diff --git a/deployments/11155111-dev-no-nitro.json b/deployments/11155111-dev-no-nitro.json index f98679b2..5d7f9252 100644 --- a/deployments/11155111-dev-no-nitro.json +++ b/deployments/11155111-dev-no-nitro.json @@ -1 +1 @@ -{"SystemConfigGlobal":"0xf8293c0f3a36A746B559a1a51870339B20F60945","TEEVerifier":"0x82453dA61B397EE366fB2129502de9c216480aB6","DisputeGameFactory":"0xfEa8Cb315F75d838b6c76ae336a9255f81df0D50","AnchorStateRegistry":"0x556BD554854504BE2F2023F6531D25eF6f6Fe77D","DelayedWETH":"0xb1FB7f05711d2270cD658448562A29E8c5C95E9E","AggregateVerifier":"0xeeF18F1640fa79f919799B5D629908909e715f97"} \ No newline at end of file +{"TEEProverRegistry":"0x8897f8E1379C7548caE146e0ee26f6b1108A8570","TEEVerifier":"0xB319EA8fAac05BB01ABcce3671BC66c5A1f9A077","DisputeGameFactory":"0xF2e2f5F97e1aE0899924bE4Dd1D1795052Ea7551","AnchorStateRegistry":"0x59C17E560057A1cF2327E6Be35b070E46e4EC8b4","DelayedWETH":"0xD455276eF429eE495d91567BF3e78066bdfAc2b8","AggregateVerifier":"0x3EE78cfac34D7Cbe49D35B901B354272d2084951"} \ No newline at end of file diff --git a/scripts/deploy/Deploy.s.sol b/scripts/deploy/Deploy.s.sol index 77d2ddd4..cc91cad7 100644 --- a/scripts/deploy/Deploy.s.sol +++ b/scripts/deploy/Deploy.s.sol @@ -309,7 +309,7 @@ contract Deploy is Deployer { artifacts.save("PreimageOracle", address(dio.preimageOracleSingleton)); artifacts.save("PermissionedDisputeGame", address(dio.permissionedDisputeGameV2Impl)); artifacts.save("AggregateVerifier", address(dio.aggregateVerifierImpl)); - artifacts.save("SystemConfigGlobal", address(dio.systemConfigGlobalImpl)); + artifacts.save("TEEProverRegistry", address(dio.teeProverRegistryImpl)); // Get a contract set from the implementation addresses which were just deployed. Types.ContractSet memory impls = ChainAssertions.dioToContractSet(dio); diff --git a/scripts/deploy/DeployImplementations.s.sol b/scripts/deploy/DeployImplementations.s.sol index 6ba8570a..f38f2807 100644 --- a/scripts/deploy/DeployImplementations.s.sol +++ b/scripts/deploy/DeployImplementations.s.sol @@ -47,7 +47,7 @@ import { DevFeatures } from "src/libraries/DevFeatures.sol"; import { INitroEnclaveVerifier } from "lib/aws-nitro-enclave-attestation/contracts/src/interfaces/INitroEnclaveVerifier.sol"; -import { SystemConfigGlobal } from "src/multiproof/tee/SystemConfigGlobal.sol"; +import { TEEProverRegistry } from "src/multiproof/tee/TEEProverRegistry.sol"; import { MockVerifier } from "src/multiproof/mocks/MockVerifier.sol"; import { TEEVerifier } from "src/multiproof/tee/TEEVerifier.sol"; import { AggregateVerifier } from "src/multiproof/AggregateVerifier.sol"; @@ -114,7 +114,7 @@ contract DeployImplementations is Script { ISuperFaultDisputeGame superFaultDisputeGameImpl; ISuperPermissionedDisputeGame superPermissionedDisputeGameImpl; IVerifier aggregateVerifierImpl; - SystemConfigGlobal systemConfigGlobalImpl; + TEEProverRegistry teeProverRegistryImpl; } bytes32 internal _salt = DeployUtils.DEFAULT_SALT; @@ -721,9 +721,9 @@ contract DeployImplementations is Script { address teeVerifierImpl; { - SystemConfigGlobal scgImpl = new SystemConfigGlobal(INitroEnclaveVerifier(_input.nitroEnclaveVerifier)); - vm.label(address(scgImpl), "SystemConfigGlobalImpl"); - _output.systemConfigGlobalImpl = scgImpl; + TEEProverRegistry scgImpl = new TEEProverRegistry(INitroEnclaveVerifier(_input.nitroEnclaveVerifier)); + vm.label(address(scgImpl), "TEEProverRegistryImpl"); + _output.teeProverRegistryImpl = scgImpl; teeVerifierImpl = address(new TEEVerifier(scgImpl, _output.anchorStateRegistryImpl)); } diff --git a/scripts/multiproof/DeployDevNoNitro.s.sol b/scripts/multiproof/DeployDevNoNitro.s.sol index de32d62a..7206759c 100644 --- a/scripts/multiproof/DeployDevNoNitro.s.sol +++ b/scripts/multiproof/DeployDevNoNitro.s.sol @@ -9,7 +9,7 @@ pragma solidity 0.8.15; * DEPLOYMENT TYPE: DEV (NO NITRO) * ══════════════════════════════════════════════════════════════════════════════════ * - * This script deploys infrastructure using DevSystemConfigGlobal, which BYPASSES + * This script deploys infrastructure using DevTEEProverRegistry, which BYPASSES * AWS Nitro attestation validation. Signers can be registered with a simple call * to addDevSigner() without needing a real Nitro enclave or attestation document. * @@ -28,7 +28,7 @@ pragma solidity 0.8.15; * * After deployment, register a signer with a single call: * - * cast send $SYSTEM_CONFIG_GLOBAL \ + * cast send $TEE_PROVER_REGISTRY \ * "addDevSigner(address,bytes32)" $SIGNER_ADDRESS $TEE_IMAGE_HASH \ * --private-key $OWNER_KEY --rpc-url $RPC_URL * @@ -38,14 +38,14 @@ pragma solidity 0.8.15; * COMPARISON WITH DeployDevWithNitro * ───────────────────────────────────────────────────────────────────────────────── * - * | Feature | DeployDevNoNitro | DeployDevWithNitro | - * |----------------------------|----------------------|------------------------| - * | SystemConfigGlobal | DevSystemConfigGlobal | SystemConfigGlobal | - * | Signer registration | addDevSigner() | registerSigner() | - * | Requires Nitro enclave | No | Yes | - * | Validates attestation (ZK) | No | Yes | - * | PCR0 pre-registration | No | Yes | - * | Attestation freshness | N/A | < 60 minutes | + * | Feature | DeployDevNoNitro | DeployDevWithNitro | + * |----------------------------|------------------------|------------------------| + * | TEEProverRegistry | DevTEEProverRegistry | TEEProverRegistry | + * | Signer registration | addDevSigner() | registerSigner() | + * | Requires Nitro enclave | No | Yes | + * | Validates attestation (ZK) | No | Yes | + * | PCR0 pre-registration | No | Yes | + * | Attestation freshness | N/A | < 60 minutes | * * Both scripts use mocks for AnchorStateRegistry, DelayedWETH, and ZK Verifier. * @@ -71,8 +71,8 @@ import { DeployUtils } from "scripts/libraries/DeployUtils.sol"; import { AggregateVerifier } from "src/multiproof/AggregateVerifier.sol"; import { IVerifier } from "interfaces/multiproof/IVerifier.sol"; import { MockVerifier } from "src/multiproof/mocks/MockVerifier.sol"; -import { DevSystemConfigGlobal } from "src/multiproof/mocks/MockDevSystemConfigGlobal.sol"; -import { SystemConfigGlobal } from "src/multiproof/tee/SystemConfigGlobal.sol"; +import { DevTEEProverRegistry } from "src/multiproof/mocks/MockDevTEEProverRegistry.sol"; +import { TEEProverRegistry } from "src/multiproof/tee/TEEProverRegistry.sol"; import { TEEVerifier } from "src/multiproof/tee/TEEVerifier.sol"; import { MinimalProxyAdmin } from "./mocks/MinimalProxyAdmin.sol"; @@ -81,7 +81,7 @@ import { MockDelayedWETH } from "./mocks/MockDelayedWETH.sol"; /// @title DeployDevNoNitro /// @notice Development deployment WITHOUT AWS Nitro attestation validation. -/// @dev Uses DevSystemConfigGlobal which allows addDevSigner() to bypass attestation. +/// @dev Uses DevTEEProverRegistry which allows addDevSigner() to bypass attestation. contract DeployDevNoNitro is Script { /// @notice Constant from Optimism's Constants.sol - the storage slot for proxy admin. bytes32 internal constant PROXY_OWNER_ADDRESS = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; @@ -95,7 +95,7 @@ contract DeployDevNoNitro is Script { DeployConfig(address(uint160(uint256(keccak256(abi.encode("optimism.deployconfig")))))); // Deployed addresses - address public systemConfigGlobalProxy; + address public teeProverRegistryProxy; address public teeVerifier; address public disputeGameFactory; address public mockAnchorRegistry; @@ -116,7 +116,7 @@ contract DeployDevNoNitro is Script { console.log("TEE Proposer:", cfg.teeProposer()); console.log("Game Type:", cfg.multiproofGameType()); console.log(""); - console.log("NOTE: Using DevSystemConfigGlobal - NO attestation required."); + console.log("NOTE: Using DevTEEProverRegistry - NO attestation required."); vm.startBroadcast(); @@ -132,22 +132,22 @@ contract DeployDevNoNitro is Script { } function _deployTEEContracts(address owner) internal { - address scgImpl = address(new DevSystemConfigGlobal(INitroEnclaveVerifier(address(0)))); - systemConfigGlobalProxy = address( + address scgImpl = address(new DevTEEProverRegistry(INitroEnclaveVerifier(address(0)))); + teeProverRegistryProxy = address( new TransparentUpgradeableProxy( - scgImpl, address(0xdead), abi.encodeCall(SystemConfigGlobal.initialize, (owner, owner)) + scgImpl, address(0xdead), abi.encodeCall(TEEProverRegistry.initialize, (owner, owner)) ) ); - console.log("DevSystemConfigGlobal:", systemConfigGlobalProxy); + console.log("DevTEEProverRegistry:", teeProverRegistryProxy); teeVerifier = address( - new TEEVerifier(SystemConfigGlobal(systemConfigGlobalProxy), IAnchorStateRegistry(mockAnchorRegistry)) + new TEEVerifier(TEEProverRegistry(teeProverRegistryProxy), IAnchorStateRegistry(mockAnchorRegistry)) ); console.log("TEEVerifier:", teeVerifier); } function _registerProposer(address teeProposer) internal { - SystemConfigGlobal(systemConfigGlobalProxy).setProposer(teeProposer, true); + TEEProverRegistry(teeProverRegistryProxy).setProposer(teeProposer, true); console.log("Registered TEE proposer:", teeProposer); } @@ -209,7 +209,7 @@ contract DeployDevNoNitro is Script { console.log(" DEV DEPLOYMENT COMPLETE (NO NITRO)"); console.log("========================================"); console.log("\nTEE Contracts:"); - console.log(" DevSystemConfigGlobal:", systemConfigGlobalProxy); + console.log(" DevTEEProverRegistry:", teeProverRegistryProxy); console.log(" TEEVerifier:", teeVerifier); console.log("\nInfrastructure:"); console.log(" DisputeGameFactory:", disputeGameFactory); @@ -222,7 +222,7 @@ contract DeployDevNoNitro is Script { console.log(" Config Hash:", vm.toString(cfg.multiproofConfigHash())); console.log("========================================"); console.log("\n>>> NEXT STEP - Register dev signer (NO ATTESTATION NEEDED) <<<"); - console.log("\ncast send", systemConfigGlobalProxy); + console.log("\ncast send", teeProverRegistryProxy); console.log(' "addDevSigner(address,bytes32)" '); console.log(" ", vm.toString(cfg.teeImageHash())); console.log(" --private-key --rpc-url "); @@ -232,8 +232,8 @@ contract DeployDevNoNitro is Script { function _writeOutput() internal { string memory outPath = string.concat("deployments/", vm.toString(block.chainid), "-dev-no-nitro.json"); string memory output = string.concat( - '{"SystemConfigGlobal":"', - vm.toString(systemConfigGlobalProxy), + '{"TEEProverRegistry":"', + vm.toString(teeProverRegistryProxy), '","TEEVerifier":"', vm.toString(teeVerifier), '","DisputeGameFactory":"', diff --git a/scripts/multiproof/DeployDevWithNitro.s.sol b/scripts/multiproof/DeployDevWithNitro.s.sol index be9edf89..add43ec6 100644 --- a/scripts/multiproof/DeployDevWithNitro.s.sol +++ b/scripts/multiproof/DeployDevWithNitro.s.sol @@ -9,7 +9,7 @@ pragma solidity 0.8.15; * DEPLOYMENT TYPE: DEV (WITH NITRO) * ══════════════════════════════════════════════════════════════════════════════════ * - * This script deploys infrastructure using the REAL SystemConfigGlobal, which + * This script deploys infrastructure using the REAL TEEProverRegistry, which * REQUIRES a ZK proof of a valid AWS Nitro attestation for signer registration. * You cannot use addDevSigner() - you must go through the full registerSigner() flow. * A pre-deployed NitroEnclaveVerifier contract address must be provided in the config. @@ -38,7 +38,7 @@ pragma solidity 0.8.15; * PCR0_RAW="0x<48_bytes_hex>" * * # Register it (only owner can do this) - * cast send $SYSTEM_CONFIG_GLOBAL "registerPCR0(bytes)" $PCR0_RAW \ + * cast send $TEE_PROVER_REGISTRY "registerPCR0(bytes)" $PCR0_RAW \ * --private-key $OWNER_KEY --rpc-url $RPC_URL * * Note: The teeImageHash in deploy-config is keccak256(PCR0_RAW), not the raw bytes. @@ -49,7 +49,7 @@ pragma solidity 0.8.15; * * Generate a Risc0 ZK proof of the Nitro attestation offchain, then call: * - * cast send $SYSTEM_CONFIG_GLOBAL \ + * cast send $TEE_PROVER_REGISTRY \ * "registerSigner(bytes,bytes)" $ZK_OUTPUT $ZK_PROOF_BYTES \ * --private-key $OWNER_OR_MANAGER_KEY --rpc-url $RPC_URL * @@ -63,23 +63,23 @@ pragma solidity 0.8.15; * After registration, verify the signer is registered: * * # Check if signer is valid - * cast call $SYSTEM_CONFIG_GLOBAL "isValidSigner(address)(bool)" $SIGNER_ADDRESS + * cast call $TEE_PROVER_REGISTRY "isValidSigner(address)(bool)" $SIGNER_ADDRESS * * # Get the PCR0 hash associated with the signer - * cast call $SYSTEM_CONFIG_GLOBAL "signerPCR0(address)(bytes32)" $SIGNER_ADDRESS + * cast call $TEE_PROVER_REGISTRY "signerPCR0(address)(bytes32)" $SIGNER_ADDRESS * * ───────────────────────────────────────────────────────────────────────────────── * COMPARISON WITH DeployDevNoNitro * ───────────────────────────────────────────────────────────────────────────────── * - * | Feature | DeployDevNoNitro | DeployDevWithNitro | - * |----------------------------|----------------------|------------------------| - * | SystemConfigGlobal | DevSystemConfigGlobal | SystemConfigGlobal | - * | Signer registration | addDevSigner() | registerSigner() | - * | Requires Nitro enclave | No | Yes | - * | Validates attestation (ZK) | No | Yes | - * | PCR0 pre-registration | No | Yes | - * | Attestation freshness | N/A | < 60 minutes | + * | Feature | DeployDevNoNitro | DeployDevWithNitro | + * |----------------------------|------------------------|------------------------| + * | TEEProverRegistry | DevTEEProverRegistry | TEEProverRegistry | + * | Signer registration | addDevSigner() | registerSigner() | + * | Requires Nitro enclave | No | Yes | + * | Validates attestation (ZK) | No | Yes | + * | PCR0 pre-registration | No | Yes | + * | Attestation freshness | N/A | < 60 minutes | * * Both scripts use mocks for AnchorStateRegistry, DelayedWETH, and ZK Verifier. * @@ -105,7 +105,7 @@ import { DeployUtils } from "scripts/libraries/DeployUtils.sol"; import { AggregateVerifier } from "src/multiproof/AggregateVerifier.sol"; import { IVerifier } from "interfaces/multiproof/IVerifier.sol"; import { MockVerifier } from "src/multiproof/mocks/MockVerifier.sol"; -import { SystemConfigGlobal } from "src/multiproof/tee/SystemConfigGlobal.sol"; +import { TEEProverRegistry } from "src/multiproof/tee/TEEProverRegistry.sol"; import { TEEVerifier } from "src/multiproof/tee/TEEVerifier.sol"; import { MinimalProxyAdmin } from "./mocks/MinimalProxyAdmin.sol"; @@ -114,7 +114,7 @@ import { MockDelayedWETH } from "./mocks/MockDelayedWETH.sol"; /// @title DeployDevWithNitro /// @notice Development deployment WITH AWS Nitro attestation validation. -/// @dev Uses real SystemConfigGlobal which requires registerSigner() with valid attestation. +/// @dev Uses real TEEProverRegistry which requires registerSigner() with valid attestation. contract DeployDevWithNitro is Script { /// @notice Constant from Optimism's Constants.sol - the storage slot for proxy admin. bytes32 internal constant PROXY_OWNER_ADDRESS = 0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103; @@ -128,7 +128,7 @@ contract DeployDevWithNitro is Script { DeployConfig(address(uint160(uint256(keccak256(abi.encode("optimism.deployconfig")))))); // Deployed addresses - address public systemConfigGlobalProxy; + address public teeProverRegistryProxy; address public teeVerifier; address public disputeGameFactory; address public mockAnchorRegistry; @@ -149,7 +149,7 @@ contract DeployDevWithNitro is Script { console.log("TEE Proposer:", cfg.teeProposer()); console.log("Game Type:", cfg.multiproofGameType()); console.log(""); - console.log("NOTE: Using REAL SystemConfigGlobal - ZK attestation proof REQUIRED."); + console.log("NOTE: Using REAL TEEProverRegistry - ZK attestation proof REQUIRED."); console.log("NitroEnclaveVerifier:", cfg.nitroEnclaveVerifier()); vm.startBroadcast(); @@ -166,23 +166,23 @@ contract DeployDevWithNitro is Script { } function _deployTEEContracts(address owner, address _nitroEnclaveVerifier) internal { - address scgImpl = address(new SystemConfigGlobal(INitroEnclaveVerifier(_nitroEnclaveVerifier))); + address scgImpl = address(new TEEProverRegistry(INitroEnclaveVerifier(_nitroEnclaveVerifier))); console.log("NitroEnclaveVerifier (external):", _nitroEnclaveVerifier); - systemConfigGlobalProxy = address( + teeProverRegistryProxy = address( new TransparentUpgradeableProxy( - scgImpl, address(0xdead), abi.encodeCall(SystemConfigGlobal.initialize, (owner, owner)) + scgImpl, address(0xdead), abi.encodeCall(TEEProverRegistry.initialize, (owner, owner)) ) ); - console.log("SystemConfigGlobal:", systemConfigGlobalProxy); + console.log("TEEProverRegistry:", teeProverRegistryProxy); teeVerifier = address( - new TEEVerifier(SystemConfigGlobal(systemConfigGlobalProxy), IAnchorStateRegistry(mockAnchorRegistry)) + new TEEVerifier(TEEProverRegistry(teeProverRegistryProxy), IAnchorStateRegistry(mockAnchorRegistry)) ); console.log("TEEVerifier:", teeVerifier); } function _registerProposer(address teeProposer) internal { - SystemConfigGlobal(systemConfigGlobalProxy).setProposer(teeProposer, true); + TEEProverRegistry(teeProverRegistryProxy).setProposer(teeProposer, true); console.log("Registered TEE proposer:", teeProposer); } @@ -245,7 +245,7 @@ contract DeployDevWithNitro is Script { console.log("========================================"); console.log("\nTEE Contracts:"); console.log(" NitroEnclaveVerifier (external):", cfg.nitroEnclaveVerifier()); - console.log(" SystemConfigGlobal:", systemConfigGlobalProxy); + console.log(" TEEProverRegistry:", teeProverRegistryProxy); console.log(" TEEVerifier:", teeVerifier); console.log("\nInfrastructure:"); console.log(" DisputeGameFactory:", disputeGameFactory); @@ -259,12 +259,12 @@ contract DeployDevWithNitro is Script { console.log("========================================"); console.log("\n>>> NEXT STEPS (ZK ATTESTATION PROOF REQUIRED) <<<"); console.log("\n1. Register the PCR0 (raw 48-byte enclave image hash):"); - console.log(" cast send", systemConfigGlobalProxy); + console.log(" cast send", teeProverRegistryProxy); console.log(' "registerPCR0(bytes)" '); console.log(" --private-key --rpc-url "); console.log("\n2. Generate a Risc0 ZK proof of the Nitro attestation offchain."); console.log("\n3. Register signer with ZK proof:"); - console.log(" cast send", systemConfigGlobalProxy); + console.log(" cast send", teeProverRegistryProxy); console.log(' "registerSigner(bytes,bytes)" '); console.log(" --private-key --rpc-url "); console.log("\nSee the comments at the top of this file for full details."); @@ -274,8 +274,8 @@ contract DeployDevWithNitro is Script { function _writeOutput() internal { string memory outPath = string.concat("deployments/", vm.toString(block.chainid), "-dev-with-nitro.json"); string memory output = string.concat( - '{"SystemConfigGlobal":"', - vm.toString(systemConfigGlobalProxy), + '{"TEEProverRegistry":"', + vm.toString(teeProverRegistryProxy), '","TEEVerifier":"', vm.toString(teeVerifier), '","DisputeGameFactory":"', diff --git a/snapshots/abi/AggregateVerifier.json b/snapshots/abi/AggregateVerifier.json index 2a142bdd..38f06763 100644 --- a/snapshots/abi/AggregateVerifier.json +++ b/snapshots/abi/AggregateVerifier.json @@ -55,6 +55,11 @@ "internalType": "uint256", "name": "intermediateBlockInterval", "type": "uint256" + }, + { + "internalType": "uint256", + "name": "proofThreshold", + "type": "uint256" } ], "stateMutability": "nonpayable", @@ -190,6 +195,19 @@ "stateMutability": "view", "type": "function" }, + { + "inputs": [], + "name": "PROOF_THRESHOLD", + "outputs": [ + { + "internalType": "uint256", + "name": "", + "type": "uint256" + } + ], + "stateMutability": "view", + "type": "function" + }, { "inputs": [], "name": "SLOW_FINALIZATION_DELAY", @@ -322,10 +340,20 @@ }, { "inputs": [ + { + "internalType": "bytes", + "name": "proofBytes", + "type": "bytes" + }, { "internalType": "uint256", - "name": "gameIndex", + "name": "intermediateRootIndex", "type": "uint256" + }, + { + "internalType": "bytes32", + "name": "intermediateRootToProve", + "type": "bytes32" } ], "name": "challenge", @@ -349,12 +377,12 @@ }, { "inputs": [], - "name": "counteredByGameAddress", + "name": "counteredByIntermediateRootIndexPlusOne", "outputs": [ { - "internalType": "address", + "internalType": "uint256", "name": "", - "type": "address" + "type": "uint256" } ], "stateMutability": "view", @@ -581,6 +609,19 @@ "stateMutability": "pure", "type": "function" }, + { + "inputs": [], + "name": "proofCount", + "outputs": [ + { + "internalType": "uint8", + "name": "", + "type": "uint8" + } + ], + "stateMutability": "view", + "type": "function" + }, { "inputs": [], "name": "resolve", @@ -753,9 +794,9 @@ }, { "indexed": false, - "internalType": "contract IDisputeGame", - "name": "game", - "type": "address" + "internalType": "uint256", + "name": "intermediateRootIndex", + "type": "uint256" } ], "name": "Challenged", @@ -853,11 +894,6 @@ "name": "AlreadyProven", "type": "error" }, - { - "inputs": [], - "name": "BondRecipientEmpty", - "type": "error" - }, { "inputs": [], "name": "BondTransferFailed", @@ -868,11 +904,6 @@ "name": "ClaimAlreadyResolved", "type": "error" }, - { - "inputs": [], - "name": "CounteredByGameNotResolved", - "type": "error" - }, { "inputs": [], "name": "GameNotFinalized", @@ -940,11 +971,6 @@ "name": "InvalidBlockInterval", "type": "error" }, - { - "inputs": [], - "name": "InvalidCounteredByGame", - "type": "error" - }, { "inputs": [], "name": "InvalidGame", @@ -965,6 +991,11 @@ "name": "InvalidProof", "type": "error" }, + { + "inputs": [], + "name": "InvalidProofThreshold", + "type": "error" + }, { "inputs": [], "name": "InvalidProofType", @@ -1036,7 +1067,7 @@ }, { "inputs": [], - "name": "NoProofProvided", + "name": "NotEnoughProofs", "type": "error" }, { diff --git a/snapshots/abi/DevSystemConfigGlobal.json b/snapshots/abi/DevTEEProverRegistry.json similarity index 97% rename from snapshots/abi/DevSystemConfigGlobal.json rename to snapshots/abi/DevTEEProverRegistry.json index a082b6f7..6a61389f 100644 --- a/snapshots/abi/DevSystemConfigGlobal.json +++ b/snapshots/abi/DevTEEProverRegistry.json @@ -80,6 +80,19 @@ "stateMutability": "nonpayable", "type": "function" }, + { + "inputs": [], + "name": "getRegisteredSigners", + "outputs": [ + { + "internalType": "address[]", + "name": "", + "type": "address[]" + } + ], + "stateMutability": "view", + "type": "function" + }, { "inputs": [ { diff --git a/snapshots/abi/MockVerifier.json b/snapshots/abi/MockVerifier.json index d36cb2b2..7129f561 100644 --- a/snapshots/abi/MockVerifier.json +++ b/snapshots/abi/MockVerifier.json @@ -1,4 +1,48 @@ [ + { + "inputs": [ + { + "internalType": "contract IAnchorStateRegistry", + "name": "anchorStateRegistry", + "type": "address" + } + ], + "stateMutability": "nonpayable", + "type": "constructor" + }, + { + "inputs": [], + "name": "ANCHOR_STATE_REGISTRY", + "outputs": [ + { + "internalType": "contract IAnchorStateRegistry", + "name": "", + "type": "address" + } + ], + "stateMutability": "view", + "type": "function" + }, + { + "inputs": [], + "name": "nullified", + "outputs": [ + { + "internalType": "bool", + "name": "", + "type": "bool" + } + ], + "stateMutability": "view", + "type": "function" + }, + { + "inputs": [], + "name": "nullify", + "outputs": [], + "stateMutability": "nonpayable", + "type": "function" + }, { "inputs": [ { @@ -25,7 +69,17 @@ "type": "bool" } ], - "stateMutability": "pure", + "stateMutability": "view", "type": "function" + }, + { + "inputs": [], + "name": "NotProperGame", + "type": "error" + }, + { + "inputs": [], + "name": "Nullified", + "type": "error" } ] \ No newline at end of file diff --git a/snapshots/abi/SystemConfigGlobal.json b/snapshots/abi/TEEProverRegistry.json similarity index 97% rename from snapshots/abi/SystemConfigGlobal.json rename to snapshots/abi/TEEProverRegistry.json index e2e1a3db..7250c1f7 100644 --- a/snapshots/abi/SystemConfigGlobal.json +++ b/snapshots/abi/TEEProverRegistry.json @@ -62,6 +62,19 @@ "stateMutability": "nonpayable", "type": "function" }, + { + "inputs": [], + "name": "getRegisteredSigners", + "outputs": [ + { + "internalType": "address[]", + "name": "", + "type": "address[]" + } + ], + "stateMutability": "view", + "type": "function" + }, { "inputs": [ { diff --git a/snapshots/abi/TEEVerifier.json b/snapshots/abi/TEEVerifier.json index b1bccadb..4e408dd3 100644 --- a/snapshots/abi/TEEVerifier.json +++ b/snapshots/abi/TEEVerifier.json @@ -2,8 +2,13 @@ { "inputs": [ { - "internalType": "contract SystemConfigGlobal", - "name": "systemConfigGlobal", + "internalType": "contract TEEProverRegistry", + "name": "teeProverRegistry", + "type": "address" + }, + { + "internalType": "contract IAnchorStateRegistry", + "name": "anchorStateRegistry", "type": "address" } ], @@ -12,10 +17,23 @@ }, { "inputs": [], - "name": "SYSTEM_CONFIG_GLOBAL", + "name": "ANCHOR_STATE_REGISTRY", + "outputs": [ + { + "internalType": "contract IAnchorStateRegistry", + "name": "", + "type": "address" + } + ], + "stateMutability": "view", + "type": "function" + }, + { + "inputs": [], + "name": "TEE_PROVER_REGISTRY", "outputs": [ { - "internalType": "contract SystemConfigGlobal", + "internalType": "contract TEEProverRegistry", "name": "", "type": "address" } @@ -23,6 +41,26 @@ "stateMutability": "view", "type": "function" }, + { + "inputs": [], + "name": "nullified", + "outputs": [ + { + "internalType": "bool", + "name": "", + "type": "bool" + } + ], + "stateMutability": "view", + "type": "function" + }, + { + "inputs": [], + "name": "nullify", + "outputs": [], + "stateMutability": "nonpayable", + "type": "function" + }, { "inputs": [ { @@ -112,5 +150,15 @@ ], "name": "InvalidSigner", "type": "error" + }, + { + "inputs": [], + "name": "NotProperGame", + "type": "error" + }, + { + "inputs": [], + "name": "Nullified", + "type": "error" } ] \ No newline at end of file diff --git a/snapshots/semver-lock.json b/snapshots/semver-lock.json index f241f702..7316eb4b 100644 --- a/snapshots/semver-lock.json +++ b/snapshots/semver-lock.json @@ -247,21 +247,21 @@ "initCodeHash": "0xe28eaeecda21594f6db23bb70127daa2b7b71debe38ce65b598f28d78d2561eb", "sourceCodeHash": "0x3a079ea52a26c8c38fb0cb3e9a9ff6ec9648cf83786b65c0fc1161e949b8f7e0" }, - "src/multiproof/tee/SystemConfigGlobal.sol:SystemConfigGlobal": { + "src/multiproof/tee/TEEProverRegistry.sol:TEEProverRegistry": { "initCodeHash": "0xee219c003a6af440b447e214e43d520e802001ae3d557262a7921ca3d57ebddf", - "sourceCodeHash": "0xe350108585e0855f10bac20d0e8894b3de9afe3be413908b4c59a1036e7a9842" + "sourceCodeHash": "0x8be9aea4bb16c89a10444da8ce324e3914a2419654a80542692757fbdc9a2f5c" }, - "src/multiproof/tee/SystemConfigGlobal.sol:SystemConfigGlobal:dispute": { + "src/multiproof/tee/TEEProverRegistry.sol:TEEProverRegistry:dispute": { "initCodeHash": "0x8ae045f0121d2c63ab6f0a830be842aaf0445096bfabe29d85cfd9bd38b40565", - "sourceCodeHash": "0xe350108585e0855f10bac20d0e8894b3de9afe3be413908b4c59a1036e7a9842" + "sourceCodeHash": "0x8be9aea4bb16c89a10444da8ce324e3914a2419654a80542692757fbdc9a2f5c" }, "src/multiproof/tee/TEEVerifier.sol:TEEVerifier": { - "initCodeHash": "0x090330a5c64206b523fd5d9e199269268131035c62ff9eb518247a9024c4b703", - "sourceCodeHash": "0x87b0ad3f68294d64b584e54cc719cc3be0624cbab2940a0a341c502dcc69b4fc" + "initCodeHash": "0xd65f1d604f979045a86d662e168cb7a867478da8a0ca294181872a90d209a66f", + "sourceCodeHash": "0xe8aa3c0710ee72546da52957730c11dc932065c444a013658bd2f5fd0c79085d" }, "src/multiproof/tee/TEEVerifier.sol:TEEVerifier:dispute": { - "initCodeHash": "0x090330a5c64206b523fd5d9e199269268131035c62ff9eb518247a9024c4b703", - "sourceCodeHash": "0x87b0ad3f68294d64b584e54cc719cc3be0624cbab2940a0a341c502dcc69b4fc" + "initCodeHash": "0xd65f1d604f979045a86d662e168cb7a867478da8a0ca294181872a90d209a66f", + "sourceCodeHash": "0xe8aa3c0710ee72546da52957730c11dc932065c444a013658bd2f5fd0c79085d" }, "src/revenue-share/FeeDisburser.sol:FeeDisburser": { "initCodeHash": "0x1278027e3756e2989e80c0a7b513e221a5fe0d3dbd9ded108375a29b2c1f3d57", diff --git a/snapshots/storageLayout/AggregateVerifier.json b/snapshots/storageLayout/AggregateVerifier.json index 1045c417..08fd716c 100644 --- a/snapshots/storageLayout/AggregateVerifier.json +++ b/snapshots/storageLayout/AggregateVerifier.json @@ -70,11 +70,11 @@ "type": "uint256" }, { - "bytes": "20", - "label": "counteredByGameAddress", + "bytes": "32", + "label": "counteredByIntermediateRootIndexPlusOne", "offset": 0, "slot": "5", - "type": "address" + "type": "uint256" }, { "bytes": "32", @@ -89,5 +89,12 @@ "offset": 0, "slot": "7", "type": "Timestamp" + }, + { + "bytes": "1", + "label": "proofCount", + "offset": 8, + "slot": "7", + "type": "uint8" } ] \ No newline at end of file diff --git a/snapshots/storageLayout/DevSystemConfigGlobal.json b/snapshots/storageLayout/DevTEEProverRegistry.json similarity index 87% rename from snapshots/storageLayout/DevSystemConfigGlobal.json rename to snapshots/storageLayout/DevTEEProverRegistry.json index 2bd347c5..59089363 100644 --- a/snapshots/storageLayout/DevSystemConfigGlobal.json +++ b/snapshots/storageLayout/DevTEEProverRegistry.json @@ -61,5 +61,12 @@ "offset": 0, "slot": "103", "type": "mapping(address => bool)" + }, + { + "bytes": "32", + "label": "_registeredSigners", + "offset": 0, + "slot": "104", + "type": "struct EnumerableSetLib.AddressSet" } ] \ No newline at end of file diff --git a/snapshots/storageLayout/MockVerifier.json b/snapshots/storageLayout/MockVerifier.json index 0637a088..7b7ad77a 100644 --- a/snapshots/storageLayout/MockVerifier.json +++ b/snapshots/storageLayout/MockVerifier.json @@ -1 +1,9 @@ -[] \ No newline at end of file +[ + { + "bytes": "1", + "label": "nullified", + "offset": 0, + "slot": "0", + "type": "bool" + } +] \ No newline at end of file diff --git a/snapshots/storageLayout/SystemConfigGlobal.json b/snapshots/storageLayout/TEEProverRegistry.json similarity index 87% rename from snapshots/storageLayout/SystemConfigGlobal.json rename to snapshots/storageLayout/TEEProverRegistry.json index 2bd347c5..59089363 100644 --- a/snapshots/storageLayout/SystemConfigGlobal.json +++ b/snapshots/storageLayout/TEEProverRegistry.json @@ -61,5 +61,12 @@ "offset": 0, "slot": "103", "type": "mapping(address => bool)" + }, + { + "bytes": "32", + "label": "_registeredSigners", + "offset": 0, + "slot": "104", + "type": "struct EnumerableSetLib.AddressSet" } ] \ No newline at end of file diff --git a/snapshots/storageLayout/TEEVerifier.json b/snapshots/storageLayout/TEEVerifier.json index 0637a088..7b7ad77a 100644 --- a/snapshots/storageLayout/TEEVerifier.json +++ b/snapshots/storageLayout/TEEVerifier.json @@ -1 +1,9 @@ -[] \ No newline at end of file +[ + { + "bytes": "1", + "label": "nullified", + "offset": 0, + "slot": "0", + "type": "bool" + } +] \ No newline at end of file diff --git a/src/multiproof/mocks/MockDevSystemConfigGlobal.sol b/src/multiproof/mocks/MockDevTEEProverRegistry.sol similarity index 73% rename from src/multiproof/mocks/MockDevSystemConfigGlobal.sol rename to src/multiproof/mocks/MockDevTEEProverRegistry.sol index 4dc6f715..3d49434c 100644 --- a/src/multiproof/mocks/MockDevSystemConfigGlobal.sol +++ b/src/multiproof/mocks/MockDevTEEProverRegistry.sol @@ -6,16 +6,16 @@ import { } from "lib/aws-nitro-enclave-attestation/contracts/src/interfaces/INitroEnclaveVerifier.sol"; import { EnumerableSetLib } from "@solady-v0.0.245/utils/EnumerableSetLib.sol"; -import { SystemConfigGlobal } from "src/multiproof/tee/SystemConfigGlobal.sol"; +import { TEEProverRegistry } from "src/multiproof/tee/TEEProverRegistry.sol"; -/// @title DevSystemConfigGlobal -/// @notice Development version of SystemConfigGlobal with bypassed attestation for testing. +/// @title DevTEEProverRegistry +/// @notice Development version of TEEProverRegistry with bypassed attestation for testing. /// @dev This contract adds addDevSigner() which bypasses AWS Nitro attestation verification. /// DO NOT deploy this contract to production networks. -contract DevSystemConfigGlobal is SystemConfigGlobal { +contract DevTEEProverRegistry is TEEProverRegistry { using EnumerableSetLib for EnumerableSetLib.AddressSet; - constructor(INitroEnclaveVerifier nitroVerifier) SystemConfigGlobal(nitroVerifier) { } + constructor(INitroEnclaveVerifier nitroVerifier) TEEProverRegistry(nitroVerifier) { } /// @notice Registers a signer for testing (bypasses attestation verification). /// @dev Only callable by owner. For development/testing use only. diff --git a/src/multiproof/tee/SystemConfigGlobal.sol b/src/multiproof/tee/TEEProverRegistry.sol similarity index 98% rename from src/multiproof/tee/SystemConfigGlobal.sol rename to src/multiproof/tee/TEEProverRegistry.sol index c15b876a..ae3dd38f 100644 --- a/src/multiproof/tee/SystemConfigGlobal.sol +++ b/src/multiproof/tee/TEEProverRegistry.sol @@ -13,13 +13,13 @@ import { OwnableManagedUpgradeable } from "lib/op-enclave/contracts/src/OwnableM import { ISemver } from "interfaces/universal/ISemver.sol"; import { EnumerableSetLib } from "@solady-v0.0.245/utils/EnumerableSetLib.sol"; -/// @title SystemConfigGlobal +/// @title TEEProverRegistry /// @notice Manages TEE signer registration via ZK-verified AWS Nitro attestation. /// @dev Signers are registered by providing a ZK proof of a valid AWS Nitro attestation document, /// verified through an external NitroEnclaveVerifier contract (Risc0). /// Each signer is associated with the PCR0 (enclave image hash) from their attestation, /// which allows TEEVerifier to validate that a signer was registered with a specific image. -contract SystemConfigGlobal is OwnableManagedUpgradeable, ISemver { +contract TEEProverRegistry is OwnableManagedUpgradeable, ISemver { using EnumerableSetLib for EnumerableSetLib.AddressSet; /// @notice Maximum age of an attestation document (60 minutes), in seconds. uint256 public constant MAX_AGE = 60 minutes; diff --git a/src/multiproof/tee/TEEVerifier.sol b/src/multiproof/tee/TEEVerifier.sol index ea35faa4..ba61a30c 100644 --- a/src/multiproof/tee/TEEVerifier.sol +++ b/src/multiproof/tee/TEEVerifier.sol @@ -6,20 +6,20 @@ import { ECDSA } from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol"; import { ISemver } from "interfaces/universal/ISemver.sol"; import { IAnchorStateRegistry } from "interfaces/dispute/IAnchorStateRegistry.sol"; -import { SystemConfigGlobal } from "./SystemConfigGlobal.sol"; +import { TEEProverRegistry } from "./TEEProverRegistry.sol"; import { Verifier } from "../Verifier.sol"; /// @title TEEVerifier /// @notice Stateless TEE proof verifier that validates signatures against registered signers. /// @dev This contract is designed to be used as the TEE_VERIFIER in the AggregateVerifier. -/// It verifies that proofs are signed by enclave addresses registered in SystemConfigGlobal +/// It verifies that proofs are signed by enclave addresses registered in TEEProverRegistry /// via AWS Nitro attestation, and that the signer's PCR0 matches the claimed imageId. /// The contract is intentionally stateless - all state related to output proposals and /// L1 origin verification is managed by the calling contract (e.g., AggregateVerifier). contract TEEVerifier is Verifier, ISemver { - /// @notice The SystemConfigGlobal contract that manages valid TEE signers. - /// @dev Signers are registered via AWS Nitro attestation in SystemConfigGlobal. - SystemConfigGlobal public immutable SYSTEM_CONFIG_GLOBAL; + /// @notice The TEEProverRegistry contract that manages valid TEE signers. + /// @dev Signers are registered via AWS Nitro attestation in TEEProverRegistry. + TEEProverRegistry public immutable TEE_PROVER_REGISTRY; /// @notice Thrown when the recovered signer is not a valid registered signer. error InvalidSigner(address signer); @@ -37,14 +37,14 @@ contract TEEVerifier is Verifier, ISemver { error InvalidProposer(address proposer); /// @notice Constructs the TEEVerifier contract. - /// @param systemConfigGlobal The SystemConfigGlobal contract address. + /// @param teeProverRegistry The TEEProverRegistry contract address. constructor( - SystemConfigGlobal systemConfigGlobal, + TEEProverRegistry teeProverRegistry, IAnchorStateRegistry anchorStateRegistry ) Verifier(anchorStateRegistry) { - SYSTEM_CONFIG_GLOBAL = systemConfigGlobal; + TEE_PROVER_REGISTRY = teeProverRegistry; } /// @notice Verifies a TEE proof for a state transition. @@ -76,12 +76,12 @@ contract TEEVerifier is Verifier, ISemver { revert InvalidSignature(); } - if (!SYSTEM_CONFIG_GLOBAL.isValidProposer(proposer)) { + if (!TEE_PROVER_REGISTRY.isValidProposer(proposer)) { revert InvalidProposer(proposer); } // Get the PCR0 the signer was registered with - bytes32 registeredPCR0 = SYSTEM_CONFIG_GLOBAL.signerPCR0(signer); + bytes32 registeredPCR0 = TEE_PROVER_REGISTRY.signerPCR0(signer); // Check that the signer is registered (PCR0 != 0) if (registeredPCR0 == bytes32(0)) { diff --git a/test/multiproof/SystemConfigGlobal.t.sol b/test/multiproof/TEEProverRegistry.t.sol similarity index 60% rename from test/multiproof/SystemConfigGlobal.t.sol rename to test/multiproof/TEEProverRegistry.t.sol index c57409d4..5b388f5f 100644 --- a/test/multiproof/SystemConfigGlobal.t.sol +++ b/test/multiproof/TEEProverRegistry.t.sol @@ -10,19 +10,19 @@ import { INitroEnclaveVerifier } from "lib/aws-nitro-enclave-attestation/contracts/src/interfaces/INitroEnclaveVerifier.sol"; -import { DevSystemConfigGlobal } from "src/multiproof/mocks/MockDevSystemConfigGlobal.sol"; -import { SystemConfigGlobal } from "src/multiproof/tee/SystemConfigGlobal.sol"; - -/// @notice Tests for SystemConfigGlobal and DevSystemConfigGlobal contracts. -/// @dev IMPORTANT: This test file uses DevSystemConfigGlobal as the implementation because -/// registering signers on the production SystemConfigGlobal requires a ZK proof of a valid -/// AWS Nitro attestation, which cannot be generated in a test environment. DevSystemConfigGlobal extends -/// SystemConfigGlobal with an `addDevSigner` function that bypasses attestation verification, -/// allowing us to test all signer-related functionality. All tests for base SystemConfigGlobal +import { DevTEEProverRegistry } from "src/multiproof/mocks/MockDevTEEProverRegistry.sol"; +import { TEEProverRegistry } from "src/multiproof/tee/TEEProverRegistry.sol"; + +/// @notice Tests for TEEProverRegistry and DevTEEProverRegistry contracts. +/// @dev IMPORTANT: This test file uses DevTEEProverRegistry as the implementation because +/// registering signers on the production TEEProverRegistry requires a ZK proof of a valid +/// AWS Nitro attestation, which cannot be generated in a test environment. DevTEEProverRegistry extends +/// TEEProverRegistry with an `addDevSigner` function that bypasses attestation verification, +/// allowing us to test all signer-related functionality. All tests for base TEEProverRegistry /// functionality (PCR0 management, ownership, proposer, etc.) are equally valid since -/// DevSystemConfigGlobal inherits from SystemConfigGlobal without modifying those functions. -contract SystemConfigGlobalTest is Test { - DevSystemConfigGlobal public systemConfigGlobal; +/// DevTEEProverRegistry inherits from TEEProverRegistry without modifying those functions. +contract TEEProverRegistryTest is Test { + DevTEEProverRegistry public teeProverRegistry; ProxyAdmin public proxyAdmin; address public owner; @@ -47,27 +47,27 @@ contract SystemConfigGlobalTest is Test { pcr0Hash = keccak256(TEST_PCR0); - // Deploy implementation (using DevSystemConfigGlobal for test flexibility) + // Deploy implementation (using DevTEEProverRegistry for test flexibility) // NitroEnclaveVerifier is not needed since tests use addDevSigner(), so pass address(0). - DevSystemConfigGlobal impl = new DevSystemConfigGlobal(INitroEnclaveVerifier(address(0))); + DevTEEProverRegistry impl = new DevTEEProverRegistry(INitroEnclaveVerifier(address(0))); // Deploy proxy admin proxyAdmin = new ProxyAdmin(address(this)); // Deploy proxy TransparentUpgradeableProxy proxy = new TransparentUpgradeableProxy( - address(impl), address(proxyAdmin), abi.encodeCall(SystemConfigGlobal.initialize, (owner, manager)) + address(impl), address(proxyAdmin), abi.encodeCall(TEEProverRegistry.initialize, (owner, manager)) ); - systemConfigGlobal = DevSystemConfigGlobal(address(proxy)); + teeProverRegistry = DevTEEProverRegistry(address(proxy)); } // ============ Initialization Tests ============ function testInitialization() public view { - assertEq(systemConfigGlobal.owner(), owner); - assertEq(systemConfigGlobal.manager(), manager); - assertEq(systemConfigGlobal.version(), "0.2.0"); + assertEq(teeProverRegistry.owner(), owner); + assertEq(teeProverRegistry.manager(), manager); + assertEq(teeProverRegistry.version(), "0.2.0"); } // ============ PCR0 Registration Tests ============ @@ -77,44 +77,44 @@ contract SystemConfigGlobalTest is Test { emit PCR0Registered(pcr0Hash); vm.prank(owner); - systemConfigGlobal.registerPCR0(TEST_PCR0); + teeProverRegistry.registerPCR0(TEST_PCR0); - assertTrue(systemConfigGlobal.validPCR0s(pcr0Hash)); + assertTrue(teeProverRegistry.validPCR0s(pcr0Hash)); } function testRegisterPCR0FailsIfNotOwner() public { vm.prank(manager); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.registerPCR0(TEST_PCR0); + teeProverRegistry.registerPCR0(TEST_PCR0); vm.prank(unauthorized); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.registerPCR0(TEST_PCR0); + teeProverRegistry.registerPCR0(TEST_PCR0); } function testDeregisterPCR0() public { // First register vm.prank(owner); - systemConfigGlobal.registerPCR0(TEST_PCR0); - assertTrue(systemConfigGlobal.validPCR0s(pcr0Hash)); + teeProverRegistry.registerPCR0(TEST_PCR0); + assertTrue(teeProverRegistry.validPCR0s(pcr0Hash)); // Then deregister vm.expectEmit(true, false, false, false); emit PCR0Deregistered(pcr0Hash); vm.prank(owner); - systemConfigGlobal.deregisterPCR0(TEST_PCR0); + teeProverRegistry.deregisterPCR0(TEST_PCR0); - assertFalse(systemConfigGlobal.validPCR0s(pcr0Hash)); + assertFalse(teeProverRegistry.validPCR0s(pcr0Hash)); } function testDeregisterPCR0FailsIfNotOwner() public { vm.prank(owner); - systemConfigGlobal.registerPCR0(TEST_PCR0); + teeProverRegistry.registerPCR0(TEST_PCR0); vm.prank(manager); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.deregisterPCR0(TEST_PCR0); + teeProverRegistry.deregisterPCR0(TEST_PCR0); } // ============ Signer Deregistration Tests ============ @@ -123,38 +123,38 @@ contract SystemConfigGlobalTest is Test { address signer = makeAddr("signer"); bytes32 signerPcr0 = keccak256("signer-pcr0"); - // Add signer via DevSystemConfigGlobal + // Add signer via DevTEEProverRegistry vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, signerPcr0); + teeProverRegistry.addDevSigner(signer, signerPcr0); // Verify signer is registered - assertTrue(systemConfigGlobal.isValidSigner(signer)); + assertTrue(teeProverRegistry.isValidSigner(signer)); // Deregister as owner vm.expectEmit(true, false, false, false); emit SignerDeregistered(signer); vm.prank(owner); - systemConfigGlobal.deregisterSigner(signer); + teeProverRegistry.deregisterSigner(signer); - assertFalse(systemConfigGlobal.isValidSigner(signer)); - assertEq(systemConfigGlobal.signerPCR0(signer), bytes32(0)); + assertFalse(teeProverRegistry.isValidSigner(signer)); + assertEq(teeProverRegistry.signerPCR0(signer), bytes32(0)); } function testDeregisterSignerAsManager() public { address signer = makeAddr("signer"); bytes32 signerPcr0 = keccak256("signer-pcr0"); - // Add signer via DevSystemConfigGlobal + // Add signer via DevTEEProverRegistry vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, signerPcr0); + teeProverRegistry.addDevSigner(signer, signerPcr0); - assertTrue(systemConfigGlobal.isValidSigner(signer)); + assertTrue(teeProverRegistry.isValidSigner(signer)); vm.prank(manager); - systemConfigGlobal.deregisterSigner(signer); + teeProverRegistry.deregisterSigner(signer); - assertFalse(systemConfigGlobal.isValidSigner(signer)); + assertFalse(teeProverRegistry.isValidSigner(signer)); } function testDeregisterSignerFailsIfUnauthorized() public { @@ -162,7 +162,7 @@ contract SystemConfigGlobalTest is Test { vm.prank(unauthorized); vm.expectRevert("OwnableManaged: caller is not the owner or the manager"); - systemConfigGlobal.deregisterSigner(signer); + teeProverRegistry.deregisterSigner(signer); } // ============ Proposer Tests ============ @@ -174,9 +174,9 @@ contract SystemConfigGlobalTest is Test { emit ProposerSet(newProposer, true); vm.prank(owner); - systemConfigGlobal.setProposer(newProposer, true); + teeProverRegistry.setProposer(newProposer, true); - assertTrue(systemConfigGlobal.isValidProposer(newProposer)); + assertTrue(teeProverRegistry.isValidProposer(newProposer)); } function testSetProposerFailsIfNotOwner() public { @@ -184,18 +184,18 @@ contract SystemConfigGlobalTest is Test { vm.prank(manager); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.setProposer(newProposer, true); + teeProverRegistry.setProposer(newProposer, true); vm.prank(unauthorized); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.setProposer(newProposer, true); + teeProverRegistry.setProposer(newProposer, true); } // ============ isValidSigner Tests ============ function testIsValidSignerReturnsFalseForUnregistered() public { address unregistered = makeAddr("unregistered"); - assertFalse(systemConfigGlobal.isValidSigner(unregistered)); + assertFalse(teeProverRegistry.isValidSigner(unregistered)); } function testIsValidSignerReturnsTrueForRegistered() public { @@ -203,16 +203,16 @@ contract SystemConfigGlobalTest is Test { bytes32 signerPcr0 = keccak256("signer-pcr0"); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, signerPcr0); + teeProverRegistry.addDevSigner(signer, signerPcr0); - assertTrue(systemConfigGlobal.isValidSigner(signer)); + assertTrue(teeProverRegistry.isValidSigner(signer)); } // ============ signerPCR0 Tests ============ function testSignerPCR0ReturnsZeroForUnregistered() public { address unregistered = makeAddr("unregistered"); - assertEq(systemConfigGlobal.signerPCR0(unregistered), bytes32(0)); + assertEq(teeProverRegistry.signerPCR0(unregistered), bytes32(0)); } function testSignerPCR0ReturnsCorrectValue() public { @@ -220,15 +220,15 @@ contract SystemConfigGlobalTest is Test { bytes32 expectedPcr0 = keccak256("signer-pcr0"); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, expectedPcr0); + teeProverRegistry.addDevSigner(signer, expectedPcr0); - assertEq(systemConfigGlobal.signerPCR0(signer), expectedPcr0); + assertEq(teeProverRegistry.signerPCR0(signer), expectedPcr0); } // ============ MAX_AGE Tests ============ function testMaxAgeConstant() public view { - assertEq(systemConfigGlobal.MAX_AGE(), 60 minutes); + assertEq(teeProverRegistry.MAX_AGE(), 60 minutes); } // ============ Ownership Transfer Tests ============ @@ -237,9 +237,9 @@ contract SystemConfigGlobalTest is Test { address newOwner = makeAddr("newOwner"); vm.prank(owner); - systemConfigGlobal.transferOwnership(newOwner); + teeProverRegistry.transferOwnership(newOwner); - assertEq(systemConfigGlobal.owner(), newOwner); + assertEq(teeProverRegistry.owner(), newOwner); } function testTransferOwnershipFailsIfNotOwner() public { @@ -247,17 +247,17 @@ contract SystemConfigGlobalTest is Test { vm.prank(manager); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.transferOwnership(newOwner); + teeProverRegistry.transferOwnership(newOwner); vm.prank(unauthorized); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.transferOwnership(newOwner); + teeProverRegistry.transferOwnership(newOwner); } function testTransferOwnershipFailsForZeroAddress() public { vm.prank(owner); vm.expectRevert("OwnableManaged: new owner is the zero address"); - systemConfigGlobal.transferOwnership(address(0)); + teeProverRegistry.transferOwnership(address(0)); } // ============ Management Transfer Tests ============ @@ -266,18 +266,18 @@ contract SystemConfigGlobalTest is Test { address newManager = makeAddr("newManager"); vm.prank(owner); - systemConfigGlobal.transferManagement(newManager); + teeProverRegistry.transferManagement(newManager); - assertEq(systemConfigGlobal.manager(), newManager); + assertEq(teeProverRegistry.manager(), newManager); } function testTransferManagementAsManager() public { address newManager = makeAddr("newManager"); vm.prank(manager); - systemConfigGlobal.transferManagement(newManager); + teeProverRegistry.transferManagement(newManager); - assertEq(systemConfigGlobal.manager(), newManager); + assertEq(teeProverRegistry.manager(), newManager); } function testTransferManagementFailsIfUnauthorized() public { @@ -285,39 +285,39 @@ contract SystemConfigGlobalTest is Test { vm.prank(unauthorized); vm.expectRevert("OwnableManaged: caller is not the owner or the manager"); - systemConfigGlobal.transferManagement(newManager); + teeProverRegistry.transferManagement(newManager); } function testTransferManagementFailsForZeroAddress() public { vm.prank(owner); vm.expectRevert("OwnableManaged: new manager is the zero address"); - systemConfigGlobal.transferManagement(address(0)); + teeProverRegistry.transferManagement(address(0)); } // ============ Renounce Tests ============ function testRenounceOwnership() public { vm.prank(owner); - systemConfigGlobal.renounceOwnership(); + teeProverRegistry.renounceOwnership(); - assertEq(systemConfigGlobal.owner(), address(0)); + assertEq(teeProverRegistry.owner(), address(0)); } function testRenounceManagementAsOwner() public { vm.prank(owner); - systemConfigGlobal.renounceManagement(); + teeProverRegistry.renounceManagement(); - assertEq(systemConfigGlobal.manager(), address(0)); + assertEq(teeProverRegistry.manager(), address(0)); } function testRenounceManagementAsManager() public { vm.prank(manager); - systemConfigGlobal.renounceManagement(); + teeProverRegistry.renounceManagement(); - assertEq(systemConfigGlobal.manager(), address(0)); + assertEq(teeProverRegistry.manager(), address(0)); } - // ============ DevSystemConfigGlobal: addDevSigner Tests ============ + // ============ DevTEEProverRegistry: addDevSigner Tests ============ function testAddDevSigner() public { address signer = makeAddr("dev-signer"); @@ -327,10 +327,10 @@ contract SystemConfigGlobalTest is Test { emit SignerRegistered(signer, devPcr0Hash); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, devPcr0Hash); + teeProverRegistry.addDevSigner(signer, devPcr0Hash); - assertTrue(systemConfigGlobal.isValidSigner(signer)); - assertEq(systemConfigGlobal.signerPCR0(signer), devPcr0Hash); + assertTrue(teeProverRegistry.isValidSigner(signer)); + assertEq(teeProverRegistry.signerPCR0(signer), devPcr0Hash); } function testAddDevSignerFailsIfNotOwner() public { @@ -339,11 +339,11 @@ contract SystemConfigGlobalTest is Test { vm.prank(manager); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.addDevSigner(signer, devPcr0Hash); + teeProverRegistry.addDevSigner(signer, devPcr0Hash); vm.prank(unauthorized); vm.expectRevert("OwnableManaged: caller is not the owner"); - systemConfigGlobal.addDevSigner(signer, devPcr0Hash); + teeProverRegistry.addDevSigner(signer, devPcr0Hash); } function testAddDevSignerCanOverwriteExisting() public { @@ -352,23 +352,23 @@ contract SystemConfigGlobalTest is Test { bytes32 secondPcr0 = keccak256("second-pcr0"); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, firstPcr0); - assertEq(systemConfigGlobal.signerPCR0(signer), firstPcr0); + teeProverRegistry.addDevSigner(signer, firstPcr0); + assertEq(teeProverRegistry.signerPCR0(signer), firstPcr0); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, secondPcr0); - assertEq(systemConfigGlobal.signerPCR0(signer), secondPcr0); + teeProverRegistry.addDevSigner(signer, secondPcr0); + assertEq(teeProverRegistry.signerPCR0(signer), secondPcr0); } function testAddDevSignerWithZeroPcr0() public { address signer = makeAddr("dev-signer"); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, bytes32(0)); + teeProverRegistry.addDevSigner(signer, bytes32(0)); // Signer should not be valid because PCR0 is zero - assertFalse(systemConfigGlobal.isValidSigner(signer)); - assertEq(systemConfigGlobal.signerPCR0(signer), bytes32(0)); + assertFalse(teeProverRegistry.isValidSigner(signer)); + assertEq(teeProverRegistry.signerPCR0(signer), bytes32(0)); } function testAddMultipleDevSigners() public { @@ -381,24 +381,24 @@ contract SystemConfigGlobalTest is Test { bytes32 pcr0Hash3 = keccak256("pcr0-3"); vm.startPrank(owner); - systemConfigGlobal.addDevSigner(signer1, pcr0Hash1); - systemConfigGlobal.addDevSigner(signer2, pcr0Hash2); - systemConfigGlobal.addDevSigner(signer3, pcr0Hash3); + teeProverRegistry.addDevSigner(signer1, pcr0Hash1); + teeProverRegistry.addDevSigner(signer2, pcr0Hash2); + teeProverRegistry.addDevSigner(signer3, pcr0Hash3); vm.stopPrank(); - assertTrue(systemConfigGlobal.isValidSigner(signer1)); - assertTrue(systemConfigGlobal.isValidSigner(signer2)); - assertTrue(systemConfigGlobal.isValidSigner(signer3)); + assertTrue(teeProverRegistry.isValidSigner(signer1)); + assertTrue(teeProverRegistry.isValidSigner(signer2)); + assertTrue(teeProverRegistry.isValidSigner(signer3)); - assertEq(systemConfigGlobal.signerPCR0(signer1), pcr0Hash1); - assertEq(systemConfigGlobal.signerPCR0(signer2), pcr0Hash2); - assertEq(systemConfigGlobal.signerPCR0(signer3), pcr0Hash3); + assertEq(teeProverRegistry.signerPCR0(signer1), pcr0Hash1); + assertEq(teeProverRegistry.signerPCR0(signer2), pcr0Hash2); + assertEq(teeProverRegistry.signerPCR0(signer3), pcr0Hash3); } // ============ getRegisteredSigners Tests ============ function testGetRegisteredSignersEmpty() public view { - address[] memory signers = systemConfigGlobal.getRegisteredSigners(); + address[] memory signers = teeProverRegistry.getRegisteredSigners(); assertEq(signers.length, 0); } @@ -407,9 +407,9 @@ contract SystemConfigGlobalTest is Test { bytes32 signerPcr0 = keccak256("pcr0"); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, signerPcr0); + teeProverRegistry.addDevSigner(signer, signerPcr0); - address[] memory signers = systemConfigGlobal.getRegisteredSigners(); + address[] memory signers = teeProverRegistry.getRegisteredSigners(); assertEq(signers.length, 1); assertEq(signers[0], signer); } @@ -419,14 +419,14 @@ contract SystemConfigGlobalTest is Test { bytes32 signerPcr0 = keccak256("pcr0"); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, signerPcr0); + teeProverRegistry.addDevSigner(signer, signerPcr0); - assertEq(systemConfigGlobal.getRegisteredSigners().length, 1); + assertEq(teeProverRegistry.getRegisteredSigners().length, 1); vm.prank(owner); - systemConfigGlobal.deregisterSigner(signer); + teeProverRegistry.deregisterSigner(signer); - address[] memory signers = systemConfigGlobal.getRegisteredSigners(); + address[] memory signers = teeProverRegistry.getRegisteredSigners(); assertEq(signers.length, 0); } @@ -438,12 +438,12 @@ contract SystemConfigGlobalTest is Test { bytes32 sharedPcr0 = keccak256("pcr0"); vm.startPrank(owner); - systemConfigGlobal.addDevSigner(signer1, sharedPcr0); - systemConfigGlobal.addDevSigner(signer2, sharedPcr0); - systemConfigGlobal.addDevSigner(signer3, sharedPcr0); + teeProverRegistry.addDevSigner(signer1, sharedPcr0); + teeProverRegistry.addDevSigner(signer2, sharedPcr0); + teeProverRegistry.addDevSigner(signer3, sharedPcr0); vm.stopPrank(); - address[] memory signers = systemConfigGlobal.getRegisteredSigners(); + address[] memory signers = teeProverRegistry.getRegisteredSigners(); assertEq(signers.length, 3); // Verify all three are present (order not guaranteed) @@ -469,29 +469,29 @@ contract SystemConfigGlobalTest is Test { // Register three signers vm.startPrank(owner); - systemConfigGlobal.addDevSigner(signer1, sharedPcr0); - systemConfigGlobal.addDevSigner(signer2, sharedPcr0); - systemConfigGlobal.addDevSigner(signer3, sharedPcr0); + teeProverRegistry.addDevSigner(signer1, sharedPcr0); + teeProverRegistry.addDevSigner(signer2, sharedPcr0); + teeProverRegistry.addDevSigner(signer3, sharedPcr0); vm.stopPrank(); - assertEq(systemConfigGlobal.getRegisteredSigners().length, 3); + assertEq(teeProverRegistry.getRegisteredSigners().length, 3); // Deregister the middle one vm.prank(manager); - systemConfigGlobal.deregisterSigner(signer2); + teeProverRegistry.deregisterSigner(signer2); - address[] memory signers = systemConfigGlobal.getRegisteredSigners(); + address[] memory signers = teeProverRegistry.getRegisteredSigners(); assertEq(signers.length, 2); // Mapping and set stay consistent for (uint256 i = 0; i < signers.length; i++) { - assertTrue(systemConfigGlobal.isValidSigner(signers[i])); + assertTrue(teeProverRegistry.isValidSigner(signers[i])); assertNotEq(signers[i], signer2); } // Deregistered signer not in mapping either - assertFalse(systemConfigGlobal.isValidSigner(signer2)); - assertEq(systemConfigGlobal.signerPCR0(signer2), bytes32(0)); + assertFalse(teeProverRegistry.isValidSigner(signer2)); + assertEq(teeProverRegistry.signerPCR0(signer2), bytes32(0)); } function testGetRegisteredSignersDeregisterIdempotent() public { @@ -499,15 +499,15 @@ contract SystemConfigGlobalTest is Test { bytes32 signerPcr0 = keccak256("pcr0"); vm.prank(owner); - systemConfigGlobal.addDevSigner(signer, signerPcr0); + teeProverRegistry.addDevSigner(signer, signerPcr0); vm.prank(owner); - systemConfigGlobal.deregisterSigner(signer); + teeProverRegistry.deregisterSigner(signer); // Deregistering again should not revert and set should still be empty vm.prank(owner); - systemConfigGlobal.deregisterSigner(signer); + teeProverRegistry.deregisterSigner(signer); - assertEq(systemConfigGlobal.getRegisteredSigners().length, 0); + assertEq(teeProverRegistry.getRegisteredSigners().length, 0); } } diff --git a/test/multiproof/TEEVerifier.t.sol b/test/multiproof/TEEVerifier.t.sol index 3b19a0c5..87d6d266 100644 --- a/test/multiproof/TEEVerifier.t.sol +++ b/test/multiproof/TEEVerifier.t.sol @@ -12,13 +12,13 @@ import { import { IAnchorStateRegistry } from "interfaces/dispute/IAnchorStateRegistry.sol"; import { MockAnchorStateRegistry } from "scripts/multiproof/mocks/MockAnchorStateRegistry.sol"; -import { DevSystemConfigGlobal } from "src/multiproof/mocks/MockDevSystemConfigGlobal.sol"; -import { SystemConfigGlobal } from "src/multiproof/tee/SystemConfigGlobal.sol"; +import { DevTEEProverRegistry } from "src/multiproof/mocks/MockDevTEEProverRegistry.sol"; +import { TEEProverRegistry } from "src/multiproof/tee/TEEProverRegistry.sol"; import { TEEVerifier } from "src/multiproof/tee/TEEVerifier.sol"; contract TEEVerifierTest is Test { TEEVerifier public verifier; - DevSystemConfigGlobal public systemConfigGlobal; + DevTEEProverRegistry public teeProverRegistry; ProxyAdmin public proxyAdmin; MockAnchorStateRegistry public anchorStateRegistry; @@ -39,28 +39,28 @@ contract TEEVerifierTest is Test { signerAddress = vm.addr(SIGNER_PRIVATE_KEY); // Deploy implementation (NitroEnclaveVerifier not needed for dev signer tests) - DevSystemConfigGlobal impl = new DevSystemConfigGlobal(INitroEnclaveVerifier(address(0))); + DevTEEProverRegistry impl = new DevTEEProverRegistry(INitroEnclaveVerifier(address(0))); // Deploy proxy admin proxyAdmin = new ProxyAdmin(address(this)); // Deploy proxy TransparentUpgradeableProxy proxy = new TransparentUpgradeableProxy( - address(impl), address(proxyAdmin), abi.encodeCall(SystemConfigGlobal.initialize, (owner, owner)) + address(impl), address(proxyAdmin), abi.encodeCall(TEEProverRegistry.initialize, (owner, owner)) ); - systemConfigGlobal = DevSystemConfigGlobal(address(proxy)); + teeProverRegistry = DevTEEProverRegistry(address(proxy)); // Register the signer with PCR0 hash - systemConfigGlobal.addDevSigner(signerAddress, PCR0_HASH); + teeProverRegistry.addDevSigner(signerAddress, PCR0_HASH); // Set the proposer as valid - systemConfigGlobal.setProposer(PROPOSER, true); + teeProverRegistry.setProposer(PROPOSER, true); // Deploy TEEVerifier anchorStateRegistry = new MockAnchorStateRegistry(); verifier = new TEEVerifier( - SystemConfigGlobal(address(systemConfigGlobal)), IAnchorStateRegistry(address(anchorStateRegistry)) + TEEProverRegistry(address(teeProverRegistry)), IAnchorStateRegistry(address(anchorStateRegistry)) ); } @@ -150,6 +150,6 @@ contract TEEVerifierTest is Test { } function testConstants() public view { - assertEq(address(verifier.SYSTEM_CONFIG_GLOBAL()), address(systemConfigGlobal)); + assertEq(address(verifier.TEE_PROVER_REGISTRY()), address(teeProverRegistry)); } } diff --git a/test/setup/Setup.sol b/test/setup/Setup.sol index 0e9f1fe1..d7eb18e4 100644 --- a/test/setup/Setup.sol +++ b/test/setup/Setup.sol @@ -68,7 +68,7 @@ import { IFeeSplitter } from "interfaces/L2/IFeeSplitter.sol"; import { IL1Withdrawer } from "interfaces/L2/IL1Withdrawer.sol"; import { ISuperchainRevSharesCalculator } from "interfaces/L2/ISuperchainRevSharesCalculator.sol"; import { IVerifier } from "interfaces/multiproof/IVerifier.sol"; -import { SystemConfigGlobal } from "src/multiproof/tee/SystemConfigGlobal.sol"; +import { TEEProverRegistry } from "src/multiproof/tee/TEEProverRegistry.sol"; /// @title Setup /// @dev This contact is responsible for setting up the contracts in state. It currently @@ -159,7 +159,7 @@ abstract contract Setup is FeatureFlags { IL1Withdrawer l1Withdrawer; ISuperchainRevSharesCalculator superchainRevSharesCalculator; IVerifier aggregateVerifier; - SystemConfigGlobal systemConfigGlobal; + TEEProverRegistry teeProverRegistry; /// @notice Indicates whether a test is running against a forked production network. function isForkTest() public view returns (bool) { @@ -299,7 +299,7 @@ abstract contract Setup is FeatureFlags { superchainProxyAdminOwner = superchainProxyAdmin.owner(); mips = IBigStepper(artifacts.mustGetAddress("MipsSingleton")); aggregateVerifier = IVerifier(artifacts.mustGetAddress("AggregateVerifier")); - systemConfigGlobal = SystemConfigGlobal(artifacts.mustGetAddress("SystemConfigGlobal")); + teeProverRegistry = TEEProverRegistry(artifacts.mustGetAddress("TEEProverRegistry")); if (deploy.cfg().useAltDA()) { dataAvailabilityChallenge = diff --git a/test/vendor/Initializable.t.sol b/test/vendor/Initializable.t.sol index 306eb262..9a02d48d 100644 --- a/test/vendor/Initializable.t.sol +++ b/test/vendor/Initializable.t.sol @@ -22,7 +22,7 @@ import { IDisputeGameFactory } from "interfaces/dispute/IDisputeGameFactory.sol" import { ProtocolVersion } from "interfaces/L1/IProtocolVersions.sol"; import { IOptimismPortal2 } from "interfaces/L1/IOptimismPortal2.sol"; import { IOptimismPortalInterop } from "interfaces/L1/IOptimismPortalInterop.sol"; -import { SystemConfigGlobal } from "src/multiproof/tee/SystemConfigGlobal.sol"; +import { TEEProverRegistry } from "src/multiproof/tee/TEEProverRegistry.sol"; /// @title Initializer_Test /// @dev Ensures that the `initialize()` function on contracts cannot be called more than @@ -367,12 +367,12 @@ contract Initializer_Test is CommonTest { // AggregateVerifier uses a custom `bool initialized` instead of OpenZeppelin's `_initialized` // uint8, so it cannot be tested by this framework. It is excluded below. - // SystemConfigGlobalImpl + // TEEProverRegistryImpl contracts.push( InitializeableContract({ - name: "SystemConfigGlobalImpl", - target: address(systemConfigGlobal), - initCalldata: abi.encodeCall(SystemConfigGlobal.initialize, (address(0), address(0))) + name: "TEEProverRegistryImpl", + target: address(teeProverRegistry), + initCalldata: abi.encodeCall(TEEProverRegistry.initialize, (address(0), address(0))) }) ); }