Add CustomDA proof validation interface #357
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
Tristan-Wilson
commented
Jun 18, 2025
Tristan-Wilson
commented
- Introduce ICustomDAProofValidator interface for extensible DA proof validation
- Implement ReferenceDAProofValidator with hash verification and chunk extraction
- Integrate CustomDA validation into OneStepProverHostIo for preimage type 3
- Add comprehensive test coverage for reference validator implementation
- Introduce ICustomDAProofValidator interface for extensible DA proof validation - Implement ReferenceDAProofValidator with hash verification and chunk extraction - Integrate CustomDA validation into OneStepProverHostIo for preimage type 3 - Add comprehensive test coverage for reference validator implementation
gzeoneth
reviewed
Jun 23, 2025
src/osp/OneStepProverHostIo.sol
Outdated
Comment on lines
33
to
41
| ICustomDAProofValidator public customDAValidator; | ||
|
|
||
| function setCustomDAValidator( | ||
| ICustomDAProofValidator _validator | ||
| ) external { | ||
| // TODO: Add appropriate access control | ||
| customDAValidator = _validator; | ||
| } | ||
|
|
There was a problem hiding this comment.
we don't keep any storage in the OSP contract, so instead I think we have 2 options
- store the var in the rollup and have the OSP read from the rollup
- make this immutable and set in the constructor, but we have to consider how it works with the rollup creator
There was a problem hiding this comment.
I would prefer to make this immutable because this allow more deterministic behavior, otherwise the rollup owner may change the DA contract and make a assertion invalid.
…m/OffchainLabs/nitro-contracts into deterministic-factory-deployments
- Add new ValidatePreimage instruction that validates CustomDA certificates - Update ICustomDAProofValidator interface to pass full proof to validateCertificate for extensibility - Implement certificate validation in ReferenceDA, just checking a simple version byte as an example - OSP verifies prover's validity claim matches DA provider's validation result
Implement ECDSA signature validation for CustomDA certificates with configurable trusted signers. This demonstrates how validators can verify that certificates are signed by authorized parties before accepting them as valid. Key changes: - Add trustedSigners mapping to store authorized signer addresses - Implement signature recovery and validation in validateCertificate() - Update certificate format to include ECDSA signature components (v, r, s) - Add comprehensive tests for signature validation scenarios - Document revert vs return behavior for different validation failures
Base automatically changed from
deterministic-factory-deployments
to
develop
September 9, 2025 19:31
yahgwai
reviewed
Sep 16, 2025
|
will work on the review comments |
yahgwai
previously approved these changes
Sep 30, 2025
Since this is a reference implementation only, it's moved into the nitro repo under contracts-local.
|
I've moved the reference implementation into nitro's contracts-local directory. |
…tificate Bug was introduced in 44b2eb4 when refactoring from assembly. The certSize was being read from proof[0:] instead of proof[proofOffset:], causing PROOF_TOO_SHORT errors when the validator tried to use garbage data as the certificate size.
gzeoneth
changed the title
Tristan-Wilson
added a commit
to OffchainLabs/nitro
that referenced
this pull request
Oct 17, 2025
This commit moves the ReferenceDAProofValidator contract and tests from nitro-contracts to contracts-local, as this is a reference implementation that doesn't need to be part of the core nitro-contracts package. The solidity contract was already reviewed in OffchainLabs/nitro-contracts#357 Since the Reference DA contract is now available, this commit activates contract-based certificate validation by uncommenting the ValidateWithContract calls in certificate.go, reference_reader.go, and reference_validator.go. These were previously disabled with TODO comments waiting for contract merge. This commit also includes some changes required for nitro-testnode to work in CustomDA mode with Reference DA. It Ensures contracts are available in Docker builds by copying both contracts/ and contracts-local/ directories. It also adds ReferenceDA signing key to config dump exclusion list to prevent accidental exposure of private keys. This change was merged into the custom-da branch in: #3803 Other changes required that were needed for the standalone daprovider to work with nitro-testnode were: - New parent-chain-node-url and parent-chain-connection-attempts config - L1 client creation in daprovider startup for ReferenceDA mode This change was merged into the custom-da branch in: #3819
Tristan-Wilson
added a commit
to OffchainLabs/nitro
that referenced
this pull request
Oct 17, 2025
This commit moves the ReferenceDAProofValidator contract and tests from nitro-contracts to contracts-local, as this is a reference implementation that doesn't need to be part of the core nitro-contracts package. The solidity contract was already reviewed in OffchainLabs/nitro-contracts#357 Since the Reference DA contract is now available, this commit activates contract-based certificate validation by uncommenting the ValidateWithContract calls in certificate.go, reference_reader.go, and reference_validator.go. These were previously disabled with TODO comments waiting for contract merge. This commit also includes some changes required for nitro-testnode to work in CustomDA mode with Reference DA. It Ensures contracts are available in Docker builds by copying both contracts/ and contracts-local/ directories. It also adds ReferenceDA signing key to config dump exclusion list to prevent accidental exposure of private keys. This change was merged into the custom-da branch in: #3803 Other changes required that were needed for the standalone daprovider to work with nitro-testnode were: - New parent-chain-node-url and parent-chain-connection-attempts config - L1 client creation in daprovider startup for ReferenceDA mode This change was merged into the custom-da branch in: #3819
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.