feat: add expected external storage slots verification to verifyAndUpdate

RonTuretzky · RonTuretzky · commit 0c5329b32ff2 · 2025-11-28T22:31:45.000-05:00
- Add ExternalStorageSlot struct to track external storage accesses
- Update verifyAndUpdate signature to include expectedExternalSlots parameter
- Add verification in StateChangeHandlerLib._runStateUpdates that CALL operations
  only access the expected external storage slots (as proven in ZK proof)
- Include expectedExternalSlots in message hash for signature verification
- Add ExternalStorageSlotMismatch error for mismatched slots
- Update tests with new parameter and CALL args encoding
diff --git a/foundry.toml b/foundry.toml
@@ -2,5 +2,8 @@
 src = "src"
 out = "out"
 libs = ["lib"]
+via_ir = true
+optimizer = true
+optimizer_runs = 200
 
 # See more config options https://github.com/foundry-rs/foundry/blob/master/crates/config/README.md#all-options
diff --git a/src/GasKillerSDK.sol b/src/GasKillerSDK.sol
@@ -7,7 +7,7 @@ import {
 } from "@eigenlayer-middleware/interfaces/IBLSSignatureChecker.sol";
 import {IERC165} from "forge-std/interfaces/IERC165.sol";
 
-import {IGasKillerSDK} from "./interface/IGasKillerSDK.sol";
+import {IGasKillerSDK, ExternalStorageSlot} from "./interface/IGasKillerSDK.sol";
 import {StateTracker} from "./StateTracker.sol";
 import {StateChangeHandlerLib, StateUpdateType} from "./StateChangeHandlerLib.sol";
 
@@ -51,12 +51,13 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
     /**
      * @notice Function to verify if a signature is valid and contains correct storage updates
      * @dev The message hash must be computed as:
-     *      sha256(abi.encode(transitionIndex, address(this), anchorHash, callerAddress, contractCalldata, storageUpdates))
+     *      sha256(abi.encode(transitionIndex, address(this), anchorHash, callerAddress, contractCalldata, storageUpdates, expectedExternalSlots))
      *      This format enables slashing by including all inputs needed to reproduce execution.
      * @param msgHash The hash of the message to verify
      * @param quorumNumbers The quorum numbers to check signatures for
      * @param referenceBlockNumber The block number to use as reference for operator set
      * @param storageUpdates The storage updates to verify
+     * @param expectedExternalSlots Array of external storage slots that were read during execution (as proven in ZK proof)
      * @param transitionIndex The transition index
      * @param anchorHash The block hash anchoring the execution to a specific Ethereum state
      * @param callerAddress The address that initiated the original call (msg.sender)
@@ -68,6 +69,7 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
         bytes calldata quorumNumbers,
         uint32 referenceBlockNumber,
         bytes calldata storageUpdates,
+        ExternalStorageSlot[] calldata expectedExternalSlots,
         uint256 transitionIndex,
         bytes32 anchorHash,
         address callerAddress,
@@ -82,21 +84,23 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
 
         // Verify transition index and message hash
         require(transitionIndex + 1 == stateTransitionCount(), InvalidTransitionIndex());
-        
+
         // Compute expected hash with all slashing-required fields:
         // - transitionIndex: replay protection
         // - address(this): target contract
         // - anchorHash: block hash for state anchoring (enables slashing verification)
         // - callerAddress: msg.sender (affects execution via access control, balances)
         // - contractCalldata: full calldata with arguments (enables execution reproduction)
         // - storageUpdates: the claimed storage changes
+        // - expectedExternalSlots: external storage slots that were read during execution
         bytes32 expectedHash = sha256(abi.encode(
             transitionIndex,
             address(this),
             anchorHash,
             callerAddress,
             contractCalldata,
-            storageUpdates
+            storageUpdates,
+            expectedExternalSlots
         ));
         require(expectedHash == msgHash, InvalidSignature());
 
@@ -113,8 +117,8 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
             );
         }
 
-        // Apply the state changes
-        _stateChangeHandler(storageUpdates);
+        // Apply the state changes, verifying external storage accesses match expected
+        _stateChangeHandler(storageUpdates, expectedExternalSlots);
     }
 
     /**
@@ -135,22 +139,25 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
      * @param callerAddress The caller address (msg.sender)
      * @param contractCalldata The full contract calldata
      * @param storageUpdates The storage updates
+     * @param expectedExternalSlots The expected external storage slots that were read
      * @return bytes32 The expected message hash
      */
     function getMessageHash(
         uint256 transitionIndex,
         bytes32 anchorHash,
         address callerAddress,
         bytes calldata contractCalldata,
-        bytes calldata storageUpdates
+        bytes calldata storageUpdates,
+        ExternalStorageSlot[] calldata expectedExternalSlots
     ) external view returns (bytes32) {
         return sha256(abi.encode(
             transitionIndex,
             address(this),
             anchorHash,
             callerAddress,
             contractCalldata,
-            storageUpdates
+            storageUpdates,
+            expectedExternalSlots
         ));
     }
 
@@ -179,12 +186,13 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
     }
 
     /**
-     * @notice Function to apply storage updates
+     * @notice Function to apply storage updates with external slot verification
      * @param storageUpdates The storage updates to apply
+     * @param expectedExternalSlots The expected external storage slots that were read during execution
      */
-    function _stateChangeHandler(bytes calldata storageUpdates) internal {
+    function _stateChangeHandler(bytes calldata storageUpdates, ExternalStorageSlot[] calldata expectedExternalSlots) internal {
         (StateUpdateType[] memory types, bytes[] memory args) = abi.decode(storageUpdates, (StateUpdateType[], bytes[]));
-        StateChangeHandlerLib._runStateUpdates(types, args);
+        StateChangeHandlerLib._runStateUpdates(types, args, expectedExternalSlots);
     }
 
     /**
diff --git a/src/StateChangeHandlerLib.sol b/src/StateChangeHandlerLib.sol
@@ -1,6 +1,8 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 pragma solidity ^0.8.0;
 
+import {ExternalStorageSlot} from "./interface/IGasKillerSDK.sol";
+
 enum StateUpdateType {
     STORE,
     CALL,
@@ -12,16 +14,25 @@ enum StateUpdateType {
 }
 
 library StateChangeHandlerLib {
-    /// @notice Decodes and executes a series of state updates
+    /// @notice Decodes and executes a series of state updates with external storage slot verification
     /// @dev This function processes an array of state updates, executing them in sequence. Each update can be one of:
     ///      - STORE: Direct storage writes using assembly
-    ///      - CALL: External contract calls with value transfer
+    ///      - CALL: External contract calls with value transfer (verified against expectedExternalSlots)
     ///      - LOG0-LOG4: Event emission with 0-4 indexed topics
     /// @param types Array of StateUpdateType enums indicating the type of each state update operation
     /// @param args Array of ABI-encoded arguments corresponding to each operation type
+    /// @param expectedExternalSlots Array of external storage slots that were read during execution (as proven in ZK proof)
     /// @dev types and args arrays must be equal length, with args[i] containing the encoded parameters for types[i]
-    function _runStateUpdates(StateUpdateType[] memory types, bytes[] memory args) internal {
+    function _runStateUpdates(
+        StateUpdateType[] memory types,
+        bytes[] memory args,
+        ExternalStorageSlot[] calldata expectedExternalSlots
+    ) internal {
         require(types.length == args.length, InvalidArguments());
+
+        // Track which external slots have been verified
+        uint256 externalSlotIndex = 0;
+
         for (uint256 i = 0; i < types.length; i++) {
             StateUpdateType stateUpdateType = types[i];
             bytes memory arg = args[i];
@@ -32,7 +43,29 @@ library StateChangeHandlerLib {
                     sstore(slot, value)
                 }
             } else if (stateUpdateType == StateUpdateType.CALL) {
-                (address target, uint256 value, bytes memory callargs) = abi.decode(arg, (address, uint256, bytes));
+                (
+                    address target,
+                    uint256 value,
+                    bytes memory callargs,
+                    bytes32[] memory externalSlotsAccessed
+                ) = abi.decode(arg, (address, uint256, bytes, bytes32[]));
+
+                // Verify each external storage slot accessed matches the expected list
+                for (uint256 j = 0; j < externalSlotsAccessed.length; j++) {
+                    require(
+                        externalSlotIndex < expectedExternalSlots.length,
+                        ExternalStorageSlotMismatch(target, externalSlotsAccessed[j])
+                    );
+
+                    ExternalStorageSlot calldata expectedSlot = expectedExternalSlots[externalSlotIndex];
+                    require(
+                        expectedSlot.contractAddress == target && expectedSlot.slot == externalSlotsAccessed[j],
+                        ExternalStorageSlotMismatch(target, externalSlotsAccessed[j])
+                    );
+
+                    externalSlotIndex++;
+                }
+
                 bool success;
                 // TOOD: might need better gas handling
                 uint256 callgas = gasleft();
@@ -85,4 +118,5 @@ library StateChangeHandlerLib {
 
     error InvalidArguments();
     error RevertingContext(uint256 index, address target, bytes revertData, bytes callargs);
+    error ExternalStorageSlotMismatch(address contractAddress, bytes32 slot);
 }
diff --git a/src/interface/IGasKillerSDK.sol b/src/interface/IGasKillerSDK.sol
@@ -4,6 +4,12 @@ pragma solidity ^0.8.0;
 import {IERC165} from "forge-std/interfaces/IERC165.sol";
 import {IBLSSignatureCheckerTypes} from "@eigenlayer-middleware/interfaces/IBLSSignatureChecker.sol";
 
+/// @notice Represents an external storage slot access (address + slot)
+struct ExternalStorageSlot {
+    address contractAddress;
+    bytes32 slot;
+}
+
 /**
  * @title IGasKillerSDK
  * @notice Interface for GasKillerSDK contracts
@@ -18,13 +24,15 @@ interface IGasKillerSDK is IERC165 {
     error InsufficientQuorumThreshold();
     error StaleBlockNumber();
     error FutureBlockNumber();
+    error ExternalStorageSlotMismatch(address contractAddress, bytes32 slot);
 
     /**
      * @notice Function to verify if a signature is valid and contains correct storage updates
      * @param msgHash The hash of the message to verify
      * @param quorumNumbers The quorum numbers to check signatures for
      * @param referenceBlockNumber The block number to use as reference for operator set
      * @param storageUpdates The storage updates to verify
+     * @param expectedExternalSlots Array of external storage slots that were read during execution (as proven in ZK proof)
      * @param transitionIndex The transition index
      * @param anchorHash The block hash anchoring the execution to a specific Ethereum state
      * @param callerAddress The address that initiated the original call (msg.sender)
@@ -36,6 +44,7 @@ interface IGasKillerSDK is IERC165 {
         bytes calldata quorumNumbers,
         uint32 referenceBlockNumber,
         bytes calldata storageUpdates,
+        ExternalStorageSlot[] calldata expectedExternalSlots,
         uint256 transitionIndex,
         bytes32 anchorHash,
         address callerAddress,
diff --git a/test/GasKillerSDK.t.sol b/test/GasKillerSDK.t.sol
@@ -8,6 +8,7 @@ import "../src/GasKillerSDK.sol";
 import "./exposed/GasKillerSDKExposed.sol";
 import {StateUpdateType} from "../src/StateChangeHandlerLib.sol";
 import {StateChangeHandlerLib} from "../src/StateChangeHandlerLib.sol";
+import {ExternalStorageSlot} from "../src/interface/IGasKillerSDK.sol";
 
 contract GasKillerSDKTest is Test {
     GasKillerSDKExposed public sdk;
@@ -25,7 +26,8 @@ contract GasKillerSDKTest is Test {
         bytes32 value = bytes32(uint256(100));
         args[0] = abi.encode(slot, value);
 
-        sdk.stateChangeHandlerExternal(abi.encode(types, args));
+        ExternalStorageSlot[] memory expectedExternalSlots = new ExternalStorageSlot[](0);
+        sdk.stateChangeHandlerExternal(abi.encode(types, args), expectedExternalSlots);
 
         assertEq(vm.load(address(sdk), slot), value);
     }
@@ -37,10 +39,13 @@ contract GasKillerSDKTest is Test {
         StateUpdateType[] memory types = new StateUpdateType[](1);
         types[0] = StateUpdateType.CALL;
 
+        // CALL args now include externalSlotsAccessed array (empty for this test)
+        bytes32[] memory externalSlotsAccessed = new bytes32[](0);
         bytes[] memory args = new bytes[](1);
-        args[0] = abi.encode(address(target), uint256(0), abi.encodeWithSignature("setValue(uint256)", 42));
+        args[0] = abi.encode(address(target), uint256(0), abi.encodeWithSignature("setValue(uint256)", 42), externalSlotsAccessed);
 
-        sdk.stateChangeHandlerExternal(abi.encode(types, args));
+        ExternalStorageSlot[] memory expectedExternalSlots = new ExternalStorageSlot[](0);
+        sdk.stateChangeHandlerExternal(abi.encode(types, args), expectedExternalSlots);
 
         assertEq(target.value(), 42);
     }
@@ -51,8 +56,10 @@ contract GasKillerSDKTest is Test {
         StateUpdateType[] memory types = new StateUpdateType[](1);
         types[0] = StateUpdateType.CALL;
 
+        // CALL args now include externalSlotsAccessed array (empty for this test)
+        bytes32[] memory externalSlotsAccessed = new bytes32[](0);
         bytes[] memory args = new bytes[](1);
-        args[0] = abi.encode(address(target), uint256(0), abi.encodeWithSignature("revertCall()"));
+        args[0] = abi.encode(address(target), uint256(0), abi.encodeWithSignature("revertCall()"), externalSlotsAccessed);
 
         vm.expectRevert(
             abi.encodeWithSelector(
@@ -63,7 +70,8 @@ contract GasKillerSDKTest is Test {
                 abi.encodeWithSignature("revertCall()")
             )
         );
-        sdk.stateChangeHandlerExternal(abi.encode(types, args));
+        ExternalStorageSlot[] memory expectedExternalSlots = new ExternalStorageSlot[](0);
+        sdk.stateChangeHandlerExternal(abi.encode(types, args), expectedExternalSlots);
     }
 
     function test_stateChangeHandlerExternal_Log1() public {
@@ -76,7 +84,8 @@ contract GasKillerSDKTest is Test {
 
         vm.recordLogs();
 
-        sdk.stateChangeHandlerExternal(abi.encode(types, args));
+        ExternalStorageSlot[] memory expectedExternalSlots = new ExternalStorageSlot[](0);
+        sdk.stateChangeHandlerExternal(abi.encode(types, args), expectedExternalSlots);
 
         Vm.Log[] memory logs = vm.getRecordedLogs();
         assertEq(logs.length, 1);
@@ -89,8 +98,9 @@ contract GasKillerSDKTest is Test {
         StateUpdateType[] memory types = new StateUpdateType[](2);
         bytes[] memory args = new bytes[](1);
 
+        ExternalStorageSlot[] memory expectedExternalSlots = new ExternalStorageSlot[](0);
         vm.expectRevert(StateChangeHandlerLib.InvalidArguments.selector);
-        sdk.stateChangeHandlerExternal(abi.encode(types, args));
+        sdk.stateChangeHandlerExternal(abi.encode(types, args), expectedExternalSlots);
     }
 
     function test_ERC165_supportsInterface() public {
diff --git a/test/exposed/GasKillerSDKExposed.sol b/test/exposed/GasKillerSDKExposed.sol
@@ -2,14 +2,18 @@
 pragma solidity ^0.8.0;
 
 import {GasKillerSDK} from "../../src/GasKillerSDK.sol";
+import {ExternalStorageSlot} from "../../src/interface/IGasKillerSDK.sol";
 
 contract GasKillerSDKExposed is GasKillerSDK {
     constructor(address _avsAddress, address _blsSignatureChecker) {
         _setAvsAddress(_avsAddress);
         _setBlsSignatureChecker(_blsSignatureChecker);
     }
 
-    function stateChangeHandlerExternal(bytes calldata storageUpdates) external {
-        super._stateChangeHandler(storageUpdates);
+    function stateChangeHandlerExternal(
+        bytes calldata storageUpdates,
+        ExternalStorageSlot[] calldata expectedExternalSlots
+    ) external {
+        super._stateChangeHandler(storageUpdates, expectedExternalSlots);
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -2,14 +2,18 @@`
`2`	`2`	`pragma solidity ^0.8.0;`
`3`	`3`
`4`	`4`	`import {GasKillerSDK} from "../../src/GasKillerSDK.sol";`
	`5`	`+import {ExternalStorageSlot} from "../../src/interface/IGasKillerSDK.sol";`
`5`	`6`
`6`	`7`	`contract GasKillerSDKExposed is GasKillerSDK {`
`7`	`8`	`constructor(address _avsAddress, address _blsSignatureChecker) {`
`8`	`9`	`_setAvsAddress(_avsAddress);`
`9`	`10`	`_setBlsSignatureChecker(_blsSignatureChecker);`
`10`	`11`	`}`
`11`	`12`
`12`		`- function stateChangeHandlerExternal(bytes calldata storageUpdates) external {`
`13`		`- super._stateChangeHandler(storageUpdates);`
	`13`	`+ function stateChangeHandlerExternal(`
	`14`	`+ bytes calldata storageUpdates,`
	`15`	`+ ExternalStorageSlot[] calldata expectedExternalSlots`
	`16`	`+ ) external {`
	`17`	`+ super._stateChangeHandler(storageUpdates, expectedExternalSlots);`
`14`	`18`	`}`
`15`	`19`	`}`