DAT-4: Check RollupConfig consistency

derivation/Cargo.toml

@@ -6,6 +6,7 @@ edition = "2021"
 [dependencies]
 thiserror = { workspace = true }
 prost     = { workspace = true }
+serde_json = { workspace = true }
 
 # kona
 kona-preimage = { workspace = true }

derivation/src/derivation.rs

@@ -3,7 +3,7 @@ use crate::errors::Error;
 use crate::oracle::{MemoryOracleClient, NopeHintWriter};
 use alloc::sync::Arc;
 use alloy_consensus::Header;
-use alloy_primitives::{Sealed, B256};
+use alloy_primitives::{keccak256, Sealed, B256};
 use core::clone::Clone;
 use core::fmt::Debug;
 use kona_client::fpvm_evm::FpvmOpEvmFactory;
@@ -12,6 +12,8 @@ use kona_derive::sources::EthereumDataSource;
 use kona_driver::Driver;
 use kona_executor::TrieDBProvider;
 use kona_genesis::RollupConfig;
+use kona_preimage::{PreimageKey, PreimageOracleClient};
+use kona_proof::boot::L2_ROLLUP_CONFIG_KEY;
 use kona_proof::sync::new_oracle_pipeline_cursor;
 use kona_proof::{
     executor::KonaExecutor,
@@ -61,6 +63,8 @@ impl Derivation {
         rollup_config: &RollupConfig,
         oracle: MemoryOracleClient,
     ) -> Result<Header, Error> {
+        verify_config(rollup_config, &oracle).await?;
+
         let boot = &BootInfo {
             l1_head: self.l1_head_hash,
             agreed_l2_output_root: self.agreed_l2_output_root,
@@ -135,3 +139,65 @@ impl Derivation {
         Ok(header)
     }
 }
+
+async fn verify_config(
+    rollup_config: &RollupConfig,
+    oracle: &MemoryOracleClient,
+) -> Result<(), Error> {
+    let config_key = PreimageKey::new_local(L2_ROLLUP_CONFIG_KEY.to());
+    let in_preimage = oracle
+        .get(config_key)
+        .await
+        .map_err(|e| Error::UnexpectedPreimageKey {
+            source: e,
+            key: config_key.key_value().to_be_bytes(),
+        })?;
+    let in_state = serde_json::to_vec(rollup_config)?;
+    if keccak256(&in_state) != keccak256(&in_preimage) {
+        return Err(Error::InvalidRollupConfig(in_preimage, in_state));
+    }
+    Ok(())
+}
+
+#[cfg(test)]
+mod test {
+    use crate::derivation::verify_config;
+    use crate::errors::Error;
+    use crate::oracle::MemoryOracleClient;
+    use crate::types::Preimage;
+    use alloc::vec;
+    use kona_genesis::RollupConfig;
+    use kona_preimage::PreimageKey;
+    use kona_proof::boot::L2_ROLLUP_CONFIG_KEY;
+
+    #[test]
+    fn test_verify_config_not_found_error() {
+        let rollup_config = RollupConfig::default();
+        let oracle = MemoryOracleClient::default();
+        let err = kona_proof::block_on(verify_config(&rollup_config, &oracle)).unwrap_err();
+        match err {
+            Error::UnexpectedPreimageKey { .. } => {}
+            _ => panic!("Unexpected error, got {:?}", err),
+        }
+    }
+
+    #[test]
+    fn test_verify_config_invalid_error() {
+        let rollup_config = RollupConfig::default();
+        let rollup_config2 = RollupConfig {
+            l2_chain_id: rollup_config.l2_chain_id + 1,
+            ..rollup_config.clone()
+        };
+
+        let preimage = vec![Preimage::new(
+            PreimageKey::new_local(L2_ROLLUP_CONFIG_KEY.to()),
+            serde_json::to_vec(&rollup_config2).unwrap(),
+        )];
+        let oracle = MemoryOracleClient::try_from(preimage).unwrap();
+        let err = kona_proof::block_on(verify_config(&rollup_config, &oracle)).unwrap_err();
+        match err {
+            Error::InvalidRollupConfig { .. } => {}
+            _ => panic!("Unexpected error, got {:?}", err),
+        }
+    }
+}

derivation/src/errors.rs

@@ -7,6 +7,8 @@ use kona_preimage::PreimageKey;
 
 #[derive(thiserror::Error, Debug)]
 pub enum Error {
+    #[error("InvalidRollupConfig: in_preimage={0:?}, in_state={1:?}")]
+    InvalidRollupConfig(Vec<u8>, Vec<u8>),
     #[error("InvalidClaim actual={0}, expected={1}")]
     InvalidClaim(B256, B256),
     #[error("UnexpectedKZGCommitment: err={0:?}")]
@@ -48,4 +50,8 @@ pub enum Error {
     DriverError(#[from] kona_driver::DriverError<kona_executor::ExecutorError>),
     #[error("PipelineError: err={0:?}")]
     PipelineError(#[from] kona_derive::errors::PipelineErrorKind),
+    #[error("SerdeError: err={0:?}")]
+    SerdeError(#[from] serde_json::Error),
+    #[error("UnexpectedLocalPreimageKey: key={0:?}")]
+    UnexpectedLocalPreimageKey(PreimageKey),
 }

derivation/src/oracle.rs

@@ -13,6 +13,7 @@ use ark_ff::BigInteger;
 use hashbrown::{HashMap, HashSet};
 use kona_preimage::errors::{PreimageOracleError, PreimageOracleResult};
 use kona_preimage::{HintWriterClient, PreimageKey, PreimageKeyType, PreimageOracleClient};
+use kona_proof::boot::L2_ROLLUP_CONFIG_KEY;
 use kona_proof::l1::ROOTS_OF_UNITY;
 use kona_proof::FlushableCache;
 use sha2::{Digest, Sha256};
@@ -97,6 +98,11 @@ impl TryFrom<Vec<Preimage>> for MemoryOracleClient {
                     verify_keccak256_preimage(&preimage_key, &preimage.data)?
                 }
                 PreimageKeyType::Sha256 => verify_sha256_preimage(&preimage_key, &preimage.data)?,
+                PreimageKeyType::Local => {
+                    if preimage_key.key_value() != L2_ROLLUP_CONFIG_KEY {
+                        return Err(Error::UnexpectedLocalPreimageKey(preimage_key));
+                    }
+                }
                 _ => {}
             }
             inner.insert(preimage_key, preimage.data);
@@ -302,6 +308,16 @@ mod test {
         }
     }
 
+    #[test]
+    fn test_try_from_invalid_local_key() {
+        let preimage = vec![Preimage::new(PreimageKey::new_local(0), vec![0u8; 10])];
+        let err = MemoryOracleClient::try_from(preimage).unwrap_err();
+        match err {
+            Error::UnexpectedLocalPreimageKey(_) => {}
+            _ => panic!("Unexpected error, got: {:?}", err),
+        }
+    }
+
     #[test]
     fn test_try_from_precompile_error() {
         let preimage = vec![Preimage::new(

light-client/src/client.rs

@@ -372,8 +372,8 @@ mod test {
 
     fn get_initial_state() -> (ClientState, ConsensusState) {
         // All the test parameters are created by optimism-ibc-relay-prover#prover_test.go#TestSetupHeadersForUpdateShort
-        let raw_cs = hex!("08e4ab8301121430346563383746363433353343344435433835331a201ee222554989dda120e26ecacf756fe1235cd8d726706b57517715dde4f0c900220310916f32e0097b2267656e65736973223a7b226c31223a7b2268617368223a22307834623265643664313832333330653534656438656537353563643766623566616338383430313430346130303232636630653964306331656565373534363337222c226e756d626572223a31347d2c226c32223a7b2268617368223a22307864646534326639326562396463343535383132653836376133313666393839373831643033356666653735613862333933666139386432313661363131353364222c226e756d626572223a307d2c226c325f74696d65223a313734383234323438392c2273797374656d5f636f6e666967223a7b226261746368657241646472223a22307864336632633561666232643736663535373966333236623063643764613566356134313236633335222c226f76657268656164223a22307830303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030222c227363616c6172223a22307830313030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303063356663353030303030353538222c226761734c696d6974223a36303030303030302c2265697031353539506172616d73223a22307830303030303030303030303030303030222c226f70657261746f72466565506172616d73223a22307830303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030227d7d2c22626c6f636b5f74696d65223a322c226d61785f73657175656e6365725f6472696674223a3630302c227365715f77696e646f775f73697a65223a333630302c226368616e6e656c5f74696d656f7574223a3330302c226c315f636861696e5f6964223a333135313930382c226c325f636861696e5f6964223a323135313930382c227265676f6c6974685f74696d65223a302c2263616e796f6e5f74696d65223a302c2264656c74615f74696d65223a302c2265636f746f6e655f74696d65223a302c22666a6f72645f74696d65223a302c226772616e6974655f74696d65223a302c22686f6c6f63656e655f74696d65223a302c22697374686d75735f74696d65223a302c2262617463685f696e626f785f61646472657373223a22307830306134666534633661616130373239643736393963333837653766323831646436346166613261222c226465706f7369745f636f6e74726163745f61646472657373223a22307836663162666137323138626438373739373235626166656632363137343232353066393134663034222c226c315f73797374656d5f636f6e6669675f61646472657373223a22307837366336396432653931323734346262363461353939643765376234353534346331306437373435222c2270726f746f636f6c5f76657273696f6e735f61646472657373223a22307830303030303030303030303030303030303030303030303030303030303030303030303030303030222c22636861696e5f6f705f636f6e666967223a7b2265697031353539456c6173746963697479223a362c226569703135353944656e6f6d696e61746f72223a35302c226569703135353944656e6f6d696e61746f7243616e796f6e223a3235307d7d3ab3010a20d61ea484febacfae5298d52a2b581f3e305a51f3112a9241b968dccf019f7b11100118e59fd0c106226f0a0410000038120e0a04200000381a0608691036183712140a04300000381a0c08691036183720192812301612140a04400000381a0c08691036183720192812301612140a04500000381a0c08691036183720192822302612150a04600000381a0d08a901105618572019282230262806300838084204080210034a040880a305520410c0843d");
-        let raw_cons_state = hex!("0a20000000000000000000000000000000000000000000000000000000000000000010dbfed1c1061a20b3fd51901751662f8d04bba30c658819044aa4b72ede44ea84501028f7b420bd2080252a308582bbad3f9eee79addd939370c7241ee96d425c6a5d6e7fb89e59ad117c38e62064e56821b77b26353be13b86d6a66c32309325339b023fc50bc744ef7fdd824b7b5bc9315244bb0b39914dec4b902c906f064b9c913de3c16a4a505ca75f5bff2f38e5fdd1c106");
+        let raw_cs = hex!("08e4ab8301121430346563383746363433353343344435433835331a201ee222554989dda120e26ecacf756fe1235cd8d726706b57517715dde4f0c900220310f51832e0097b2267656e65736973223a7b226c31223a7b2268617368223a22307866306532383431333965313765306139383238643035316364383831653061383962333065323235383132636637653934383861383034623566663237346663222c226e756d626572223a31337d2c226c32223a7b2268617368223a22307865663465373630663461613434333863323361653031323162336330323537656662656563373730393339653538386662383838383931313839363737366566222c226e756d626572223a307d2c226c325f74696d65223a313735303735383236392c2273797374656d5f636f6e666967223a7b226261746368657241646472223a22307864336632633561666232643736663535373966333236623063643764613566356134313236633335222c226f76657268656164223a22307830303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030222c227363616c6172223a22307830313030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303063356663353030303030353538222c226761734c696d6974223a36303030303030302c2265697031353539506172616d73223a22307830303030303030303030303030303030222c226f70657261746f72466565506172616d73223a22307830303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030303030227d7d2c22626c6f636b5f74696d65223a322c226d61785f73657175656e6365725f6472696674223a3630302c227365715f77696e646f775f73697a65223a333630302c226368616e6e656c5f74696d656f7574223a3330302c226c315f636861696e5f6964223a333135313930382c226c325f636861696e5f6964223a323135313930382c227265676f6c6974685f74696d65223a302c2263616e796f6e5f74696d65223a302c2264656c74615f74696d65223a302c2265636f746f6e655f74696d65223a302c22666a6f72645f74696d65223a302c226772616e6974655f74696d65223a302c22686f6c6f63656e655f74696d65223a302c22697374686d75735f74696d65223a302c2262617463685f696e626f785f61646472657373223a22307830306134666534633661616130373239643736393963333837653766323831646436346166613261222c226465706f7369745f636f6e74726163745f61646472657373223a22307836306437623838353336323836653234356265333234643664363764376166363133323236356564222c226c315f73797374656d5f636f6e6669675f61646472657373223a22307835323661646465326433303065633330306531633536663637316431313534393739646137373866222c2270726f746f636f6c5f76657273696f6e735f61646472657373223a22307830303030303030303030303030303030303030303030303030303030303030303030303030303030222c22636861696e5f6f705f636f6e666967223a7b2265697031353539456c6173746963697479223a362c226569703135353944656e6f6d696e61746f72223a35302c226569703135353944656e6f6d696e61746f7243616e796f6e223a3235307d7d3ab3010a20d61ea484febacfae5298d52a2b581f3e305a51f3112a9241b968dccf019f7b11100118afe6e9c206226f0a0410000038120e0a04200000381a0608691036183712140a04300000381a0c08691036183720192812301612140a04400000381a0c08691036183720192812301612140a04500000381a0c08691036183720192822302612150a04600000381a0d08a901105618572019282230262806300838084204080210034a040880a305520410c0843d42040867180f");
+        let raw_cons_state = hex!("0a20000000000000000000000000000000000000000000000000000000000000000010e798eac2061a208e79ab04b3b3a29432bfd440c608e8cb7b196886599cbe56f70f20b5e8608c902080082a30951a4e8094f4314641fa83018c875e5cd29f8f02ec027b6a41cf401ae92b83f3c46ab6955c762cb3fd6b76d86e5a82b63230ac7f148eaeb8c2f81db7d4f596042b397e9c29b348ec7abea74e45356942b12ccdafd0e47b3608d95c6b48a54a309aa738af96eac206");
         let raw_cs = RawClientState::decode(raw_cs.as_slice()).unwrap();
         let raw_cons_state = RawConsensusState::decode(raw_cons_state.as_slice()).unwrap();
         let cs = ClientState::try_from(raw_cs).unwrap();
@@ -455,7 +455,7 @@ mod test {
         let ctx = MockClientReader {
             client_state: Some(cs),
             consensus_state: cons_states,
-            time: Some(Time::from_unix_timestamp(1748337388, 0).unwrap()),
+            time: Some(Time::from_unix_timestamp(1750765140, 0).unwrap()),
         };
 
         let client_id = ClientId::from_str("optimism-1").unwrap();

proto/definitions/ibc/lightclients/optimism/v1/optimism.proto

@@ -57,8 +57,10 @@ message Header {
   ibc.core.client.v1.Height trusted_height = 1;
   AccountUpdate account_update = 2;
 
+  // derivation and preimage must be generated using rollup_config in ClientState.
   Derivation derivation = 3;
   bytes preimages = 4;
+
   repeated L1Header trusted_to_deterministic = 5;
   repeated L1Header deterministic_to_latest = 6;
 }

proto/src/prost/ibc.lightclients.optimism.v1.rs

@@ -85,6 +85,7 @@ pub struct Header {
     >,
     #[prost(message, optional, tag = "2")]
     pub account_update: ::core::option::Option<AccountUpdate>,
+    /// derivation and preimage must be generated using rollup_config in ClientState.
     #[prost(message, optional, tag = "3")]
     pub derivation: ::core::option::Option<Derivation>,
     #[prost(bytes = "vec", tag = "4")]