BreadchainCoop
diff --git a/‎flat/GasKillerSDK.flat.sol‎
Lines changed: 147 additions & 98 deletions b/‎flat/GasKillerSDK.flat.sol‎
Lines changed: 147 additions & 98 deletions
@@ -2264,94 +2264,6 @@ library SafeCastUpgradeable {
     }
 }
 
-// src/StateChangeHandlerLib.sol
-
-enum StateUpdateType {
-    STORE,
-    CALL,
-    LOG0,
-    LOG1,
-    LOG2,
-    LOG3,
-    LOG4
-}
-
-library StateChangeHandlerLib {
-    /// @notice Decodes and executes a series of state updates
-    /// @dev This function processes an array of state updates, executing them in sequence. Each update can be one of:
-    ///      - STORE: Direct storage writes using assembly
-    ///      - CALL: External contract calls with value transfer
-    ///      - LOG0-LOG4: Event emission with 0-4 indexed topics
-    /// @param types Array of StateUpdateType enums indicating the type of each state update operation
-    /// @param args Array of ABI-encoded arguments corresponding to each operation type
-    /// @dev types and args arrays must be equal length, with args[i] containing the encoded parameters for types[i]
-    function _runStateUpdates(StateUpdateType[] memory types, bytes[] memory args) internal {
-        require(types.length == args.length, InvalidArguments());
-        for (uint256 i = 0; i < types.length; i++) {
-            StateUpdateType stateUpdateType = types[i];
-            bytes memory arg = args[i];
-
-            if (stateUpdateType == StateUpdateType.STORE) {
-                (bytes32 slot, bytes32 value) = abi.decode(arg, (bytes32, bytes32));
-                assembly {
-                    sstore(slot, value)
-                }
-            } else if (stateUpdateType == StateUpdateType.CALL) {
-                (address target, uint256 value, bytes memory callargs) = abi.decode(arg, (address, uint256, bytes));
-                bool success;
-                // TOOD: might need better gas handling
-                uint256 callgas = gasleft();
-                assembly {
-                    success := call(callgas, target, value, add(callargs, 0x20), mload(callargs), 0, 0)
-                }
-                // TODO: this section needs heavy testing
-                if (!success) {
-                    uint256 _returndatasize;
-                    assembly {
-                        _returndatasize := returndatasize()
-                    }
-                    bytes memory revertData = new bytes(_returndatasize);
-                    assembly {
-                        returndatacopy(add(revertData, 0x20), 0, _returndatasize)
-                    }
-                    revert RevertingContext(i, target, revertData, callargs);
-                }
-            } else if (stateUpdateType == StateUpdateType.LOG0) {
-                // NOTE: For consistency I decode an abi encoding of bytes from bytes, but technically it's redundant
-                (bytes memory data) = abi.decode(arg, (bytes));
-                assembly {
-                    log0(add(data, 0x20), mload(data))
-                }
-            } else if (stateUpdateType == StateUpdateType.LOG1) {
-                (bytes memory data, bytes32 topic1) = abi.decode(arg, (bytes, bytes32));
-                assembly {
-                    log1(add(data, 0x20), mload(data), topic1)
-                }
-            } else if (stateUpdateType == StateUpdateType.LOG2) {
-                (bytes memory data, bytes32 topic1, bytes32 topic2) = abi.decode(arg, (bytes, bytes32, bytes32));
-                assembly {
-                    log2(add(data, 0x20), mload(data), topic1, topic2)
-                }
-            } else if (stateUpdateType == StateUpdateType.LOG3) {
-                (bytes memory data, bytes32 topic1, bytes32 topic2, bytes32 topic3) =
-                    abi.decode(arg, (bytes, bytes32, bytes32, bytes32));
-                assembly {
-                    log3(add(data, 0x20), mload(data), topic1, topic2, topic3)
-                }
-            } else if (stateUpdateType == StateUpdateType.LOG4) {
-                (bytes memory data, bytes32 topic1, bytes32 topic2, bytes32 topic3, bytes32 topic4) =
-                    abi.decode(arg, (bytes, bytes32, bytes32, bytes32, bytes32));
-                assembly {
-                    log4(add(data, 0x20), mload(data), topic1, topic2, topic3, topic4)
-                }
-            }
-        }
-    }
-
-    error InvalidArguments();
-    error RevertingContext(uint256 index, address target, bytes revertData, bytes callargs);
-}
-
 // src/StateTracker.sol
 
 /**
@@ -5447,6 +5359,12 @@ interface IBLSSignatureChecker is IBLSSignatureCheckerErrors, IBLSSignatureCheck
 
 // src/interface/IGasKillerSDK.sol
 
+/// @notice Represents an external storage slot access (address + slot)
+struct ExternalStorageSlot {
+    address contractAddress;
+    bytes32 slot;
+}
+
 /**
  * @title IGasKillerSDK
  * @notice Interface for GasKillerSDK contracts
@@ -5461,13 +5379,15 @@ interface IGasKillerSDK is IERC165 {
     error InsufficientQuorumThreshold();
     error StaleBlockNumber();
     error FutureBlockNumber();
+    error ExternalStorageSlotMismatch(address contractAddress, bytes32 slot);
 
     /**
      * @notice Function to verify if a signature is valid and contains correct storage updates
      * @param msgHash The hash of the message to verify
      * @param quorumNumbers The quorum numbers to check signatures for
      * @param referenceBlockNumber The block number to use as reference for operator set
      * @param storageUpdates The storage updates to verify
+     * @param expectedExternalSlots Array of external storage slots that were read during execution (as proven in ZK proof)
      * @param transitionIndex The transition index
      * @param anchorHash The block hash anchoring the execution to a specific Ethereum state
      * @param callerAddress The address that initiated the original call (msg.sender)
@@ -5479,6 +5399,7 @@ interface IGasKillerSDK is IERC165 {
         bytes calldata quorumNumbers,
         uint32 referenceBlockNumber,
         bytes calldata storageUpdates,
+        ExternalStorageSlot[] calldata expectedExternalSlots,
         uint256 transitionIndex,
         bytes32 anchorHash,
         address callerAddress,
@@ -5487,6 +5408,126 @@ interface IGasKillerSDK is IERC165 {
     ) external;
 }
 
+// src/StateChangeHandlerLib.sol
+
+enum StateUpdateType {
+    STORE,
+    CALL,
+    LOG0,
+    LOG1,
+    LOG2,
+    LOG3,
+    LOG4
+}
+
+library StateChangeHandlerLib {
+    /// @notice Decodes and executes a series of state updates with external storage slot verification
+    /// @dev This function processes an array of state updates, executing them in sequence. Each update can be one of:
+    ///      - STORE: Direct storage writes using assembly
+    ///      - CALL: External contract calls with value transfer (verified against expectedExternalSlots)
+    ///      - LOG0-LOG4: Event emission with 0-4 indexed topics
+    /// @param types Array of StateUpdateType enums indicating the type of each state update operation
+    /// @param args Array of ABI-encoded arguments corresponding to each operation type
+    /// @param expectedExternalSlots Array of external storage slots that were read during execution (as proven in ZK proof)
+    /// @dev types and args arrays must be equal length, with args[i] containing the encoded parameters for types[i]
+    function _runStateUpdates(
+        StateUpdateType[] memory types,
+        bytes[] memory args,
+        ExternalStorageSlot[] calldata expectedExternalSlots
+    ) internal {
+        require(types.length == args.length, InvalidArguments());
+
+        // Track which external slots have been verified
+        uint256 externalSlotIndex = 0;
+
+        for (uint256 i = 0; i < types.length; i++) {
+            StateUpdateType stateUpdateType = types[i];
+            bytes memory arg = args[i];
+
+            if (stateUpdateType == StateUpdateType.STORE) {
+                (bytes32 slot, bytes32 value) = abi.decode(arg, (bytes32, bytes32));
+                assembly {
+                    sstore(slot, value)
+                }
+            } else if (stateUpdateType == StateUpdateType.CALL) {
+                (
+                    address target,
+                    uint256 value,
+                    bytes memory callargs,
+                    bytes32[] memory externalSlotsAccessed
+                ) = abi.decode(arg, (address, uint256, bytes, bytes32[]));
+
+                // Verify each external storage slot accessed matches the expected list
+                for (uint256 j = 0; j < externalSlotsAccessed.length; j++) {
+                    require(
+                        externalSlotIndex < expectedExternalSlots.length,
+                        ExternalStorageSlotMismatch(target, externalSlotsAccessed[j])
+                    );
+
+                    ExternalStorageSlot calldata expectedSlot = expectedExternalSlots[externalSlotIndex];
+                    require(
+                        expectedSlot.contractAddress == target && expectedSlot.slot == externalSlotsAccessed[j],
+                        ExternalStorageSlotMismatch(target, externalSlotsAccessed[j])
+                    );
+
+                    externalSlotIndex++;
+                }
+
+                bool success;
+                // TOOD: might need better gas handling
+                uint256 callgas = gasleft();
+                assembly {
+                    success := call(callgas, target, value, add(callargs, 0x20), mload(callargs), 0, 0)
+                }
+                // TODO: this section needs heavy testing
+                if (!success) {
+                    uint256 _returndatasize;
+                    assembly {
+                        _returndatasize := returndatasize()
+                    }
+                    bytes memory revertData = new bytes(_returndatasize);
+                    assembly {
+                        returndatacopy(add(revertData, 0x20), 0, _returndatasize)
+                    }
+                    revert RevertingContext(i, target, revertData, callargs);
+                }
+            } else if (stateUpdateType == StateUpdateType.LOG0) {
+                // NOTE: For consistency I decode an abi encoding of bytes from bytes, but technically it's redundant
+                (bytes memory data) = abi.decode(arg, (bytes));
+                assembly {
+                    log0(add(data, 0x20), mload(data))
+                }
+            } else if (stateUpdateType == StateUpdateType.LOG1) {
+                (bytes memory data, bytes32 topic1) = abi.decode(arg, (bytes, bytes32));
+                assembly {
+                    log1(add(data, 0x20), mload(data), topic1)
+                }
+            } else if (stateUpdateType == StateUpdateType.LOG2) {
+                (bytes memory data, bytes32 topic1, bytes32 topic2) = abi.decode(arg, (bytes, bytes32, bytes32));
+                assembly {
+                    log2(add(data, 0x20), mload(data), topic1, topic2)
+                }
+            } else if (stateUpdateType == StateUpdateType.LOG3) {
+                (bytes memory data, bytes32 topic1, bytes32 topic2, bytes32 topic3) =
+                    abi.decode(arg, (bytes, bytes32, bytes32, bytes32));
+                assembly {
+                    log3(add(data, 0x20), mload(data), topic1, topic2, topic3)
+                }
+            } else if (stateUpdateType == StateUpdateType.LOG4) {
+                (bytes memory data, bytes32 topic1, bytes32 topic2, bytes32 topic3, bytes32 topic4) =
+                    abi.decode(arg, (bytes, bytes32, bytes32, bytes32, bytes32));
+                assembly {
+                    log4(add(data, 0x20), mload(data), topic1, topic2, topic3, topic4)
+                }
+            }
+        }
+    }
+
+    error InvalidArguments();
+    error RevertingContext(uint256 index, address target, bytes revertData, bytes callargs);
+    error ExternalStorageSlotMismatch(address contractAddress, bytes32 slot);
+}
+
 // src/GasKillerSDK.sol
 
 /**
@@ -5529,12 +5570,13 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
     /**
      * @notice Function to verify if a signature is valid and contains correct storage updates
      * @dev The message hash must be computed as:
-     *      sha256(abi.encode(transitionIndex, address(this), anchorHash, callerAddress, contractCalldata, storageUpdates))
+     *      sha256(abi.encode(transitionIndex, address(this), anchorHash, callerAddress, contractCalldata, storageUpdates, expectedExternalSlots))
      *      This format enables slashing by including all inputs needed to reproduce execution.
      * @param msgHash The hash of the message to verify
      * @param quorumNumbers The quorum numbers to check signatures for
      * @param referenceBlockNumber The block number to use as reference for operator set
      * @param storageUpdates The storage updates to verify
+     * @param expectedExternalSlots Array of external storage slots that were read during execution (as proven in ZK proof)
      * @param transitionIndex The transition index
      * @param anchorHash The block hash anchoring the execution to a specific Ethereum state
      * @param callerAddress The address that initiated the original call (msg.sender)
@@ -5546,6 +5588,7 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
         bytes calldata quorumNumbers,
         uint32 referenceBlockNumber,
         bytes calldata storageUpdates,
+        ExternalStorageSlot[] calldata expectedExternalSlots,
         uint256 transitionIndex,
         bytes32 anchorHash,
         address callerAddress,
@@ -5560,21 +5603,23 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
 
         // Verify transition index and message hash
         require(transitionIndex + 1 == stateTransitionCount(), InvalidTransitionIndex());
-        
+
         // Compute expected hash with all slashing-required fields:
         // - transitionIndex: replay protection
         // - address(this): target contract
         // - anchorHash: block hash for state anchoring (enables slashing verification)
         // - callerAddress: msg.sender (affects execution via access control, balances)
         // - contractCalldata: full calldata with arguments (enables execution reproduction)
         // - storageUpdates: the claimed storage changes
+        // - expectedExternalSlots: external storage slots that were read during execution
         bytes32 expectedHash = sha256(abi.encode(
             transitionIndex,
             address(this),
             anchorHash,
             callerAddress,
             contractCalldata,
-            storageUpdates
+            storageUpdates,
+            expectedExternalSlots
         ));
         require(expectedHash == msgHash, InvalidSignature());
 
@@ -5591,8 +5636,8 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
             );
         }
 
-        // Apply the state changes
-        _stateChangeHandler(storageUpdates);
+        // Apply the state changes, verifying external storage accesses match expected
+        _stateChangeHandler(storageUpdates, expectedExternalSlots);
     }
 
     /**
@@ -5613,22 +5658,25 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
      * @param callerAddress The caller address (msg.sender)
      * @param contractCalldata The full contract calldata
      * @param storageUpdates The storage updates
+     * @param expectedExternalSlots The expected external storage slots that were read
      * @return bytes32 The expected message hash
      */
     function getMessageHash(
         uint256 transitionIndex,
         bytes32 anchorHash,
         address callerAddress,
         bytes calldata contractCalldata,
-        bytes calldata storageUpdates
+        bytes calldata storageUpdates,
+        ExternalStorageSlot[] calldata expectedExternalSlots
     ) external view returns (bytes32) {
         return sha256(abi.encode(
             transitionIndex,
             address(this),
             anchorHash,
             callerAddress,
             contractCalldata,
-            storageUpdates
+            storageUpdates,
+            expectedExternalSlots
         ));
     }
 
@@ -5657,12 +5705,13 @@ abstract contract GasKillerSDK is StateTracker, IGasKillerSDK {
     }
 
     /**
-     * @notice Function to apply storage updates
+     * @notice Function to apply storage updates with external slot verification
      * @param storageUpdates The storage updates to apply
+     * @param expectedExternalSlots The expected external storage slots that were read during execution
      */
-    function _stateChangeHandler(bytes calldata storageUpdates) internal {
+    function _stateChangeHandler(bytes calldata storageUpdates, ExternalStorageSlot[] calldata expectedExternalSlots) internal {
         (StateUpdateType[] memory types, bytes[] memory args) = abi.decode(storageUpdates, (StateUpdateType[], bytes[]));
-        StateChangeHandlerLib._runStateUpdates(types, args);
+        StateChangeHandlerLib._runStateUpdates(types, args, expectedExternalSlots);
     }
 
     /**