add chain_id to steel and sp1-cc host, client, and verifier#99
Conversation
|
|
||
| // sp1-cc currently has limitation on supporting custom chain_id without supplying genesis json | ||
| // overwriting cert_validity chain_id to be 1, which is the default mainnet chain_id used by | ||
| // sp1-cc host when chain spec is not specified | ||
| cert_validity.l1_chain_id = 1; |
There was a problem hiding this comment.
can't you modify this before passing it in to validate_cert_receipt? I really don't like seeing mut on inputs
There was a problem hiding this comment.
that will touch the code living in the common path shared between steel and sp1-cc.
For secure integration, chain_id is derived from the trusted BootInfo, so you can't change it on the sp1-cc host side.
We will need to revisit this code anyway in the future to test sp1-cc proof verification within zkvn
There was a problem hiding this comment.
why are you linking random commit links that aren't related to the convo here lol?
Not following your argument "so you can't change it on the sp1-cc host side.". Just create a new struct before calling this function? Functions that do verification should be pure. Patrick keeps repeating this as well for our contacts. verification should be pure.
There was a problem hiding this comment.
The client cannot blindly trust the host, see the updated README
… add notes on readme about waiting for mock deploy to take effect
2 participants
This PR fixes a security issue that chain_id must be attached to canoe to constrain the evm execution rule