BreadchainCoop · RonTuretzky · Mar 11, 2025 · Mar 11, 2025 · Mar 11, 2025 · Mar 11, 2025
diff --git a/src/OperatorStateRetriever.sol b/src/OperatorStateRetriever.sol
@@ -3,10 +3,13 @@ pragma solidity ^0.8.27;
 
 import {ISlashingRegistryCoordinator} from "./interfaces/ISlashingRegistryCoordinator.sol";
 import {IBLSApkRegistry} from "./interfaces/IBLSApkRegistry.sol";
+import {IBLSSignatureCheckerTypes} from "./interfaces/IBLSSignatureChecker.sol";
 import {IStakeRegistry} from "./interfaces/IStakeRegistry.sol";
 import {IIndexRegistry} from "./interfaces/IIndexRegistry.sol";
 
 import {BitmapUtils} from "./libraries/BitmapUtils.sol";
+import {BN254} from "./libraries/BN254.sol";
+import {BN256G2} from "./libraries/BN256G2.sol";
 
 /**
  * @title OperatorStateRetriever with view functions that allow to retrieve the state of an AVSs registry system.
@@ -27,6 +30,7 @@ contract OperatorStateRetriever {
     }
 
     error OperatorNotRegistered();
+    error InvalidSigma();
 
     /**
      * @notice This function is intended to to be called by AVS operators every time a new task is created (i.e.)
@@ -111,9 +115,9 @@ contract OperatorStateRetriever {
     function getCheckSignaturesIndices(
         ISlashingRegistryCoordinator registryCoordinator,
         uint32 referenceBlockNumber,
-        bytes calldata quorumNumbers,
-        bytes32[] calldata nonSignerOperatorIds
-    ) external view returns (CheckSignaturesIndices memory) {
+        bytes memory quorumNumbers,
+        bytes32[] memory nonSignerOperatorIds
+    ) public view returns (CheckSignaturesIndices memory) {
         IStakeRegistry stakeRegistry = registryCoordinator.stakeRegistry();
         CheckSignaturesIndices memory checkSignaturesIndices;
 
@@ -231,4 +235,153 @@ contract OperatorStateRetriever {
             operators[i] = registryCoordinator.getOperatorFromId(operatorIds[i]);
         }
     }
+
+    // avoid stack too deep
+    struct GetNontSignerStakesAndSignatureMemory {
+        BN254.G1Point[] quorumApks;
+        BN254.G2Point apkG2;
+        IIndexRegistry indexRegistry;
+        IBLSApkRegistry blsApkRegistry;
+        bytes32[] signingOperatorIds;
+    }
+    function getNonSignerStakesAndSignature(
+        ISlashingRegistryCoordinator registryCoordinator,
+        bytes calldata quorumNumbers,
+        BN254.G1Point calldata sigma,
+        address[] calldata operators,
+        uint32 blockNumber
+    ) external view returns (IBLSSignatureCheckerTypes.NonSignerStakesAndSignature memory) {
+        GetNontSignerStakesAndSignatureMemory memory m;
+        m.quorumApks = new BN254.G1Point[](quorumNumbers.length);
+        m.indexRegistry = registryCoordinator.indexRegistry();
+        m.blsApkRegistry = registryCoordinator.blsApkRegistry();
+
+        // Safe guard AVSs from generating NonSignerStakesAndSignature with invalid sigma
+        require(_isOnCurve(sigma), InvalidSigma());
+
+        m.signingOperatorIds = new bytes32[](operators.length);
+        for (uint256 i = 0; i < operators.length; i++) {
+            m.signingOperatorIds[i] = registryCoordinator.getOperatorId(operators[i]);
+            BN254.G2Point memory operatorG2Pk = m.blsApkRegistry.getOperatorPubkeyG2(operators[i]);
+            (m.apkG2.X[1], m.apkG2.X[0], m.apkG2.Y[1], m.apkG2.Y[0]) = BN256G2.ECTwistAdd(
+                m.apkG2.X[1], 
+                m.apkG2.X[0], 
+                m.apkG2.Y[1], 
+                m.apkG2.Y[0], 
+                operatorG2Pk.X[1], 
+                operatorG2Pk.X[0], 
+                operatorG2Pk.Y[1], 
+                operatorG2Pk.Y[0]
+            );
+        }
+
+        // extra scope for stack limit
+        {
+        uint32[] memory signingOperatorQuorumBitmapIndices = registryCoordinator
+            .getQuorumBitmapIndicesAtBlockNumber(blockNumber, m.signingOperatorIds);
+        // check that all operators are registered (this is like the check in getCheckSignaturesIndices, but we check against _signing_ operators)
+        for (uint256 i = 0; i < operators.length; i++) {
+            uint192 signingOperatorQuorumBitmap = registryCoordinator
+                .getQuorumBitmapAtBlockNumberByIndex(
+                m.signingOperatorIds[i],
+                blockNumber,
+                signingOperatorQuorumBitmapIndices[i]
+            );
+            require(signingOperatorQuorumBitmap != 0, OperatorNotRegistered());
+        }
+        }
+
+        // we use this as a dynamic array 
+        uint256 nonSignerOperatorsCount = 0;
+        bytes32[] memory nonSignerOperatorIds = new bytes32[](16);
+        // for every quorum
+        for (uint256 i = 0; i < quorumNumbers.length; i++) {
+            bytes32[] memory operatorIdsInQuorum = m.indexRegistry.getOperatorListAtBlockNumber(uint8(quorumNumbers[i]), blockNumber);
+            // Operator IDs are computed from the hash of the BLS public keys, so an operatorId's public key can't change over time
+            // This lets us compute the APK at the given block number
+            m.quorumApks[i] = _computeG1Apk(registryCoordinator, operatorIdsInQuorum);
+            // we check for every operator in the quorum
+            for (uint256 j = 0; j < operatorIdsInQuorum.length; j++) {
+                bool isNewNonSigner = true;
+                // if it is in the signing operators array
+                for (uint256 k = 0; k < m.signingOperatorIds.length; k++) {
+                    if (operatorIdsInQuorum[j] == m.signingOperatorIds[k]) {
+                        isNewNonSigner = false;
+                        break;
+                    }
+                }
+                // or already in the non-signing operators array
+                for (uint256 l = 0; l < nonSignerOperatorsCount; l++) {
+                    if (nonSignerOperatorIds[l] == operatorIdsInQuorum[j]) {
+                        isNewNonSigner = false;
+                        break;
+                    }
+                }
+                // and if not, we add it to the non-signing operators array
+                if (isNewNonSigner) {
+                    // if we are at the end of the array, we need to resize it
+                    if (nonSignerOperatorsCount == nonSignerOperatorIds.length) {
+                        uint256 newCapacity = nonSignerOperatorIds.length * 2;
+                        bytes32[] memory newNonSignerOperatorIds = new bytes32[](newCapacity);
+                        for (uint256 l = 0; l < nonSignerOperatorIds.length; l++) {
+                            newNonSignerOperatorIds[l] = nonSignerOperatorIds[l];
+                        }
+                        nonSignerOperatorIds = newNonSignerOperatorIds;
+                    }
+
+                    nonSignerOperatorIds[nonSignerOperatorsCount] = operatorIdsInQuorum[j];
+                    nonSignerOperatorsCount++;
+                }
+            }
+        }
+
+        // Trim the nonSignerOperatorIds array to the actual count
+        bytes32[] memory trimmedNonSignerOperatorIds = new bytes32[](nonSignerOperatorsCount);
+        for (uint256 i = 0; i < nonSignerOperatorsCount; i++) {
+            trimmedNonSignerOperatorIds[i] = nonSignerOperatorIds[i];
+        }
+
+        BN254.G1Point[] memory nonSignerPubkeys = new BN254.G1Point[](nonSignerOperatorsCount);
+        for (uint256 i = 0; i < nonSignerOperatorsCount; i++) {
+            address nonSignerOperator = registryCoordinator.getOperatorFromId(trimmedNonSignerOperatorIds[i]);
+            (nonSignerPubkeys[i], ) = m.blsApkRegistry.getRegisteredPubkey(nonSignerOperator);
+        }
+
+        CheckSignaturesIndices memory checkSignaturesIndices = getCheckSignaturesIndices(
+            registryCoordinator, 
+            blockNumber, 
+            quorumNumbers, 
+            trimmedNonSignerOperatorIds
+        );
+        return IBLSSignatureCheckerTypes.NonSignerStakesAndSignature({
+            nonSignerQuorumBitmapIndices: checkSignaturesIndices.nonSignerQuorumBitmapIndices,
+            nonSignerPubkeys: nonSignerPubkeys,
+            quorumApks: m.quorumApks,
+            apkG2: m.apkG2,
+            sigma: sigma,
+            quorumApkIndices: checkSignaturesIndices.quorumApkIndices,
+            totalStakeIndices: checkSignaturesIndices.totalStakeIndices,
+            nonSignerStakeIndices: checkSignaturesIndices.nonSignerStakeIndices
+        });
+    }
+
+    function _computeG1Apk(ISlashingRegistryCoordinator registryCoordinator, bytes32[] memory operatorIds) internal view returns (BN254.G1Point memory) {
+        BN254.G1Point memory apk = BN254.G1Point(0, 0);
+        IBLSApkRegistry blsApkRegistry = registryCoordinator.blsApkRegistry();
+        for (uint256 i = 0; i < operatorIds.length; i++) {
+            address operator = registryCoordinator.getOperatorFromId(operatorIds[i]);
+            BN254.G1Point memory operatorPk;
+            (operatorPk.X, operatorPk.Y) = blsApkRegistry.operatorToPubkey(operator);
+            apk = BN254.plus(apk, operatorPk);
+        }
+        return apk;
+    }
+
+    function _isOnCurve(BN254.G1Point memory p) internal view returns (bool) {
+        uint256 y2 = mulmod(p.Y, p.Y, BN254.FP_MODULUS);
+        uint256 x2 = mulmod(p.X, p.X, BN254.FP_MODULUS);
+        uint256 x3 = mulmod(p.X, x2, BN254.FP_MODULUS);
+        uint256 rhs = addmod(x3, 3, BN254.FP_MODULUS);
+        return y2 == rhs;
+    }
 }