Skip to content

v3.8.1

Choose a tag to compare

View all tags
@fakedev9999 fakedev9999 released this 06 May 03:59
· 5 commits to release/v3.x since this release
v3.8.1
1e8e32e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Maintenance release on the v3.x line that closes GHSA-5jh4-3p33-85xc, a soundness gap in WitnessExecutor::run where a non-interop EndOfSource could let an adversarial witness commit a (claimed_l2_output_root, claimed_l2_block_number) pair referring to different L2 blocks. The fix binds the committed l2BlockNumber to the actual derived safe-head number. The release also backports fault-proof, host, client, and CI fixes from the v4.x line.

Breaking Changes

  • Verification keys have changed — range and aggregation ELFs are rebuilt with the patched WitnessExecutor::run. All deployments must upgrade contracts with the new keys.

Migration Guide (v3.8.0 → v3.8.1)

Since the verification keys have changed, you must upgrade your contracts with the new keys. Follow the upgrade guide for your deployment type:

Verification Key Hashes

Program Verification Key Hash
Ethereum DA Range 0x63edbd04408aba2f48cd5a6677e9e32f5124dda574309132053754dd5134a4ed
Celestia DA Range 0x5b80f840124df3e845c582a72cb1e84763c2f0e55ca0e58459db5eea5ca51971
EigenDA Range 0x1161f3694cc58ad77b308d3814890ad407dee3cc75c40f59786f6e4c0a9a4997
Aggregation 0x004180a741a6e632865cf40aaed19dd20ae0985c3e1da8cdff54c1ceef7c78e6

Summary of Changes

Security

  • WitnessExecutor::run now rejects when the derived safe-head block number does not match BootInfo.claimed_l2_block_number, closing the (l2_output_root, l2_block_number) binding gap (GHSA-5jh4-3p33-85xc).

What's Changed

  • backport(host): classify SafeDB probe outcome so transport errors no longer masquerade as 'enable SafeDB' (#884) by @fakedev9999 in #888
  • backport(fault-proof): pin L1 block during sync to prevent RPC inconsistency (#865) by @fakedev9999 in #889
  • backport(fault-proof): correct resolve() invariant comment (#881) by @fakedev9999 in #890
  • backport(fault-proof): correct maxChallengeDuration return type to uint64 (#891) by @fakedev9999 in #893
  • backport(client): use canonical OP precompile set for fork-correct semantics (#895) by @fakedev9999 in #896
  • backport(ci): run eigenda-proxy ephemerally inside CI jobs (#897) by @fakedev9999 in #898
  • chore: release v3.8.1 by @fakedev9999 in #900

Full Changelog: v3.8.0...v3.8.1

Contributors

fakedev9999
Assets 2
Loading