EN 2FA validator for Era

[vladbochok]

What ❔

• EraMultisigValidator - intermediate contract that validates multisig signatures of 2FA External Nodes for state transition. Designed for Era chains.
• No changes are required for the EN, only stand-alone tool is needed to sign batches.

Why ❔

Checklist

• [ x PR title corresponds to the body of PR (we generate changelog entries from PRs).
• Tests for the changes have been added / updated.
• Documentation comments have been added / updated.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 4b92171a2e

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

This PR introduces a two-factor authentication (2FA) mechanism for Era chain validators by adding an EraMultisigValidator contract that wraps the existing ValidatorTimelock. The new contract requires a configurable threshold of multisig member approvals before batch execution can proceed, providing an additional security layer where independent nodes verify execution parameters before state transitions are finalized on L1.

Changes:

• Added EraMultisigValidator contract implementing multisig approval mechanism with EIP-712 typed signatures for batch execution
• Added IEraMultisigValidator interface defining the multisig validator API
• Modified ValidatorTimelock to make key functions virtual, enabling inheritance and overriding
• Added comprehensive test suite covering initialization, threshold management, membership changes, approval workflows, and batch execution scenarios

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.

File	Description
EraMultisigValidator.sol	Core implementation of the multisig validator with approval tracking, threshold checking, and call forwarding to ValidatorTimelock
IEraMultisigValidator.sol	Interface defining events, errors, and functions for the multisig validator
ValidatorTimelock.sol	Modified to make precommitSharedBridge, revertBatchesSharedBridge, proveBatchesSharedBridge, and executeBatchesSharedBridge virtual to enable overriding
EraMultisigValidator.t.sol	Comprehensive test suite with 40+ test cases covering all functionality including edge cases

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[mm-zk]

comment

[github-actions]

Coverage after merging vb-validator-2fa-era into draft-v31 will be

91.31%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
contracts/bridge
BridgeHelper.sol	100%	100%	100%	100%
BridgedStandardERC20.sol	96.25%	100%	92.31%	97.01%	231–232
L1ERC20Bridge.sol	97.78%	100%	100%	97.30%	261
L1Nullifier.sol	95.98%	100%	100%	95.24%	432–433, 436, 462, 710, 713, 715, 731
UpgradeableBeaconDeployer.sol	100%	100%	100%	100%
contracts/bridge/asset-router
AssetRouterBase.sol	98.53%	100%	100%	98.21%	128
L1AssetRouter.sol	91.62%	100%	86.67%	92.70%	104, 319, 330, 412–413, 432, 590, 601, 615, 620
contracts/bridge/asset-tracker
AssetTrackerBase.sol	93.55%	100%	88.89%	95.45%	84
GWAssetTracker.sol	89.82%	100%	94.59%	89.08%	105–107, 109–111, 124–125, 262–264, 280, 370, 411, 413–419, 426–427, 647–648, 93
L1AssetTracker.sol	97.95%	100%	100%	97.60%	226, 404, 61
LegacySharedBridgeAddresses.sol	83.33%	100%	100%	81.82%	39, 41
contracts/bridge/interfaces
AssetHandlerModifiers.sol	75%	100%	100%	66.67%	13
contracts/bridge/ntv
L1NativeTokenVault.sol	98.15%	100%	100%	97.67%	183, 185
NativeTokenVaultBase.sol	98.95%	100%	100%	98.74%	141, 146
contracts/common
MessageVerification.sol	88.24%	100%	87.50%	88.46%	34, 41–42
ReentrancyGuard.sol	100%	100%	100%	100%
contracts/common/l2-helpers
L2ContractHelper.sol	98.11%	100%	100%	97.78%	108
SystemContractsCaller.sol	52.50%	100%	60%	51.43%	44–45, 47, 49, 51, 53, 66, 69, 72, 75, 78, 83, 89, 91, 93, 96, 98
contracts/common/libraries
DataEncoding.sol	95.61%	100%	95.65%	95.60%	183, 273, 291, 297
DynamicIncrementalMerkle.sol	100%	100%	100%	100%
DynamicIncrementalMerkleMemory.sol	98.96%	100%	100%	98.84%	196
FullMerkle.sol	98.72%	100%	100%	98.59%	152
FullMerkleMemory.sol	93.81%	100%	100%	93.33%	114, 131, 149, 163, 194, 90
Merkle.sol	100%	100%	100%	100%
MessageHashing.sol	98.67%	100%	100%	98.46%	154
SemVer.sol	100%	100%	100%	100%
UncheckedMath.sol	100%	100%	100%	100%
UnsafeBytes.sol	100%	100%	100%	100%
ZKSyncOSBytecodeInfo.sol	100%	100%	100%	100%
contracts/common/libraries/TransientPrimitives
TransientPrimitives.sol	100%	100%	100%	100%
contracts/core/bridgehub
BridgehubBase.sol	96.86%	100%	100%	96.23%	136, 285, 301, 558, 562, 565
L1Bridgehub.sol	92.78%	100%	100%	91.86%	202, 277, 281–282, 285, 295, 85
L2Bridgehub.sol	66.67%	100%	60%	68.57%	103–104, 112, 114–115, 124, 129–130, 132–133, 76
contracts/core/chain-asset-handler
ChainAssetHandlerBase.sol	85.57%	100%	92.31%	84.52%	104–105, 123–125, 174, 177, 186–187, 320, 324, 346, 97
L1ChainAssetHandler.sol	91.86%	100%	87.50%	92.86%	255, 71–72, 76–77
L2ChainAssetHandler.sol	84.21%	100%	80%	85.71%	120, 124, 69, 93
contracts/core/chain-registration
ChainRegistrationSender.sol	88.24%	100%	100%	85.19%	41, 85, 89, 95
contracts/core/ctm-deployment
CTMDeploymentTracker.sol	100%	100%	100%	100%
contracts/core/message-root
L1MessageRoot.sol	93.88%	100%	88.89%	95%	136–137
L2MessageRoot.sol	61.54%	100%	44.44%	66.67%	101, 108, 39–40, 45–46, 50, 57, 62–63
MessageRootBase.sol	93.52%	100%	100%	92.31%	119, 123, 187, 207, 290, 309, 345
contracts/governance
AccessControlRestriction.sol	100%	100%	100%	100%
ChainAdmin.sol	97.87%	100%	100%	97.30%	39
ChainAdminOwnable.sol	100%	100%	100%	100%
Governance.sol	100%	100%	100%	100%
L2ProxyAdminDeployer.sol	100%	100%	100%	100%
PermanentRestriction.sol	100%	100%	100%	100%
ServerNotifier.sol	100%	100%	100%	100%
TransitionaryOwner.sol	100%	100%	100%	100%
contracts/governance/restriction
Restriction.sol	100%	100%	100%	100%
RestrictionValidator.sol	100%	100%	100%	100%
contracts/interop
AttributesDecoder.sol	100%	100%	100%	100%
InteropCenter.sol	93.90%	100%	89.47%	94.48%	114, 428, 502, 54–55, 59–60, 72
InteropDataEncoding.sol	100%	100%	100%	100%
InteropHandler.sol	91.53%	100%	83.33%	92.45%	33–35, 381, 403, 408, 41–42
L2MessageVerification.sol	100%	100%	100%	100%
contracts/l2-system/zksync-os
L1MessageGasLib.sol	100%	100%	100%	100%
L1Messenger.sol	94.12%	100%	100%	92.86%	29
SystemContext.sol	100%	100%	100%	100%
ZKOSContractDeployer.sol	0%	100%	0%	0%	12–14, 20, 26, 30–31
contracts/l2-upgrades
L2ComplexUpgrader.sol	0%	100%	0%	0%	23–25, 39, 44, 46, 56, 62–63, 70, 79–81, 84, 86–87
L2GenesisForceDeploymentsHelper.sol	93.63%	100%	100%	93.06%	125, 171, 173, 177, 179–180, 210, 216, 425, 92
L2GenesisUpgrade.sol	0%	100%	0%	0%	30, 37, 39–40, 43, 47–50, 53, 55, 63
L2V30TestnetSystemProxiesUpgrade.sol	0%	100%	0%	0%	22, 27–28, 30, 41, 47, 52, 56, 61, 66, 71, 76, 81, 86, 93, 99
L2V31Upgrade.sol	0%	100%	0%	0%	17–18
SystemContractProxy.sol	88%	100%	66.67%	90.91%	16–17
SystemContractProxyAdmin.sol	60%	100%	66.67%	57.14%	12, 18–19
V31AcrossRecovery.sol	0%	100%	0%	0%	43–45, 64–65, 67–68, 72, 77–78, 93
contracts/state-transition
AccessControlEnumerablePerChainAddressUpgradeable.sol	98.25%	100%	100%	97.83%	179
ChainTypeManagerBase.sol	96.19%	100%	100%	95.29%	191, 194, 368, 458, 463, 605, 668, 706, 782
EraChainTypeManager.sol	92.86%	100%	100%	91.67%	29
ZKsyncOSChainTypeManager.sol	100%	100%	100%	100%
contracts/state-transition/chain-deps
DiamondInit.sol	94.12%	100%	100%	93.88%	58, 62, 66
DiamondProxy.sol	100%	100%	100%	100%
StoredBatchHashing.sol	100%	100%	100%	100%
contracts/state-transition/chain-deps/facets
Admin.sol	96.12%	100%	100%	95.48%	137, 141, 145, 215, 240–241, 325, 364
Committer.sol	90.73%	100%	100%	89.92%	146, 171, 178, 224, 227–228, 232–233, 342, 371, 380–381, 390, 452, 479, 486–488, 515, 590, 601, 639, 715, 742
Executor.sol	77.69%	100%	91.67%	76.15%	105–107, 110, 112, 114–115, 117–118, 120, 160, 166–167, 177–179, 187, 245–246, 272, 277, 282,