Ensure the enclave also signs the L2 block number

base-org · Jan 1, 2025 · 4a7e36a · 4a7e36a
1 parent ae515df
commit 4a7e36a
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 10 deletions.
diff --git a/contracts/src/OutputOracle.sol b/contracts/src/OutputOracle.sol
@@ -126,7 +126,8 @@ contract OutputOracle is Initializable, ISemver {
 
             bytes32 previousOutputRoot = l2Outputs[latestOutputIndex].outputRoot;
             address signer = ECDSA.recover(
-                keccak256(abi.encodePacked(configHash, _blockHash, previousOutputRoot, _outputRoot)), _signature
+                keccak256(abi.encodePacked(configHash, _blockHash, _l2BlockNumber, previousOutputRoot, _outputRoot)),
+                _signature
             );
             require(systemConfigGlobal.validSigners(signer), "OutputOracle: invalid signature");
         }

diff --git a/op-enclave/enclave/server.go b/op-enclave/enclave/server.go
@@ -13,6 +13,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"math/big"
 	"os"
 	"time"
 
@@ -230,9 +231,10 @@ func (s *Server) SetSignerKey(ctx context.Context, encrypted hexutil.Bytes) erro
 }
 
 type Proposal struct {
-	OutputRoot   common.Hash
-	Signature    hexutil.Bytes
-	L1OriginHash common.Hash
+	OutputRoot    common.Hash
+	Signature     hexutil.Bytes
+	L1OriginHash  common.Hash
+	L2BlockNumber *hexutil.Big
 }
 
 func (s *Server) ExecuteStateless(
@@ -266,8 +268,10 @@ func (s *Server) ExecuteStateless(
 	prevOutputRoot := outputRootV0(previousBlockHeader, prevMessageAccountHash)
 	outputRoot := outputRootV0(blockHeader, messageAccount.StorageHash)
 	configHash := config.Hash()
+	l2BlockNumber := common.BytesToHash(blockHeader.Number.Bytes())
 
 	data := append(configHash[:], l1OriginHash[:]...)
+	data = append(data, l2BlockNumber[:]...)
 	data = append(data, prevOutputRoot[:]...)
 	data = append(data, outputRoot[:]...)
 	sig, err := crypto.Sign(crypto.Keccak256(data), s.signerKey)
@@ -279,9 +283,10 @@ func (s *Server) ExecuteStateless(
 		return nil, err
 	}
 	return &Proposal{
-		OutputRoot:   outputRoot,
-		Signature:    sig,
-		L1OriginHash: l1OriginHash,
+		OutputRoot:    outputRoot,
+		Signature:     sig,
+		L1OriginHash:  l1OriginHash,
+		L2BlockNumber: (*hexutil.Big)(blockHeader.Number),
 	}, nil
 }
 
@@ -295,9 +300,12 @@ func (s *Server) Aggregate(ctx context.Context, configHash common.Hash, prevOutp
 
 	outputRoot := prevOutputRoot
 	var l1OriginHash common.Hash
+	var l2BlockNumber common.Hash
 	for _, p := range proposals {
 		l1OriginHash = p.L1OriginHash
+		l2BlockNumber = common.BytesToHash(p.L2BlockNumber.ToInt().Bytes())
 		data := append(configHash[:], l1OriginHash[:]...)
+		data = append(data, l2BlockNumber[:]...)
 		data = append(data, outputRoot[:]...)
 		data = append(data, p.OutputRoot[:]...)
 		if !crypto.VerifySignature(crypto.FromECDSAPub(&s.signerKey.PublicKey), crypto.Keccak256(data), p.Signature[:64]) {
@@ -307,6 +315,7 @@ func (s *Server) Aggregate(ctx context.Context, configHash common.Hash, prevOutp
 	}
 
 	data := append(configHash[:], l1OriginHash[:]...)
+	data = append(data, l2BlockNumber[:]...)
 	data = append(data, prevOutputRoot[:]...)
 	data = append(data, outputRoot[:]...)
 	sig, err := crypto.Sign(crypto.Keccak256(data), s.signerKey)
@@ -315,9 +324,10 @@ func (s *Server) Aggregate(ctx context.Context, configHash common.Hash, prevOutp
 	}
 
 	return &Proposal{
-		OutputRoot:   outputRoot,
-		Signature:    sig,
-		L1OriginHash: l1OriginHash,
+		OutputRoot:    outputRoot,
+		Signature:     sig,
+		L1OriginHash:  l1OriginHash,
+		L2BlockNumber: (*hexutil.Big)(new(big.Int).SetBytes(l2BlockNumber[:])),
 	}, nil
 }