processed with incorrect data (e.g., wrong amount due to a bug in the Integration Service), the nullifier is permanently set. The correct claim for that (leaf_index, source_bridge_network) pair can never be processed, effectively locking the user's funds with no recovery path.
Recommended Action
Add an unset_claim procedure gated by a trusted role (bridge admin or GER remover) that clears a previously set claim nullifier, allowing the claim to be re-processed. The procedure should verify the nullifier was actually set before clearing it, and maintain a running Keccak-256 hash chain of all unset global indices for auditability.
References
bridge_in.masm(set_and_check_claimed,assert_claim_not_spent)bridge.rsBridgeL2SovereignChain.sol
Classification
This feature is part of the sovereign chain extension (BridgeL2SovereignChain), not the base bridge contract. Claim unsetting is something sovereign chains can opt into, not a hard requirement from the base bridge protocol.