AggLayer: Track GER insertion hash chain #2707
Description
Description
The Solidity sovereign chain GER manager (GlobalExitRootManagerL2SovereignChain.sol) maintains a running hash chain of all inserted GERs via insertedGERHashChain. Each call to insertGlobalExitRoot() updates this chain: insertedGERHashChain = efficientKeccak256(insertedGERHashChain, _newRoot). This enables compact proofs of the complete GER insertion sequence. The GER insertion hash chain is something sovereign chains can opt into, not a hard requirement from the base bridge protocol.
The Miden bridge's update_ger procedure stores the GER in the ger_map but does not update any chain hash. The bridge does maintain a Claimed Global Index (CGI) chain hash via the cgi_chain_hash_lo/hi slots (updated in bridge_in::claim), but there is no analogous tracking for GER insertions.
Impact
The bridge cannot generate compact proofs of which GERs have been inserted and in what order. This may affect the ability of the prover to construct validity proofs that include GER state transitions, and makes auditing the GER insertion history more difficult.
Recommended Action
Maintain a running Keccak-256 hash chain of all inserted GERs, following the same pattern as the existing CGI chain hash (cgi_chain_hash_lo/hi slots). Modify update_ger to compute Keccak256(old_chain || GER) after each insertion and store the result. The procedure will need to be restructured to preserve the original GER values before the Poseidon hash, since the chain hash requires the raw GER.
References
Classification
This feature is part of the sovereign chain extension (GlobalExitRootManagerL2SovereignChain), not the base bridge contract. The GER insertion hash chain is something sovereign chains can opt into, not a hard requirement from the base bridge protocol.