You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 20, 2024. It is now read-only.
All L1 transactions are controlled by the ethereum address menaing that ethereum transaction needs to be signed in order to perform some action on behalf on the rollup account fromIdx. Then, circuit checks that the msg.sender is the ethereum address in the rollup account fromIdx.
However, some rollup accounts could not have a valid ethereum address since those rollup accounts could be purely L2 rollup accounts. As a reminder, those accounts could be created by the coordinator on L1CoordinatorTx.
Issue
Purely L2 rollup accounts could not perform any L1 transaction since their ethereum address are set to 0xFF...FF. This leads to a DoS from the coordinator to those accounts. Coordinator could not include any transaction from an specifc account and if this account does not have an ethereum address, it will be blocked in the rollup forever.
Solution
Allow acting on behalf for a given rollup account on L1, fromIdx, by proving the ownership of the Babyjubjub associated with that rollup account. Therefore, one could perform L1 Tx either proving ownership of ethereum address or babyjubjub.
implementation approach
Circuit to check babyjubjub signature will be done in order to prove on the smart contract the ownership of a babyjubjub key.
Smart contract would have a mapping of nonces with Babyjubjub keys such as mapping(uint256 => uint40) public nonceTrack; in order to avoid replay attacks. One could took the parameters of a proof and reuse them. (Note: this does not happen with etehreum addresses since ethereum blockchain itself manages the nonce for ethereum addresses)
fromBjj-compressed field on L1 Tx could be used inside the circuit to check ownership
Babyjubjub key would need to sign a message such as Authorize L1 transaction with nonce ${nonce}. This message will be checked on the circuit and in the smart contract.
circuit optimization
Currently, there is one circuit withdrawal to perform withdraws from L1 to ethereum account. The same circuit could be used to perform the babyjubjub signature check. The circuit would have different functionalities and smart contract will select them depending on transaction type.
This optimization saves to add another Verifier.sol into the smart contract and another trusted setup
Intro
All L1 transactions are controlled by the ethereum address menaing that ethereum transaction needs to be signed in order to perform some action on behalf on the rollup account
fromIdx. Then, circuit checks that themsg.senderis the ethereum address in the rollup accountfromIdx.However, some rollup accounts could not have a valid ethereum address since those rollup accounts could be purely L2 rollup accounts. As a reminder, those accounts could be created by the coordinator on
L1CoordinatorTx.Issue
Purely L2 rollup accounts could not perform any L1 transaction since their ethereum address are set to
0xFF...FF. This leads to aDoSfrom the coordinator to those accounts. Coordinator could not include any transaction from an specifc account and if this account does not have an ethereum address, it will be blocked in the rollup forever.Solution
Allow acting on behalf for a given rollup account on L1,
fromIdx, by proving the ownership of the Babyjubjub associated with that rollup account. Therefore, one could perform L1 Tx either proving ownership of ethereum address or babyjubjub.implementation approach
mapping(uint256 => uint40) public nonceTrack;in order to avoid replay attacks. One could took the parameters of a proof and reuse them. (Note: this does not happen with etehreum addresses since ethereum blockchain itself manages the nonce for ethereum addresses)fromBjj-compressedfield on L1 Tx could be used inside the circuit to check ownershipAuthorize L1 transaction with nonce ${nonce}. This message will be checked on the circuit and in the smart contract.circuit optimization
withdrawalto performwithdrawsfrom L1 to ethereum account. The same circuit could be used to perform thebabyjubjub signature check. The circuit would have different functionalities and smart contract will select them depending on transaction type.Verifier.solinto the smart contract and another trusted setup