feat: add external storage slot verification #30
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…date - Add ExternalStorageSlot struct to track external storage accesses - Update verifyAndUpdate signature to include expectedExternalSlots parameter - Add verification in StateChangeHandlerLib._runStateUpdates that CALL operations only access the expected external storage slots (as proven in ZK proof) - Include expectedExternalSlots in message hash for signature verification - Add ExternalStorageSlotMismatch error for mismatched slots - Update tests with new parameter and CALL args encoding
RonTuretzky
force-pushed
the
external-storage-verify
branch
from
6b93fb5 to
0c5329b
Compare
- Add 'value' field to ExternalStorageSlot struct to store expected value - Verify all external storage slots by calling getStorageAt(bytes32) on target contracts and comparing returned value against expected value - Remove per-CALL externalSlotsAccessed array - verification now happens upfront - Update error to include expected and actual values for debugging - Add tests for successful verification and mismatch detection - CALL args now simplified to (address, uint256, bytes)
RonTuretzky
force-pushed
the
external-storage-verify
branch
from
e061658 to
5e78bee
Compare
Remove address(this) check since external slots are always for other contracts.
RonTuretzky
force-pushed
the
external-storage-verify
branch
from
761a05f to
5b058f9
Compare
…el call verification - Rename ExternalStorageSlot to ExternalCall with (target, callData, expectedResult) - Change expectedValue from bytes32 to bytes to support arbitrary return data - Update StateChangeHandlerLib to verify external calls by replaying them - Compare full return data using keccak256 hash comparison - Rename error to ExternalCallResultMismatch with detailed info - Update all tests to use new ExternalCall struct and verification pattern - Add test for multiple external call verification
RonTuretzky
force-pushed
the
external-storage-verify
branch
from
d95742d to
881cc7c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
ExternalStorageSlotstruct to represent external storage accesses (address + slot)allowedExternalSlotsparameter toverifyAndUpdatefunctionUnauthorizedExternalStorageAccessif an unauthorized slot is accessedThis enables on-chain verification that execution only read the external storage slots that were proven in the ZK proof, preventing operators from submitting state updates that depend on storage reads they didn't prove.
Test plan