From 87449e6ce281af566735e762918d7014ac72d490 Mon Sep 17 00:00:00 2001 From: smtmfft Date: Fri, 22 May 2026 13:29:24 +0800 Subject: [PATCH 1/8] feat(protocol): add Proposal0014 for raiko2 v0.2.0 Shasta ZK digests Register RISC0 and SP1 guest IDs from taikoxyz/raiko2 v0.2.0 on Shasta-only mainnet verifiers (additive DAO actions; no L2 or SGX changes). Co-authored-by: Cursor --- .../layer1/proposals/Proposal0014.action.md | 6 ++ .../script/layer1/proposals/Proposal0014.md | 70 +++++++++++++++++++ .../layer1/proposals/Proposal0014.s.sol | 67 ++++++++++++++++++ 3 files changed, 143 insertions(+) create mode 100644 packages/protocol/script/layer1/proposals/Proposal0014.action.md create mode 100644 packages/protocol/script/layer1/proposals/Proposal0014.md create mode 100644 packages/protocol/script/layer1/proposals/Proposal0014.s.sol diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.action.md b/packages/protocol/script/layer1/proposals/Proposal0014.action.md new file mode 100644 index 0000000000..34a4c7f0e1 --- /dev/null +++ b/packages/protocol/script/layer1/proposals/Proposal0014.action.md @@ -0,0 +1,6 @@ +# Proposal0014 + +- To (DAO Controller): `0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a` +- Function: `Execute` +- Value: `0` +- Calldata: `0x0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000000000000000000000000000001a00000000000000000000000000000000000000000000000000000000000000280000000000000000000000000000000000000000000000000000000000000036000000000000000000000000000000000000000000000000000000000000004400000000000000000000000000000000000000000000000000000000000000520000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed761581588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed76158191ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000` diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.md b/packages/protocol/script/layer1/proposals/Proposal0014.md new file mode 100644 index 0000000000..1798371f6a --- /dev/null +++ b/packages/protocol/script/layer1/proposals/Proposal0014.md @@ -0,0 +1,70 @@ +# PROPOSAL-0014: Register raiko2 v0.2.0 Shasta ZK Verifier Digests + +## Executive Summary + +This proposal **additively** registers the RISC Zero and SP1 guest digests from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** on the existing **Shasta-only** verifiers on Ethereum mainnet (`RISC0_SHASTA_VERIFIER`, `SP1_SHASTA_VERIFIER`). + +It executes **6 L1 actions** via the DAO Controller. There are **no** L2 actions, **no** contract upgrades, and **no** SGX / attestation changes. + +This follows the same pattern as [PR #21661 — Proposal0013 (raiko2 v0.1.0)](https://github.com/taikoxyz/taiko-mono/pull/21661). If Proposal0013 is merged first, this proposal is the **next** digest registration for the **[v0.2.0 release](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** (SP1 stack **6.1.0**, consolidated RISC0 aggregation for Boundless; see release notes). + +Earlier trusted image/program IDs from [`Proposal0009`](./Proposal0009.s.sol), [`Proposal0010`](./Proposal0010.s.sol), and optionally Proposal0013 **remain** trusted unless a future proposal revokes them. + +## Rationale + +- Provers built from **raiko2 v0.2.0** emit new RISC0 `image_id` and SP1 program vkey values. On-chain verifiers must whitelist these digests before proofs from that release can verify. +- Scope is intentionally minimal: Shasta verifier addresses only, additive `setImageIdTrusted` / `setProgramTrusted` with `true`. + +## Technical Specification + +### Verifier Targets (unchanged from prior Shasta registrations) + +| Constant | Value | +| ----------------------- | -------------------------------------------- | +| `RISC0_SHASTA_VERIFIER` | `0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b` | +| `SP1_SHASTA_VERIFIER` | `0x96337327648dcFA22b014009cf10A2D5E2F305f6` | + +### Guest digests ([raiko2 v0.2.0 — ZK Guest Digests](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)) + +| Constant | Role (release) | Value (`bytes32`) | +| --------------------------------- | ----------------- | -------------------------------------------------------------------- | +| `RISC0_PROPOSAL_IMAGE_ID` | risc0 proposal | `0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754` | +| `RISC0_AGGREGATION_IMAGE_ID` | risc0 aggregation | `0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f` | +| `SP1_PROPOSAL_VKEY_BN256` | sp1 proposal | `0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580` | +| `SP1_PROPOSAL_VKEY_HASH_BYTES` | sp1 proposal | `0x65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f47580` | +| `SP1_AGGREGATION_VKEY_BN256` | sp1 aggregation | `0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5` | +| `SP1_AGGREGATION_VKEY_HASH_BYTES` | sp1 aggregation | `0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5` | + +### L1 Actions (6 total) + +1. `Risc0Verifier.setImageIdTrusted(RISC0_PROPOSAL_IMAGE_ID, true)` on `RISC0_SHASTA_VERIFIER`. +2. `Risc0Verifier.setImageIdTrusted(RISC0_AGGREGATION_IMAGE_ID, true)` on `RISC0_SHASTA_VERIFIER`. +3. `SP1Verifier.setProgramTrusted(SP1_PROPOSAL_VKEY_BN256, true)` on `SP1_SHASTA_VERIFIER`. +4. `SP1Verifier.setProgramTrusted(SP1_PROPOSAL_VKEY_HASH_BYTES, true)` on `SP1_SHASTA_VERIFIER`. +5. `SP1Verifier.setProgramTrusted(SP1_AGGREGATION_VKEY_BN256, true)` on `SP1_SHASTA_VERIFIER`. +6. `SP1Verifier.setProgramTrusted(SP1_AGGREGATION_VKEY_HASH_BYTES, true)` on `SP1_SHASTA_VERIFIER`. + +## Verification + +1. Open [raiko2 v0.2.0 release](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) and confirm the **ZK Guest Digests** table matches the constants in [`Proposal0014.s.sol`](./Proposal0014.s.sol). + +2. Regenerate the controller calldata (writes `Proposal0014.action.md`): + + ```bash + cd packages/protocol + P=0014 pnpm proposal + ``` + +3. Dry-run on an L1 fork (mainnet RPC): + + ```bash + P=0014 pnpm proposal:dryrun:l1 + ``` + + Expect `DryrunSucceeded()` (or equivalent successful dryrun revert per `BuildProposal`). + +4. Optionally compare digests with the raiko2 build artifact / `guest-digests` output for tag **v0.2.0** (commit **`f5d4665`** on the release page). + +## Security Contacts + +- security@taiko.xyz diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol new file mode 100644 index 0000000000..d989a3f876 --- /dev/null +++ b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol @@ -0,0 +1,67 @@ +// SPDX-License-Identifier: MIT +pragma solidity ^0.8.24; + +import "../governance/BuildProposal.sol"; +import "src/layer1/verifiers/Risc0Verifier.sol"; +import "src/layer1/verifiers/SP1Verifier.sol"; + +// To print the proposal action data: `P=0014 pnpm proposal` +// To dryrun the proposal actions on L1: `P=0014 pnpm proposal:dryrun:l1` +// +// Registers ZK guest digests from raiko2 v0.2.0 on Shasta verifiers only (additive). +// Source: https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0 +contract Proposal0014 is BuildProposal { + address public constant SP1_SHASTA_VERIFIER = 0x96337327648dcFA22b014009cf10A2D5E2F305f6; + address public constant RISC0_SHASTA_VERIFIER = 0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b; + + bytes32 public constant RISC0_PROPOSAL_IMAGE_ID = + bytes32(0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754); + bytes32 public constant RISC0_AGGREGATION_IMAGE_ID = + bytes32(0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f); + + bytes32 public constant SP1_PROPOSAL_VKEY_BN256 = + bytes32(0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580); + bytes32 public constant SP1_PROPOSAL_VKEY_HASH_BYTES = + bytes32(0x65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f47580); + + bytes32 public constant SP1_AGGREGATION_VKEY_BN256 = + bytes32(0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5); + bytes32 public constant SP1_AGGREGATION_VKEY_HASH_BYTES = + bytes32(0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5); + + function buildL1Actions() internal pure override returns (Controller.Action[] memory actions) { + actions = new Controller.Action[](6); + + actions[0] = Controller.Action({ + target: RISC0_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(Risc0Verifier.setImageIdTrusted, (RISC0_PROPOSAL_IMAGE_ID, true)) + }); + actions[1] = Controller.Action({ + target: RISC0_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(Risc0Verifier.setImageIdTrusted, (RISC0_AGGREGATION_IMAGE_ID, true)) + }); + + actions[2] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_BN256, true)) + }); + actions[3] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_HASH_BYTES, true)) + }); + actions[4] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_BN256, true)) + }); + actions[5] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_HASH_BYTES, true)) + }); + } +} From 6fda029f7739e7235e149519da63c2ca43020686 Mon Sep 17 00:00:00 2001 From: smtmfft Date: Fri, 22 May 2026 15:22:04 +0800 Subject: [PATCH 2/8] docs(protocol): expand Proposal0014 for external verifier replay Document tag-scoped raiko2 reproduction, normative digest YAML, and gates for reviewers and automation before DAO approval. Co-authored-by: Cursor --- .../script/layer1/proposals/Proposal0014.md | 258 +++++++++++++++--- 1 file changed, 223 insertions(+), 35 deletions(-) diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.md b/packages/protocol/script/layer1/proposals/Proposal0014.md index 1798371f6a..d918f86461 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.md +++ b/packages/protocol/script/layer1/proposals/Proposal0014.md @@ -1,69 +1,257 @@ # PROPOSAL-0014: Register raiko2 v0.2.0 Shasta ZK Verifier Digests +## Where to read what + +| Artifact | Purpose | +| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **This file (`Proposal0014.md`)** | Human-facing spec: rationale, constants table, **how to regenerate calldata**, **verification checklist** (before and after DAO execution). Reviewers should start here. | +| [`Proposal0014.s.sol`](./Proposal0014.s.sol) | Source of truth for on-chain constants and action encoding (`abi.encodeCall`). Any change to digests happens here first. | +| [`Proposal0014.action.md`](./Proposal0014.action.md) | **Generated** DAO `Execute` calldata. Run `P=0014 pnpm proposal` from `packages/protocol` and commit the output. Do **not** hand-edit this file or it may desync from the Solidity script (same concern as discussed on [PR #21661](https://github.com/taikoxyz/taiko-mono/pull/21661)). | + +**Audience:** Core contributors, **external Security Council / reviewers**, and **automated agents** reproducing raiko2 release artifacts. External parties should treat **§ External verification** as the approval gate; **§ Verification checklist** adds taiko-mono packaging and on-chain read steps. + +--- + ## Executive Summary This proposal **additively** registers the RISC Zero and SP1 guest digests from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** on the existing **Shasta-only** verifiers on Ethereum mainnet (`RISC0_SHASTA_VERIFIER`, `SP1_SHASTA_VERIFIER`). It executes **6 L1 actions** via the DAO Controller. There are **no** L2 actions, **no** contract upgrades, and **no** SGX / attestation changes. -This follows the same pattern as [PR #21661 — Proposal0013 (raiko2 v0.1.0)](https://github.com/taikoxyz/taiko-mono/pull/21661). If Proposal0013 is merged first, this proposal is the **next** digest registration for the **[v0.2.0 release](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** (SP1 stack **6.1.0**, consolidated RISC0 aggregation for Boundless; see release notes). +The structure matches the DAO registration style used for raiko2 ZK digests (see [PR #21661 — Proposal0013](https://github.com/taikoxyz/taiko-mono/pull/21661); numbering on `main` may differ depending on merge order). Earlier trusted IDs from [`Proposal0009`](./Proposal0009.s.sol), [`Proposal0010`](./Proposal0010.s.sol), and any prior digest proposal **stay** trusted unless a future proposal sets them to `false`. -Earlier trusted image/program IDs from [`Proposal0009`](./Proposal0009.s.sol), [`Proposal0010`](./Proposal0010.s.sol), and optionally Proposal0013 **remain** trusted unless a future proposal revokes them. +--- ## Rationale -- Provers built from **raiko2 v0.2.0** emit new RISC0 `image_id` and SP1 program vkey values. On-chain verifiers must whitelist these digests before proofs from that release can verify. -- Scope is intentionally minimal: Shasta verifier addresses only, additive `setImageIdTrusted` / `setProgramTrusted` with `true`. +- Provers produced from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** emit new RISC0 `image_id` and SP1 program verification key identifiers. Until those identifiers are trusted on-chain, proofs from this release cannot pass verification. + +- Scope is intentional: **Shasta verifier proxies only**, **additive** `setImageIdTrusted` / `setProgramTrusted(..., true)`. + +Release highlights relevant to infra (see [release notes](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)): SP1 proving stack **6.1.0**, Boundless-related aggregation path consolidation, etc. Digest values below are copied from that release page. + +--- ## Technical Specification -### Verifier Targets (unchanged from prior Shasta registrations) +### Verifier targets -| Constant | Value | +| Constant | Address | | ----------------------- | -------------------------------------------- | | `RISC0_SHASTA_VERIFIER` | `0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b` | | `SP1_SHASTA_VERIFIER` | `0x96337327648dcFA22b014009cf10A2D5E2F305f6` | -### Guest digests ([raiko2 v0.2.0 — ZK Guest Digests](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)) +### Guest digests (must match [raiko2 v0.2.0 — ZK Guest Digests](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)) + +| Constant (`Proposal0014.s.sol`) | Role on release page | Value (`bytes32`) | +| --------------------------------- | ----------------------------- | -------------------------------------------------------------------- | +| `RISC0_PROPOSAL_IMAGE_ID` | risc0 proposal | `0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754` | +| `RISC0_AGGREGATION_IMAGE_ID` | risc0 aggregation | `0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f` | +| `SP1_PROPOSAL_VKEY_BN256` | sp1 proposal vk_bn254 | `0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580` | +| `SP1_PROPOSAL_VKEY_HASH_BYTES` | sp1 proposal vk_hash_bytes | `0x65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f47580` | +| `SP1_AGGREGATION_VKEY_BN256` | sp1 aggregation vk_bn254 | `0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5` | +| `SP1_AGGREGATION_VKEY_HASH_BYTES` | sp1 aggregation vk_hash_bytes | `0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5` | + +### L1 actions (6 total) + +1. `Risc0Verifier.setImageIdTrusted(RISC0_PROPOSAL_IMAGE_ID, true)` → `RISC0_SHASTA_VERIFIER`. +2. `Risc0Verifier.setImageIdTrusted(RISC0_AGGREGATION_IMAGE_ID, true)` → `RISC0_SHASTA_VERIFIER`. +3. `SP1Verifier.setProgramTrusted(SP1_PROPOSAL_VKEY_BN256, true)` → `SP1_SHASTA_VERIFIER`. +4. `SP1Verifier.setProgramTrusted(SP1_PROPOSAL_VKEY_HASH_BYTES, true)` → `SP1_SHASTA_VERIFIER`. +5. `SP1Verifier.setProgramTrusted(SP1_AGGREGATION_VKEY_BN256, true)` → `SP1_SHASTA_VERIFIER`. +6. `SP1Verifier.setProgramTrusted(SP1_AGGREGATION_VKEY_HASH_BYTES, true)` → `SP1_SHASTA_VERIFIER`. + +--- + +## External verification (independent reviewers & agents) + +### Objective (approval gate) + +Before approving this proposal, an external verifier **MUST** establish that the **six `bytes32` values** registered on L1 are exactly those produced by **building the ZK guest artifacts from the same release cut** as [raiko2 `v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0). Matching the GitHub release **table alone** is a cross-check; **reproducible output from the tag** (or bit-identical CI logs from that tag) is the stronger bar. + +### Canonical release cut (machine-oriented) + +Use these as stable inputs; **resolve the tag to a commit** locally—do not assume a hard-coded commit in this doc if the tag ever moves. + +| Field | Value | +| -------------------- | ------------------------------------------------------ | +| `RAIKO2_REPO` | `https://github.com/taikoxyz/raiko2.git` | +| `RAIKO2_TAG` | `v0.2.0` | +| `RAIKO2_RELEASE_URL` | https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0 | +| `RAIKO2_TREE_URL` | https://github.com/taikoxyz/raiko2/tree/v0.2.0 | + +Record `RAIKO2_COMMIT` after checkout: + +```bash +git clone --branch "$RAIKO2_TAG" --depth 1 "$RAIKO2_REPO" raiko2-verify +cd raiko2-verify +git rev-parse HEAD # this is RAIKO2_COMMIT; compare with the commit GitHub shows for the release/tag +``` + +If `RAIKO2_COMMIT` does not match the commit associated with `v0.2.0` on GitHub, **stop** and reconcile (detached tag, mirror lag, or wrong ref). + +### Normative digests for this proposal (must all match) + +Values **MUST** equal each of: (1) your reproduced build output, (2) the [v0.2.0 release **ZK Guest Digests** table](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0), (3) [`Proposal0014.s.sol`](./Proposal0014.s.sol). Compare as **case-insensitive hex** for `0x` + 64 hex digits. + +```yaml +# Normative bytes32 (64 hex chars after 0x). For agents: parse and compare to build output. +proposal_0014_expected_guest_digests: + risc0_proposal_image_id: "0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754" + risc0_aggregation_image_id: "0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f" + sp1_proposal_vk_bn254: "0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580" + sp1_proposal_vk_hash_bytes: "0x65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f47580" + sp1_aggregation_vk_bn254: "0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5" + sp1_aggregation_vk_hash_bytes: "0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5" +``` + +Mapping to **Solidity** symbols in `Proposal0014.s.sol`: `RISC0_PROPOSAL_IMAGE_ID`, `RISC0_AGGREGATION_IMAGE_ID`, `SP1_PROPOSAL_VKEY_BN256`, `SP1_PROPOSAL_VKEY_HASH_BYTES`, `SP1_AGGREGATION_VKEY_BN256`, `SP1_AGGREGATION_VKEY_HASH_BYTES`. + +### Reproduction procedure (follow raiko2 at `v0.2.0`) + +The exact shell commands depend on how **taikoxyz/raiko2** documents guest builds at that tag. Verifiers **SHALL**: + +1. **Read** at minimum `README.md` (and any `docs/` or `CONTRIBUTING.md` linked from it) **at** `RAIKO2_TAG`. +2. **Inspect** CI under [`.github/workflows/`](https://github.com/taikoxyz/raiko2/tree/v0.2.0/.github/workflows) for the **job that builds guests / prints image IDs and SP1 vkeys** (search for `image_id`, `guest`, `sp1`, `risc0`, `digest`, `vk_bn254`, `hash_bytes`). Re-run the same command sequence in a clean environment, or treat **published CI logs for a workflow run on `RAIKO2_COMMIT`** as equivalent if your policy allows it. +3. **Extract** from build output (or CI log) the six identifiers corresponding to: + - RISC0 **proposal** guest `image_id` + - RISC0 **aggregation** guest `image_id` + - SP1 **proposal** `vk_bn254` and `vk_hash_bytes` + - SP1 **aggregation** `vk_bn254` and `vk_hash_bytes` +4. **Assert** all six equal the YAML block above (and thus the release page and `Proposal0014.s.sol`). + +If the repository does not print all six in one command, use the **documented** split steps (e.g. separate RISC0 vs SP1 targets); the union must still match the YAML. + +### Pass / fail gates (agent checklist) + +| Gate | Check | +| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **G1** | `RAIKO2_TAG` checks out to `RAIKO2_COMMIT` consistent with GitHub’s `v0.2.0` release. | +| **G2** | Reproduced (or CI-attested) build emits **six** digests; each equals the YAML entry **and** a line in [`Proposal0014.s.sol`](./Proposal0014.s.sol). | +| **G3** | Same six values appear on [raiko2 v0.2.0 release](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) under **ZK Guest Digests** (wording may differ; compare by role: proposal vs aggregation, RISC0 vs SP1, bn254 vs hash_bytes). | +| **G4** (post-execution) | On Ethereum mainnet, `isImageTrusted` / `isProgramTrusted` return `true` for each digest (see **§ Verification checklist B**). | + +**Fail closed:** if any gate fails, do not approve until taiko-mono or raiko2 release documentation is corrected. + +### What this proposal does _not_ require external verifiers to do + +- Rebuild **taiko-mono** protocol contracts to “derive” digests (digests come from **raiko2** guests). +- Trust **only** this Markdown file: always anchor on **tag + raiko2 build** and on-chain constants in `.s.sol`. + +--- + +## How to run (local / CI) + +Environment: **repo root monorepo** with `pnpm` installed; Solidity script uses **`FOUNDRY_PROFILE=layer1`** (wired in npm scripts). + +### Step 1 — Install deps (once per machine) + +From monorepo root: + +```bash +pnpm install +``` + +### Step 2 — Compile (`packages/protocol`) + +```bash +cd packages/protocol +FOUNDRY_PROFILE=layer1 forge build --contracts script/layer1/proposals/Proposal0014.s.sol +``` + +(Optional sanity: full `pnpm compile:l1`.) + +### Step 3 — Regenerate DAO action markdown (**required** after any `.s.sol` change) + +```bash +cd packages/protocol +P=0014 pnpm proposal +``` + +Expected outcome: + +- Console prints the DAO `Execute` calldata snippet. +- File `packages/protocol/script/layer1/proposals/Proposal0014.action.md` is **overwritten**. +- Diff the regenerated `Proposal0014.action.md` with git; commit it together with Solidity changes. + +### Step 4 — Dry-run on L1 (mainnet RPC) + +Uses the npm script wrapper (Ethereum mainnet `chain-id=1`; RPC is pinned in [`packages/protocol/package.json`](../../../package.json) `proposal:dryrun:l1`): + +```bash +cd packages/protocol +P=0014 pnpm proposal:dryrun:l1 +``` + +Expected: the script completes per `BuildProposal` / controller `dryrun` behavior (successful dryrun completes with `DryrunSucceeded()` on that code path). + +To use a **different RPC** (fork or paid endpoint), invoke `forge script` manually with `--rpc-url` per your ops policy, matching `MODE=l1dryrun` and `--chain-id=1` behavior from the npm script. + +--- + +## Verification checklist + +### A. Before DAO submission / before merging this PR + +0. **External gate** — Complete **§ External verification** (reproduction + YAML equality). Approvers relying on automation should implement **G1–G3** as machine checks where possible. + +1. **Release parity (manual)** — Open [raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0). Copy each line under **ZK Guest Digests** and confirm **byte-for-byte** equality with [`Proposal0014.s.sol`](./Proposal0014.s.sol). Use this mapping between release wording and Solidity names: + + - Release “risc0 proposal `image_id`” → `RISC0_PROPOSAL_IMAGE_ID` + - Release “risc0 aggregation `image_id`” → `RISC0_AGGREGATION_IMAGE_ID` + - Release “sp1 proposal `vk_bn254`” → `SP1_PROPOSAL_VKEY_BN256` + - Release “sp1 proposal `vk_hash_bytes`” → `SP1_PROPOSAL_VKEY_HASH_BYTES` + - Release “sp1 aggregation `vk_bn254`” → `SP1_AGGREGATION_VKEY_BN256` + - Release “sp1 aggregation `vk_hash_bytes`” → `SP1_AGGREGATION_VKEY_HASH_BYTES` + +2. **Release tag metadata** — On the release page, confirm tag **v0.2.0** and referenced commit (**e.g. `f5d4665`** on the release timeline) matches the build you intend to attest (if release is retagged, re-verify digests). + +3. **Rebuild `Proposal0014.action.md` from source** — After checking constants, run **Step 3** above so `Proposal0014.action.md` cannot drift from `.s.sol`. + +4. **L1 dryrun** — Run **Step 4** above on a workstation with Foundry configured. + +### B. After governance execution on mainnet (`cast read`) + +The verifiers expose public getters: + +- RISC0: `isImageTrusted(bytes32) → bool` +- SP1: `isProgramTrusted(bytes32) → bool` -| Constant | Role (release) | Value (`bytes32`) | -| --------------------------------- | ----------------- | -------------------------------------------------------------------- | -| `RISC0_PROPOSAL_IMAGE_ID` | risc0 proposal | `0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754` | -| `RISC0_AGGREGATION_IMAGE_ID` | risc0 aggregation | `0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f` | -| `SP1_PROPOSAL_VKEY_BN256` | sp1 proposal | `0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580` | -| `SP1_PROPOSAL_VKEY_HASH_BYTES` | sp1 proposal | `0x65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f47580` | -| `SP1_AGGREGATION_VKEY_BN256` | sp1 aggregation | `0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5` | -| `SP1_AGGREGATION_VKEY_HASH_BYTES` | sp1 aggregation | `0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5` | +Replace `$RPC_URL` with a trustworthy mainnet JSON-RPC endpoint. -### L1 Actions (6 total) +**RISC0** -1. `Risc0Verifier.setImageIdTrusted(RISC0_PROPOSAL_IMAGE_ID, true)` on `RISC0_SHASTA_VERIFIER`. -2. `Risc0Verifier.setImageIdTrusted(RISC0_AGGREGATION_IMAGE_ID, true)` on `RISC0_SHASTA_VERIFIER`. -3. `SP1Verifier.setProgramTrusted(SP1_PROPOSAL_VKEY_BN256, true)` on `SP1_SHASTA_VERIFIER`. -4. `SP1Verifier.setProgramTrusted(SP1_PROPOSAL_VKEY_HASH_BYTES, true)` on `SP1_SHASTA_VERIFIER`. -5. `SP1Verifier.setProgramTrusted(SP1_AGGREGATION_VKEY_BN256, true)` on `SP1_SHASTA_VERIFIER`. -6. `SP1Verifier.setProgramTrusted(SP1_AGGREGATION_VKEY_HASH_BYTES, true)` on `SP1_SHASTA_VERIFIER`. +```bash +R=0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b -## Verification +cast call "$R" 'isImageTrusted(bytes32)(bool)' \ + 0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754 --rpc-url "$RPC_URL" +cast call "$R" 'isImageTrusted(bytes32)(bool)' \ + 0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f --rpc-url "$RPC_URL" +``` -1. Open [raiko2 v0.2.0 release](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) and confirm the **ZK Guest Digests** table matches the constants in [`Proposal0014.s.sol`](./Proposal0014.s.sol). +**SP1** -2. Regenerate the controller calldata (writes `Proposal0014.action.md`): +```bash +S=0x96337327648dcFA22b014009cf10A2D5E2F305f6 - ```bash - cd packages/protocol - P=0014 pnpm proposal - ``` +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f47580 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5 --rpc-url "$RPC_URL" +``` -3. Dry-run on an L1 fork (mainnet RPC): +Each call should return `true`. - ```bash - P=0014 pnpm proposal:dryrun:l1 - ``` +### C. Reproduce digests (required for external sign-off; optional for merge-only QA) - Expect `DryrunSucceeded()` (or equivalent successful dryrun revert per `BuildProposal`). +Fully specified under **§ External verification**. Shortcut: clone [taikoxyz/raiko2](https://github.com/taikoxyz/raiko2) at **`v0.2.0`**, follow README / docs / workflows at that tag, extract the six guest identifiers, and assert equality with the **YAML normative block** above and [`Proposal0014.s.sol`](./Proposal0014.s.sol). -4. Optionally compare digests with the raiko2 build artifact / `guest-digests` output for tag **v0.2.0** (commit **`f5d4665`** on the release page). +--- ## Security Contacts From 6e2513ac2370fe4314de200cf13fb144e2c07d4a Mon Sep 17 00:00:00 2001 From: smtmfft <99081233+smtmfft@users.noreply.github.com> Date: Fri, 22 May 2026 07:50:36 +0000 Subject: [PATCH 3/8] Update protocol generated artifacts --- .../script/layer1/proposals/Proposal0014.s.sol | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol index d989a3f876..fa2ee5ce50 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol +++ b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol @@ -40,7 +40,9 @@ contract Proposal0014 is BuildProposal { actions[1] = Controller.Action({ target: RISC0_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(Risc0Verifier.setImageIdTrusted, (RISC0_AGGREGATION_IMAGE_ID, true)) + data: abi.encodeCall( + Risc0Verifier.setImageIdTrusted, (RISC0_AGGREGATION_IMAGE_ID, true) + ) }); actions[2] = Controller.Action({ @@ -51,7 +53,9 @@ contract Proposal0014 is BuildProposal { actions[3] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_HASH_BYTES, true)) + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_HASH_BYTES, true) + ) }); actions[4] = Controller.Action({ target: SP1_SHASTA_VERIFIER, @@ -61,7 +65,9 @@ contract Proposal0014 is BuildProposal { actions[5] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_HASH_BYTES, true)) + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_HASH_BYTES, true) + ) }); } } From 95280939a723bb64a6f8e2510b3af1272017563a Mon Sep 17 00:00:00 2001 From: smtmfft Date: Sat, 23 May 2026 07:29:09 +0800 Subject: [PATCH 4/8] feat(protocol): Proposal0014 add v0.2.0 ZK enables and revoke P9/P10 verifier digests only DISABLE targets only Shasta RISC0/SP1 verifier proxies; SGX MR_ENCLAVE untouched. Proposal0014.action.md regenerated with P=0014 pnpm proposal (parity verified). Co-authored-by: Cursor --- .../layer1/proposals/Proposal0014.action.md | 2 +- .../script/layer1/proposals/Proposal0014.md | 149 ++++++++++++++---- .../layer1/proposals/Proposal0014.s.sol | 121 +++++++++++++- 3 files changed, 238 insertions(+), 34 deletions(-) diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.action.md b/packages/protocol/script/layer1/proposals/Proposal0014.action.md index 34a4c7f0e1..3899a88553 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.action.md +++ b/packages/protocol/script/layer1/proposals/Proposal0014.action.md @@ -3,4 +3,4 @@ - To (DAO Controller): `0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a` - Function: `Execute` - Value: `0` -- Calldata: `0x0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000000000000000000000000000001a00000000000000000000000000000000000000000000000000000000000000280000000000000000000000000000000000000000000000000000000000000036000000000000000000000000000000000000000000000000000000000000004400000000000000000000000000000000000000000000000000000000000000520000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed761581588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed76158191ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000` +- Calldata: `0x0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000001200000000000000000000000000000000000000000000000000000000000002400000000000000000000000000000000000000000000000000000000000000320000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000004e000000000000000000000000000000000000000000000000000000000000005c000000000000000000000000000000000000000000000000000000000000006a00000000000000000000000000000000000000000000000000000000000000780000000000000000000000000000000000000000000000000000000000000086000000000000000000000000000000000000000000000000000000000000009400000000000000000000000000000000000000000000000000000000000000a200000000000000000000000000000000000000000000000000000000000000b000000000000000000000000000000000000000000000000000000000000000be00000000000000000000000000000000000000000000000000000000000000cc00000000000000000000000000000000000000000000000000000000000000da00000000000000000000000000000000000000000000000000000000000000e800000000000000000000000000000000000000000000000000000000000000f6000000000000000000000000000000000000000000000000000000000000010400000000000000000000000000000000000000000000000000000000000001120000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed761581588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed76158191ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed761581779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed76158126abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe7000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed76158146efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed761581dfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0079682c7b5af614273de79761aaad20d1c8e1a65091388b81be836632d382f800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a3cb4163d56bd850967bcf2ec1aaad20d0e470d324244e22e037d06cc32d382f800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0002ac747570512099ca19c17f5a3b9f39697e5617a19ff2f2b2464229a50c7c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000` diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.md b/packages/protocol/script/layer1/proposals/Proposal0014.md index d918f86461..f613f068fe 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.md +++ b/packages/protocol/script/layer1/proposals/Proposal0014.md @@ -1,4 +1,19 @@ -# PROPOSAL-0014: Register raiko2 v0.2.0 Shasta ZK Verifier Digests +# PROPOSAL-0014: Enable raiko2 v0.2.0 Shasta ZK Digests and Disable Legacy (Proposal0009 / Proposal0010) + +## Enable vs disable + +This DAO `Execute` bundle contains **two intent blocks**: + +| Block | Predicate | Meaning | +| ----------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **ENABLE** | `set…Trusted(..., true)` | Registers [raiko2 `v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) guest identifiers on Shasta verifier proxies—same operational style as Proposal0013 / prior digest DAO votes (see [PR #21661](https://github.com/taikoxyz/taiko-mono/pull/21661)). | +| **DISABLE** | `set…Trusted(..., false)` | **Only Shasta SP1+RISC0 verifier proxies:** revoke legacy fingerprints that Proposal0009/0010 registered via `setImageIdTrusted` / `setProgramTrusted` (**not** Proposal0009/0010 `setMrEnclave` / SGX). | + +**Scope:** **`ENABLE`** and **`DISABLE`** each call **`RISC0_SHASTA_VERIFIER` and `SP1_SHASTA_VERIFIER` only** (digest allowlists). **DISABLE intentionally omits every `setMrEnclave` payload** from Proposal0009/Proposal0010 (SGX MR_ENCLAVE stays trusted as today). + +**Execution order:** ENABLE first (**6**), then DISABLE (**12**); one atomic DAO `Execute`. + +--- ## Where to read what @@ -14,11 +29,9 @@ ## Executive Summary -This proposal **additively** registers the RISC Zero and SP1 guest digests from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** on the existing **Shasta-only** verifiers on Ethereum mainnet (`RISC0_SHASTA_VERIFIER`, `SP1_SHASTA_VERIFIER`). - -It executes **6 L1 actions** via the DAO Controller. There are **no** L2 actions, **no** contract upgrades, and **no** SGX / attestation changes. +This proposal (**1**) **ENABLEs** the RISC Zero and SP1 guest digests from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** on the **Shasta-only** verifier proxies (`RISC0_SHASTA_VERIFIER`, `SP1_SHASTA_VERIFIER`), and (**2**) **DISABLEs** the legacy Shasta ZK identifier sets previously enabled under [`Proposal0009`](./Proposal0009.s.sol) and [`Proposal0010`](./Proposal0010.s.sol)—the same bytes32 revocation list Proposal0010 described for a future cleanup. -The structure matches the DAO registration style used for raiko2 ZK digests (see [PR #21661 — Proposal0013](https://github.com/taikoxyz/taiko-mono/pull/21661); numbering on `main` may differ depending on merge order). Earlier trusted IDs from [`Proposal0009`](./Proposal0009.s.sol), [`Proposal0010`](./Proposal0010.s.sol), and any prior digest proposal **stay** trusted unless a future proposal sets them to `false`. +It executes **18 L1 actions** via the DAO Controller (**6 × true**, then **12 × false**). There are **no** L2 actions, **no** contract upgrades, and **no** SGX / attestation changes. --- @@ -26,9 +39,11 @@ The structure matches the DAO registration style used for raiko2 ZK digests (see - Provers produced from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** emit new RISC0 `image_id` and SP1 program verification key identifiers. Until those identifiers are trusted on-chain, proofs from this release cannot pass verification. -- Scope is intentional: **Shasta verifier proxies only**, **additive** `setImageIdTrusted` / `setProgramTrusted(..., true)`. +- **Legacy cleanup:** zk:v1.16.0 (Proposal0009) and the Proposal0010 hotfix bundle remain trusted alongside newer registrars unless explicitly revoked ([Proposal0010.md](./Proposal0010.md)). The **DISABLE** block in this proposal clears those older Shasta verifier entries so proving policy tracks the exercised raiko2 line. + +- Scope remains **Shasta verifier proxies only**—no unrelated allowlist or SGX churn. -Release highlights relevant to infra (see [release notes](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)): SP1 proving stack **6.1.0**, Boundless-related aggregation path consolidation, etc. Digest values below are copied from that release page. +Release highlights relevant to infra (see [release notes](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)): SP1 proving stack **6.1.0**, Boundless-related aggregation path consolidation, etc. The six ENABLE `bytes32` values are copied from that release page. --- @@ -41,7 +56,7 @@ Release highlights relevant to infra (see [release notes](https://github.com/tai | `RISC0_SHASTA_VERIFIER` | `0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b` | | `SP1_SHASTA_VERIFIER` | `0x96337327648dcFA22b014009cf10A2D5E2F305f6` | -### Guest digests (must match [raiko2 v0.2.0 — ZK Guest Digests](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)) +### ENABLE — Guest digests (must match [raiko2 v0.2.0 — ZK Guest Digests](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)) | Constant (`Proposal0014.s.sol`) | Role on release page | Value (`bytes32`) | | --------------------------------- | ----------------------------- | -------------------------------------------------------------------- | @@ -52,14 +67,39 @@ Release highlights relevant to infra (see [release notes](https://github.com/tai | `SP1_AGGREGATION_VKEY_BN256` | sp1 aggregation vk_bn254 | `0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5` | | `SP1_AGGREGATION_VKEY_HASH_BYTES` | sp1 aggregation vk_hash_bytes | `0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5` | -### L1 actions (6 total) +### DISABLE — Identifiers revoked (`false`; **SP1+RISC0 verifiers only**) + +These rows mirror **`setImageIdTrusted` / `setProgramTrusted`** from historic proposals. Proposal0009/0010 also registered SGX **`setMrEnclave(..., true)`** on attesters—that **explicitly stays out of this DAO payload** so MR_ENCLAVE trust is unchanged until a future governance item says otherwise. + +**Proposal0009** (ZK subset only — L1 [`Proposal0009.s.sol`](./Proposal0009.s.sol) actions 4–9, **not** SGX actions 10–12): -1. `Risc0Verifier.setImageIdTrusted(RISC0_PROPOSAL_IMAGE_ID, true)` → `RISC0_SHASTA_VERIFIER`. -2. `Risc0Verifier.setImageIdTrusted(RISC0_AGGREGATION_IMAGE_ID, true)` → `RISC0_SHASTA_VERIFIER`. -3. `SP1Verifier.setProgramTrusted(SP1_PROPOSAL_VKEY_BN256, true)` → `SP1_SHASTA_VERIFIER`. -4. `SP1Verifier.setProgramTrusted(SP1_PROPOSAL_VKEY_HASH_BYTES, true)` → `SP1_SHASTA_VERIFIER`. -5. `SP1Verifier.setProgramTrusted(SP1_AGGREGATION_VKEY_BN256, true)` → `SP1_SHASTA_VERIFIER`. -6. `SP1Verifier.setProgramTrusted(SP1_AGGREGATION_VKEY_HASH_BYTES, true)` → `SP1_SHASTA_VERIFIER`. +| Solidity constant (`Proposal0014.s.sol`) | Hex `bytes32` | +| ---------------------------------------- | -------------------------------------------------------------------- | +| `RISC0_P9_BOUNDLESS_BATCH_IMAGE_ID` | `0x779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544` | +| `RISC0_P9_BOUNDLESS_SHASTA_AGG_IMAGE_ID` | `0x26abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee7` | +| `SP1_P9_PROG_A` | `0x0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e7` | +| `SP1_P9_PROG_B` | `0x137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e7` | +| `SP1_P9_PROG_C` | `0x008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe7` | +| `SP1_P9_PROG_D` | `0x471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe7` | + +**Proposal0010** (ZK subset only — [`Proposal0010.s.sol`](./Proposal0010.s.sol) L1 digest actions **0–5**, **not** attester actions 6–8): + +| Solidity constant (`Proposal0014.s.sol`) | Hex `bytes32` | +| ---------------------------------------- | -------------------------------------------------------------------- | +| `RISC0_P10_BATCH_IMAGE_ID` | `0x46efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b` | +| `RISC0_P10_SHASTA_AGG_IMAGE_ID` | `0xdfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e` | +| `SP1_P10_BATCH_VKEY_BN256` | `0x0079682c7b5af614273de79761aaad20d1c8e1a65091388b81be836632d382f8` | +| `SP1_P10_BATCH_VKEY_HASH_BYTES` | `0x3cb4163d56bd850967bcf2ec1aaad20d0e470d324244e22e037d06cc32d382f8` | +| `SP1_P10_AGG_VKEY_BN256` | `0x0002ac747570512099ca19c17f5a3b9f39697e5617a19ff2f2b2464229a50c7c` | +| `SP1_P10_AGG_VKEY_HASH_BYTES` | `0x01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c` | + +### L1 actions (**18 total**) + +**ENABLE (6)** — `true` payloads for raiko2 v0.2.0 (same semantics as standalone digest registration proposals). + +**DISABLE (12)** — `false` for the twelve `bytes32` rows above (`RISC0Verifier`/`SP1Verifier` targets unchanged). + +Concrete ordering matches [`Proposal0014.s.sol`](./Proposal0014.s.sol). --- @@ -67,11 +107,15 @@ Release highlights relevant to infra (see [release notes](https://github.com/tai ### Objective (approval gate) -Before approving this proposal, an external verifier **MUST** establish that the **six `bytes32` values** registered on L1 are exactly those produced by **building the ZK guest artifacts from the same release cut** as [raiko2 `v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0). Matching the GitHub release **table alone** is a cross-check; **reproducible output from the tag** (or bit-identical CI logs from that tag) is the stronger bar. +Approvers distinguish two evidence tracks: + +**ENABLE (six values):** an external verifier **MUST** prove that each `bytes32` in **§ ENABLE** / the YAML normative block is produced by building ZK guests at [raiko2 `v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) (**reproducible output from the tag**—or bit-identical CI logs—as the strong bar; the release web table remains a sanity cross-check). + +**DISABLE (twelve values):** these **must** match the verified historical payloads from **`Proposal0009.s.sol`** (ZK actions **4–9**) and **`Proposal0010.s.sol`** for their `..., true)` registrations—**no raiko rebuild is required.** Before execution they should currently read **`true`** on-chain; after execution **`false`** (see **§ B**). ### Canonical release cut (machine-oriented) -Use these as stable inputs; **resolve the tag to a commit** locally—do not assume a hard-coded commit in this doc if the tag ever moves. +Use these as stable inputs for the **six ENABLE IDs** above; **resolve the tag to a commit** locally—do not assume a hard-coded commit in this doc if the tag ever moves. | Field | Value | | -------------------- | ------------------------------------------------------ | @@ -90,9 +134,9 @@ git rev-parse HEAD # this is RAIKO2_COMMIT; compare with the commit GitHub sho If `RAIKO2_COMMIT` does not match the commit associated with `v0.2.0` on GitHub, **stop** and reconcile (detached tag, mirror lag, or wrong ref). -### Normative digests for this proposal (must all match) +### Normative ENABLE digests (**six** values; must all match after reproduction) -Values **MUST** equal each of: (1) your reproduced build output, (2) the [v0.2.0 release **ZK Guest Digests** table](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0), (3) [`Proposal0014.s.sol`](./Proposal0014.s.sol). Compare as **case-insensitive hex** for `0x` + 64 hex digits. +For the **`true`** block only—values **MUST** equal each of: (1) your reproduced build output, (2) the [v0.2.0 release **ZK Guest Digests** table](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0), (3) [`Proposal0014.s.sol`](./Proposal0014.s.sol). Compare as **case-insensitive hex** for `0x` + 64 hex digits. ```yaml # Normative bytes32 (64 hex chars after 0x). For agents: parse and compare to build output. @@ -124,17 +168,20 @@ If the repository does not print all six in one command, use the **documented** ### Pass / fail gates (agent checklist) -| Gate | Check | -| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **G1** | `RAIKO2_TAG` checks out to `RAIKO2_COMMIT` consistent with GitHub’s `v0.2.0` release. | -| **G2** | Reproduced (or CI-attested) build emits **six** digests; each equals the YAML entry **and** a line in [`Proposal0014.s.sol`](./Proposal0014.s.sol). | -| **G3** | Same six values appear on [raiko2 v0.2.0 release](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) under **ZK Guest Digests** (wording may differ; compare by role: proposal vs aggregation, RISC0 vs SP1, bn254 vs hash_bytes). | -| **G4** (post-execution) | On Ethereum mainnet, `isImageTrusted` / `isProgramTrusted` return `true` for each digest (see **§ Verification checklist B**). | +| Gate | Check | +| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **G1** | `RAIKO2_TAG` checks out to `RAIKO2_COMMIT` consistent with GitHub’s `v0.2.0` release. | +| **G2** | Reproduced (or CI-attested) build emits the **six ENABLE** digests; each equals the YAML entry **and** a line in [`Proposal0014.s.sol`](./Proposal0014.s.sol). | +| **G3** | Same six values appear on [raiko2 v0.2.0 release](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) under **ZK Guest Digests**. | +| **G4** (pre-execution) | Chain reads / Etherscan: each legacy `bytes32` in **§ DISABLE** is **`true`** today (Proposal0009/0010). | +| **G5** (post-execution) | **ENABLE** digests decode to **`true`**; **DISABLE** rows decode to **`false`** (`isImageTrusted` / `isProgramTrusted`; see checklist **§ B**). | -**Fail closed:** if any gate fails, do not approve until taiko-mono or raiko2 release documentation is corrected. +**Fail closed:** if **ENABLE** reproduction or release parity (**G2**/**G3**) fails, halt; if **G4** shows a legacy marker already **`false`** on mainnet, reconcile upstream revocations before approving; fix documentation or Solidity before approving any persistent mismatch after execution (**G5**). ### What this proposal does _not_ require external verifiers to do +- Rebuild historic **zk:v1.16.0** or Proposal0010 **hotfix** guests to attest the DISABLE list—anchor cross-check on Proposal0009/0010 Solidity and pre-/post-chain reads instead. + - Rebuild **taiko-mono** protocol contracts to “derive” digests (digests come from **raiko2** guests). - Trust **only** this Markdown file: always anchor on **tag + raiko2 build** and on-chain constants in `.s.sol`. @@ -193,7 +240,7 @@ To use a **different RPC** (fork or paid endpoint), invoke `forge script` manual ### A. Before DAO submission / before merging this PR -0. **External gate** — Complete **§ External verification** (reproduction + YAML equality). Approvers relying on automation should implement **G1–G3** as machine checks where possible. +0. **External gate** — Complete **§ External verification**. Automation should ideally cover **G1–G5** (ENABLE reproduction **and** DISABLE cross-check paths). 1. **Release parity (manual)** — Open [raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0). Copy each line under **ZK Guest Digests** and confirm **byte-for-byte** equality with [`Proposal0014.s.sol`](./Proposal0014.s.sol). Use this mapping between release wording and Solidity names: @@ -210,6 +257,8 @@ To use a **different RPC** (fork or paid endpoint), invoke `forge script` manual 4. **L1 dryrun** — Run **Step 4** above on a workstation with Foundry configured. +5. **DISABLE cross-check** — Confirm every **`false`** digest in **`Proposal0014.s.sol`** still matches Proposal0009/0010’s historical `..., true)` registrations (grep / diff against [`Proposal0009.s.sol`](./Proposal0009.s.sol) actions 4–9 and [`Proposal0010.s.sol`](./Proposal0010.s.sol) ZK block). + ### B. After governance execution on mainnet (`cast read`) The verifiers expose public getters: @@ -219,7 +268,9 @@ The verifiers expose public getters: Replace `$RPC_URL` with a trustworthy mainnet JSON-RPC endpoint. -**RISC0** +**ENABLE — raiko2 v0.2.0 (expect `true` after execution)** + +RISC0: ```bash R=0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b @@ -230,7 +281,7 @@ cast call "$R" 'isImageTrusted(bytes32)(bool)' \ 0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f --rpc-url "$RPC_URL" ``` -**SP1** +SP1: ```bash S=0x96337327648dcFA22b014009cf10A2D5E2F305f6 @@ -245,7 +296,45 @@ cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ 0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5 --rpc-url "$RPC_URL" ``` -Each call should return `true`. +Expect **`true`** for each call **after** the DAO executes Proposal0014. + +**DISABLE — Proposal0009 / Proposal0010 ZK bundles (expect `false` after execution)** + +RISC0 (same `$R`; four image IDs revoked across P9+P10): + +```bash +cast call "$R" 'isImageTrusted(bytes32)(bool)' \ + 0x779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544 --rpc-url "$RPC_URL" +cast call "$R" 'isImageTrusted(bytes32)(bool)' \ + 0x26abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee7 --rpc-url "$RPC_URL" +cast call "$R" 'isImageTrusted(bytes32)(bool)' \ + 0x46efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b --rpc-url "$RPC_URL" +cast call "$R" 'isImageTrusted(bytes32)(bool)' \ + 0xdfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e --rpc-url "$RPC_URL" +``` + +SP1 (same `$S`; eight program keys revoked across P9+P10): + +```bash +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e7 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e7 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe7 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe7 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x0079682c7b5af614273de79761aaad20d1c8e1a65091388b81be836632d382f8 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x3cb4163d56bd850967bcf2ec1aaad20d0e470d324244e22e037d06cc32d382f8 --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x0002ac747570512099ca19c17f5a3b9f39697e5617a19ff2f2b2464229a50c7c --rpc-url "$RPC_URL" +cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ + 0x01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c --rpc-url "$RPC_URL" +``` + +Expect **`false`** for each DISABLE row **after** execution (and typically **`true`** immediately **before**, per **G4**). ### C. Reproduce digests (required for external sign-off; optional for merge-only QA) diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol index fa2ee5ce50..4e185de219 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol +++ b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol @@ -8,12 +8,19 @@ import "src/layer1/verifiers/SP1Verifier.sol"; // To print the proposal action data: `P=0014 pnpm proposal` // To dryrun the proposal actions on L1: `P=0014 pnpm proposal:dryrun:l1` // -// Registers ZK guest digests from raiko2 v0.2.0 on Shasta verifiers only (additive). +// ENABLE: Registers ZK guest digests from raiko2 v0.2.0 on Shasta verifiers only (`true`). // Source: https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0 +// +// DISABLE: Revokes legacy Shasta ZK digests from Proposal0009 (zk:v1.16.0) and Proposal0010 +// (emergency hotfix). Targets ONLY `RISC0_SHASTA_VERIFIER` and `SP1_SHASTA_VERIFIER` +// (`setImageIdTrusted` / `setProgramTrusted` with false). Proposal0009/0010 `setMrEnclave` +// entries on attesters are NOT included. contract Proposal0014 is BuildProposal { address public constant SP1_SHASTA_VERIFIER = 0x96337327648dcFA22b014009cf10A2D5E2F305f6; address public constant RISC0_SHASTA_VERIFIER = 0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b; + // --- ENABLE: raiko2 v0.2.0 (release ZK Guest Digests) --- + bytes32 public constant RISC0_PROPOSAL_IMAGE_ID = bytes32(0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754); bytes32 public constant RISC0_AGGREGATION_IMAGE_ID = @@ -29,9 +36,40 @@ contract Proposal0014 is BuildProposal { bytes32 public constant SP1_AGGREGATION_VKEY_HASH_BYTES = bytes32(0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5); + // --- DISABLE: Proposal0009 (Proposal0009.s.sol L1 ZK actions 4–9) --- + + bytes32 public constant RISC0_P9_BOUNDLESS_BATCH_IMAGE_ID = + bytes32(0x779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544); + bytes32 public constant RISC0_P9_BOUNDLESS_SHASTA_AGG_IMAGE_ID = + bytes32(0x26abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee7); + bytes32 public constant SP1_P9_PROG_A = + bytes32(0x0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e7); + bytes32 public constant SP1_P9_PROG_B = + bytes32(0x137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e7); + bytes32 public constant SP1_P9_PROG_C = + bytes32(0x008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe7); + bytes32 public constant SP1_P9_PROG_D = + bytes32(0x471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe7); + + // --- DISABLE: Proposal0010 (`Proposal0010.s.sol`) --- + + bytes32 public constant RISC0_P10_BATCH_IMAGE_ID = + bytes32(0x46efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b); + bytes32 public constant RISC0_P10_SHASTA_AGG_IMAGE_ID = + bytes32(0xdfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e); + bytes32 public constant SP1_P10_BATCH_VKEY_BN256 = + bytes32(0x0079682c7b5af614273de79761aaad20d1c8e1a65091388b81be836632d382f8); + bytes32 public constant SP1_P10_BATCH_VKEY_HASH_BYTES = + bytes32(0x3cb4163d56bd850967bcf2ec1aaad20d0e470d324244e22e037d06cc32d382f8); + bytes32 public constant SP1_P10_AGG_VKEY_BN256 = + bytes32(0x0002ac747570512099ca19c17f5a3b9f39697e5617a19ff2f2b2464229a50c7c); + bytes32 public constant SP1_P10_AGG_VKEY_HASH_BYTES = + bytes32(0x01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c); + function buildL1Actions() internal pure override returns (Controller.Action[] memory actions) { - actions = new Controller.Action[](6); + actions = new Controller.Action[](18); + // --- ENABLE: raiko2 v0.2.0 --- actions[0] = Controller.Action({ target: RISC0_SHASTA_VERIFIER, value: 0, @@ -44,7 +82,6 @@ contract Proposal0014 is BuildProposal { Risc0Verifier.setImageIdTrusted, (RISC0_AGGREGATION_IMAGE_ID, true) ) }); - actions[2] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, @@ -69,5 +106,83 @@ contract Proposal0014 is BuildProposal { SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_HASH_BYTES, true) ) }); + + // --- DISABLE: Proposal0009 Shasta ZK digests --- + actions[6] = Controller.Action({ + target: RISC0_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall( + Risc0Verifier.setImageIdTrusted, (RISC0_P9_BOUNDLESS_BATCH_IMAGE_ID, false) + ) + }); + actions[7] = Controller.Action({ + target: RISC0_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall( + Risc0Verifier.setImageIdTrusted, (RISC0_P9_BOUNDLESS_SHASTA_AGG_IMAGE_ID, false) + ) + }); + actions[8] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_PROG_A, false)) + }); + actions[9] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_PROG_B, false)) + }); + actions[10] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_PROG_C, false)) + }); + actions[11] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_PROG_D, false)) + }); + + // --- DISABLE: Proposal0010 Shasta ZK digests --- + actions[12] = Controller.Action({ + target: RISC0_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall( + Risc0Verifier.setImageIdTrusted, (RISC0_P10_BATCH_IMAGE_ID, false) + ) + }); + actions[13] = Controller.Action({ + target: RISC0_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall( + Risc0Verifier.setImageIdTrusted, (RISC0_P10_SHASTA_AGG_IMAGE_ID, false) + ) + }); + actions[14] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_BN256, false) + ) + }); + actions[15] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_HASH_BYTES, false) + ) + }); + actions[16] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P10_AGG_VKEY_BN256, false)) + }); + actions[17] = Controller.Action({ + target: SP1_SHASTA_VERIFIER, + value: 0, + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_P10_AGG_VKEY_HASH_BYTES, false) + ) + }); } } From bca6569890b9b477167fd85e66e5220a353814ba Mon Sep 17 00:00:00 2001 From: smtmfft Date: Sat, 23 May 2026 07:34:04 +0800 Subject: [PATCH 5/8] docs(protocol): fix Proposal0014 wording for prose linters Use "enables"/"disables" instead of abbreviated ENABLEs/DISABLEs to avoid spell-check false positives while keeping the same meaning. Co-authored-by: Cursor --- packages/protocol/script/layer1/proposals/Proposal0014.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.md b/packages/protocol/script/layer1/proposals/Proposal0014.md index f613f068fe..73cb2b0a95 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.md +++ b/packages/protocol/script/layer1/proposals/Proposal0014.md @@ -29,7 +29,7 @@ This DAO `Execute` bundle contains **two intent blocks**: ## Executive Summary -This proposal (**1**) **ENABLEs** the RISC Zero and SP1 guest digests from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** on the **Shasta-only** verifier proxies (`RISC0_SHASTA_VERIFIER`, `SP1_SHASTA_VERIFIER`), and (**2**) **DISABLEs** the legacy Shasta ZK identifier sets previously enabled under [`Proposal0009`](./Proposal0009.s.sol) and [`Proposal0010`](./Proposal0010.s.sol)—the same bytes32 revocation list Proposal0010 described for a future cleanup. +This proposal (**1**) **enables** the RISC Zero and SP1 guest digests from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** on the **Shasta-only** verifier proxies (`RISC0_SHASTA_VERIFIER`, `SP1_SHASTA_VERIFIER`), and (**2**) **disables** the legacy Shasta ZK identifier sets previously enabled under [`Proposal0009`](./Proposal0009.s.sol) and [`Proposal0010`](./Proposal0010.s.sol)—the same bytes32 revocation list Proposal0010 described for a future cleanup. It executes **18 L1 actions** via the DAO Controller (**6 × true**, then **12 × false**). There are **no** L2 actions, **no** contract upgrades, and **no** SGX / attestation changes. From 4602e05d08c0c467acbd75779b1ec8db9aae8a6d Mon Sep 17 00:00:00 2001 From: smtmfft <99081233+smtmfft@users.noreply.github.com> Date: Fri, 22 May 2026 23:39:56 +0000 Subject: [PATCH 6/8] Update protocol generated artifacts --- .../protocol/script/layer1/proposals/Proposal0014.s.sol | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol index 4e185de219..22ccde415b 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol +++ b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol @@ -147,9 +147,7 @@ contract Proposal0014 is BuildProposal { actions[12] = Controller.Action({ target: RISC0_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall( - Risc0Verifier.setImageIdTrusted, (RISC0_P10_BATCH_IMAGE_ID, false) - ) + data: abi.encodeCall(Risc0Verifier.setImageIdTrusted, (RISC0_P10_BATCH_IMAGE_ID, false)) }); actions[13] = Controller.Action({ target: RISC0_SHASTA_VERIFIER, @@ -161,9 +159,7 @@ contract Proposal0014 is BuildProposal { actions[14] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall( - SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_BN256, false) - ) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_BN256, false)) }); actions[15] = Controller.Action({ target: SP1_SHASTA_VERIFIER, From 0e21148e8957dd75624d0bab234b9141b4ad0742 Mon Sep 17 00:00:00 2001 From: smtmfft Date: Fri, 29 May 2026 00:16:24 +0800 Subject: [PATCH 7/8] fix(protocol): keep proposal 14 sp1-only --- .../layer1/proposals/Proposal0014.action.md | 2 +- .../script/layer1/proposals/Proposal0014.md | 259 +++++------------- .../layer1/proposals/Proposal0014.s.sol | 120 ++------ 3 files changed, 105 insertions(+), 276 deletions(-) diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.action.md b/packages/protocol/script/layer1/proposals/Proposal0014.action.md index 3899a88553..e9314be803 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.action.md +++ b/packages/protocol/script/layer1/proposals/Proposal0014.action.md @@ -3,4 +3,4 @@ - To (DAO Controller): `0x75Ba76403b13b26AD1beC70D6eE937314eeaCD0a` - Function: `Execute` - Value: `0` -- Calldata: `0x0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000001200000000000000000000000000000000000000000000000000000000000002400000000000000000000000000000000000000000000000000000000000000320000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000004e000000000000000000000000000000000000000000000000000000000000005c000000000000000000000000000000000000000000000000000000000000006a00000000000000000000000000000000000000000000000000000000000000780000000000000000000000000000000000000000000000000000000000000086000000000000000000000000000000000000000000000000000000000000009400000000000000000000000000000000000000000000000000000000000000a200000000000000000000000000000000000000000000000000000000000000b000000000000000000000000000000000000000000000000000000000000000be00000000000000000000000000000000000000000000000000000000000000cc00000000000000000000000000000000000000000000000000000000000000da00000000000000000000000000000000000000000000000000000000000000e800000000000000000000000000000000000000000000000000000000000000f6000000000000000000000000000000000000000000000000000000000000010400000000000000000000000000000000000000000000000000000000000001120000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed761581588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed76158191ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed761581779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed76158126abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe7000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed76158146efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000059daf31f571da48ab4e74ae12f64f907681cd8b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044ed761581dfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0079682c7b5af614273de79761aaad20d1c8e1a65091388b81be836632d382f800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a3cb4163d56bd850967bcf2ec1aaad20d0e470d324244e22e037d06cc32d382f800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0002ac747570512099ca19c17f5a3b9f39697e5617a19ff2f2b2464229a50c7c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000` +- Calldata: `0x0000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000c0000000000000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000000000000000000000000000026000000000000000000000000000000000000000000000000000000000000003400000000000000000000000000000000000000000000000000000000000000420000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000005e000000000000000000000000000000000000000000000000000000000000006c000000000000000000000000000000000000000000000000000000000000007a0000000000000000000000000000000000000000000000000000000000000088000000000000000000000000000000000000000000000000000000000000009600000000000000000000000000000000000000000000000000000000000000a400000000000000000000000000000000000000000000000000000000000000b2000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f4758000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0079682c7b5af614273de79761aaad20d1c8e1a65091388b81be836632d382f800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a3cb4163d56bd850967bcf2ec1aaad20d0e470d324244e22e037d06cc32d382f800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a0002ac747570512099ca19c17f5a3b9f39697e5617a19ff2f2b2464229a50c7c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000096337327648dcfa22b014009cf10a2d5e2f305f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000044899e3b1a01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000` diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.md b/packages/protocol/script/layer1/proposals/Proposal0014.md index 73cb2b0a95..67fa56504f 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.md +++ b/packages/protocol/script/layer1/proposals/Proposal0014.md @@ -1,121 +1,101 @@ -# PROPOSAL-0014: Enable raiko2 v0.2.0 Shasta ZK Digests and Disable Legacy (Proposal0009 / Proposal0010) +# PROPOSAL-0014: Enable raiko2 v0.2.0 SP1 Shasta Digests and Disable Legacy SP1 -## Enable vs disable +## Enable vs Disable -This DAO `Execute` bundle contains **two intent blocks**: +This DAO `Execute` bundle contains two SP1-only intent blocks: -| Block | Predicate | Meaning | -| ----------- | ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **ENABLE** | `set…Trusted(..., true)` | Registers [raiko2 `v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) guest identifiers on Shasta verifier proxies—same operational style as Proposal0013 / prior digest DAO votes (see [PR #21661](https://github.com/taikoxyz/taiko-mono/pull/21661)). | -| **DISABLE** | `set…Trusted(..., false)` | **Only Shasta SP1+RISC0 verifier proxies:** revoke legacy fingerprints that Proposal0009/0010 registered via `setImageIdTrusted` / `setProgramTrusted` (**not** Proposal0009/0010 `setMrEnclave` / SGX). | +| Block | Predicate | Meaning | +| ----------- | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | +| **ENABLE** | `setProgramTrusted(..., true)` | Registers [raiko2 `v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) SP1 guest identifiers on the Shasta SP1 verifier. | +| **DISABLE** | `setProgramTrusted(..., false)` | Revokes legacy SP1 fingerprints that Proposal0009/0010 registered on the Shasta SP1 verifier. | -**Scope:** **`ENABLE`** and **`DISABLE`** each call **`RISC0_SHASTA_VERIFIER` and `SP1_SHASTA_VERIFIER` only** (digest allowlists). **DISABLE intentionally omits every `setMrEnclave` payload** from Proposal0009/Proposal0010 (SGX MR_ENCLAVE stays trusted as today). +**Scope:** this proposal only calls `SP1_SHASTA_VERIFIER`. RISC0 image IDs and SGX `setMrEnclave` trust are intentionally unchanged. -**Execution order:** ENABLE first (**6**), then DISABLE (**12**); one atomic DAO `Execute`. +**Execution order:** ENABLE first (**4**), then DISABLE (**8**); one atomic DAO `Execute`. --- -## Where to read what +## Where To Read What -| Artifact | Purpose | -| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **This file (`Proposal0014.md`)** | Human-facing spec: rationale, constants table, **how to regenerate calldata**, **verification checklist** (before and after DAO execution). Reviewers should start here. | -| [`Proposal0014.s.sol`](./Proposal0014.s.sol) | Source of truth for on-chain constants and action encoding (`abi.encodeCall`). Any change to digests happens here first. | -| [`Proposal0014.action.md`](./Proposal0014.action.md) | **Generated** DAO `Execute` calldata. Run `P=0014 pnpm proposal` from `packages/protocol` and commit the output. Do **not** hand-edit this file or it may desync from the Solidity script (same concern as discussed on [PR #21661](https://github.com/taikoxyz/taiko-mono/pull/21661)). | - -**Audience:** Core contributors, **external Security Council / reviewers**, and **automated agents** reproducing raiko2 release artifacts. External parties should treat **§ External verification** as the approval gate; **§ Verification checklist** adds taiko-mono packaging and on-chain read steps. +| Artifact | Purpose | +| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------- | +| **This file (`Proposal0014.md`)** | Human-facing spec, constants, regeneration steps, and verification checklist. | +| [`Proposal0014.s.sol`](./Proposal0014.s.sol) | Source of truth for on-chain constants and action encoding. | +| [`Proposal0014.action.md`](./Proposal0014.action.md) | Generated DAO `Execute` calldata. Regenerate with `P=0014 pnpm proposal`; do not hand-edit it. | --- ## Executive Summary -This proposal (**1**) **enables** the RISC Zero and SP1 guest digests from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** on the **Shasta-only** verifier proxies (`RISC0_SHASTA_VERIFIER`, `SP1_SHASTA_VERIFIER`), and (**2**) **disables** the legacy Shasta ZK identifier sets previously enabled under [`Proposal0009`](./Proposal0009.s.sol) and [`Proposal0010`](./Proposal0010.s.sol)—the same bytes32 revocation list Proposal0010 described for a future cleanup. - -It executes **18 L1 actions** via the DAO Controller (**6 × true**, then **12 × false**). There are **no** L2 actions, **no** contract upgrades, and **no** SGX / attestation changes. - ---- - -## Rationale - -- Provers produced from **[raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)** emit new RISC0 `image_id` and SP1 program verification key identifiers. Until those identifiers are trusted on-chain, proofs from this release cannot pass verification. +This proposal enables the SP1 guest digests from [raiko2 `v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) on the Shasta SP1 verifier, and disables legacy SP1 program identifiers previously enabled under [`Proposal0009`](./Proposal0009.s.sol) and [`Proposal0010`](./Proposal0010.s.sol). -- **Legacy cleanup:** zk:v1.16.0 (Proposal0009) and the Proposal0010 hotfix bundle remain trusted alongside newer registrars unless explicitly revoked ([Proposal0010.md](./Proposal0010.md)). The **DISABLE** block in this proposal clears those older Shasta verifier entries so proving policy tracks the exercised raiko2 line. - -- Scope remains **Shasta verifier proxies only**—no unrelated allowlist or SGX churn. - -Release highlights relevant to infra (see [release notes](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)): SP1 proving stack **6.1.0**, Boundless-related aggregation path consolidation, etc. The six ENABLE `bytes32` values are copied from that release page. +It executes **12 L1 actions** via the DAO Controller: **4 × true**, then **8 × false**. There are no L2 actions, no contract upgrades, no RISC0 allowlist changes, and no SGX / attestation changes. --- ## Technical Specification -### Verifier targets +### Verifier Target + +| Constant | Address | +| --------------------- | -------------------------------------------- | +| `SP1_SHASTA_VERIFIER` | `0x96337327648dcFA22b014009cf10A2D5E2F305f6` | -| Constant | Address | -| ----------------------- | -------------------------------------------- | -| `RISC0_SHASTA_VERIFIER` | `0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b` | -| `SP1_SHASTA_VERIFIER` | `0x96337327648dcFA22b014009cf10A2D5E2F305f6` | +### ENABLE - SP1 Guest Digests -### ENABLE — Guest digests (must match [raiko2 v0.2.0 — ZK Guest Digests](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0)) +These values must match [raiko2 v0.2.0 - ZK Guest Digests](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0). | Constant (`Proposal0014.s.sol`) | Role on release page | Value (`bytes32`) | | --------------------------------- | ----------------------------- | -------------------------------------------------------------------- | -| `RISC0_PROPOSAL_IMAGE_ID` | risc0 proposal | `0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754` | -| `RISC0_AGGREGATION_IMAGE_ID` | risc0 aggregation | `0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f` | | `SP1_PROPOSAL_VKEY_BN256` | sp1 proposal vk_bn254 | `0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580` | | `SP1_PROPOSAL_VKEY_HASH_BYTES` | sp1 proposal vk_hash_bytes | `0x65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f47580` | | `SP1_AGGREGATION_VKEY_BN256` | sp1 aggregation vk_bn254 | `0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5` | | `SP1_AGGREGATION_VKEY_HASH_BYTES` | sp1 aggregation vk_hash_bytes | `0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5` | -### DISABLE — Identifiers revoked (`false`; **SP1+RISC0 verifiers only**) +### DISABLE - Legacy SP1 Identifiers -These rows mirror **`setImageIdTrusted` / `setProgramTrusted`** from historic proposals. Proposal0009/0010 also registered SGX **`setMrEnclave(..., true)`** on attesters—that **explicitly stays out of this DAO payload** so MR_ENCLAVE trust is unchanged until a future governance item says otherwise. +These rows mirror historic `setProgramTrusted(..., true)` registrations. No historic SGX entries are included. -**Proposal0009** (ZK subset only — L1 [`Proposal0009.s.sol`](./Proposal0009.s.sol) actions 4–9, **not** SGX actions 10–12): +**Proposal0009** (SP1 subset only): | Solidity constant (`Proposal0014.s.sol`) | Hex `bytes32` | | ---------------------------------------- | -------------------------------------------------------------------- | -| `RISC0_P9_BOUNDLESS_BATCH_IMAGE_ID` | `0x779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544` | -| `RISC0_P9_BOUNDLESS_SHASTA_AGG_IMAGE_ID` | `0x26abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee7` | -| `SP1_P9_PROG_A` | `0x0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e7` | -| `SP1_P9_PROG_B` | `0x137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e7` | -| `SP1_P9_PROG_C` | `0x008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe7` | -| `SP1_P9_PROG_D` | `0x471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe7` | +| `SP1_P9_BATCH_VKEY_BN256` | `0x0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e7` | +| `SP1_P9_BATCH_VKEY_HASH_BYTES` | `0x137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e7` | +| `SP1_P9_AGG_VKEY_BN256` | `0x008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe7` | +| `SP1_P9_AGG_VKEY_HASH_BYTES` | `0x471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe7` | -**Proposal0010** (ZK subset only — [`Proposal0010.s.sol`](./Proposal0010.s.sol) L1 digest actions **0–5**, **not** attester actions 6–8): +**Proposal0010** (SP1 subset only): | Solidity constant (`Proposal0014.s.sol`) | Hex `bytes32` | | ---------------------------------------- | -------------------------------------------------------------------- | -| `RISC0_P10_BATCH_IMAGE_ID` | `0x46efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b` | -| `RISC0_P10_SHASTA_AGG_IMAGE_ID` | `0xdfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e` | | `SP1_P10_BATCH_VKEY_BN256` | `0x0079682c7b5af614273de79761aaad20d1c8e1a65091388b81be836632d382f8` | | `SP1_P10_BATCH_VKEY_HASH_BYTES` | `0x3cb4163d56bd850967bcf2ec1aaad20d0e470d324244e22e037d06cc32d382f8` | | `SP1_P10_AGG_VKEY_BN256` | `0x0002ac747570512099ca19c17f5a3b9f39697e5617a19ff2f2b2464229a50c7c` | | `SP1_P10_AGG_VKEY_HASH_BYTES` | `0x01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c` | -### L1 actions (**18 total**) +### L1 Actions -**ENABLE (6)** — `true` payloads for raiko2 v0.2.0 (same semantics as standalone digest registration proposals). +**12 total:** -**DISABLE (12)** — `false` for the twelve `bytes32` rows above (`RISC0Verifier`/`SP1Verifier` targets unchanged). +- **ENABLE (4):** `true` for the four raiko2 v0.2.0 SP1 values. +- **DISABLE (8):** `false` for the eight legacy SP1 values from Proposal0009/0010. Concrete ordering matches [`Proposal0014.s.sol`](./Proposal0014.s.sol). --- -## External verification (independent reviewers & agents) +## External Verification -### Objective (approval gate) +### Objective Approvers distinguish two evidence tracks: -**ENABLE (six values):** an external verifier **MUST** prove that each `bytes32` in **§ ENABLE** / the YAML normative block is produced by building ZK guests at [raiko2 `v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) (**reproducible output from the tag**—or bit-identical CI logs—as the strong bar; the release web table remains a sanity cross-check). +**ENABLE (four values):** prove that each SP1 `bytes32` in the ENABLE block is produced by building or attesting raiko2 guests at [`v0.2.0`](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0). The release page is a sanity cross-check; reproducible output or CI logs for the tag are the stronger evidence. -**DISABLE (twelve values):** these **must** match the verified historical payloads from **`Proposal0009.s.sol`** (ZK actions **4–9**) and **`Proposal0010.s.sol`** for their `..., true)` registrations—**no raiko rebuild is required.** Before execution they should currently read **`true`** on-chain; after execution **`false`** (see **§ B**). +**DISABLE (eight values):** verify that each legacy `bytes32` matches historical SP1 `setProgramTrusted(..., true)` payloads from `Proposal0009.s.sol` and `Proposal0010.s.sol`. No raiko rebuild is required for the DISABLE list. -### Canonical release cut (machine-oriented) - -Use these as stable inputs for the **six ENABLE IDs** above; **resolve the tag to a commit** locally—do not assume a hard-coded commit in this doc if the tag ever moves. +### Canonical Release Cut | Field | Value | | -------------------- | ------------------------------------------------------ | @@ -124,91 +104,58 @@ Use these as stable inputs for the **six ENABLE IDs** above; **resolve the tag t | `RAIKO2_RELEASE_URL` | https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0 | | `RAIKO2_TREE_URL` | https://github.com/taikoxyz/raiko2/tree/v0.2.0 | -Record `RAIKO2_COMMIT` after checkout: +Resolve the tag locally before attesting outputs: ```bash git clone --branch "$RAIKO2_TAG" --depth 1 "$RAIKO2_REPO" raiko2-verify cd raiko2-verify -git rev-parse HEAD # this is RAIKO2_COMMIT; compare with the commit GitHub shows for the release/tag +git rev-parse HEAD ``` -If `RAIKO2_COMMIT` does not match the commit associated with `v0.2.0` on GitHub, **stop** and reconcile (detached tag, mirror lag, or wrong ref). - -### Normative ENABLE digests (**six** values; must all match after reproduction) - -For the **`true`** block only—values **MUST** equal each of: (1) your reproduced build output, (2) the [v0.2.0 release **ZK Guest Digests** table](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0), (3) [`Proposal0014.s.sol`](./Proposal0014.s.sol). Compare as **case-insensitive hex** for `0x` + 64 hex digits. +### Normative ENABLE Digests ```yaml -# Normative bytes32 (64 hex chars after 0x). For agents: parse and compare to build output. -proposal_0014_expected_guest_digests: - risc0_proposal_image_id: "0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754" - risc0_aggregation_image_id: "0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f" +proposal_0014_expected_sp1_digests: sp1_proposal_vk_bn254: "0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580" sp1_proposal_vk_hash_bytes: "0x65d99c8609da591962e1babb2c119dc76abced3e41a6beb80f100df356f47580" sp1_aggregation_vk_bn254: "0x001e209da7d70983b826d88cb227861d1263435fe54fad6e4e5d83c593ee94c5" sp1_aggregation_vk_hash_bytes: "0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5" ``` -Mapping to **Solidity** symbols in `Proposal0014.s.sol`: `RISC0_PROPOSAL_IMAGE_ID`, `RISC0_AGGREGATION_IMAGE_ID`, `SP1_PROPOSAL_VKEY_BN256`, `SP1_PROPOSAL_VKEY_HASH_BYTES`, `SP1_AGGREGATION_VKEY_BN256`, `SP1_AGGREGATION_VKEY_HASH_BYTES`. +Mapping to Solidity symbols in `Proposal0014.s.sol`: `SP1_PROPOSAL_VKEY_BN256`, `SP1_PROPOSAL_VKEY_HASH_BYTES`, `SP1_AGGREGATION_VKEY_BN256`, `SP1_AGGREGATION_VKEY_HASH_BYTES`. -### Reproduction procedure (follow raiko2 at `v0.2.0`) +### Pass / Fail Gates -The exact shell commands depend on how **taikoxyz/raiko2** documents guest builds at that tag. Verifiers **SHALL**: +| Gate | Check | +| ----------------------- | --------------------------------------------------------------------------------------------------------------------------------- | +| **G1** | `RAIKO2_TAG` checks out to the commit associated with GitHub's `v0.2.0` release. | +| **G2** | Reproduced or CI-attested build emits the four SP1 ENABLE digests; each equals the YAML entry and a line in `Proposal0014.s.sol`. | +| **G3** | Same four values appear on the raiko2 v0.2.0 release page under ZK Guest Digests. | +| **G4** (pre-execution) | Each legacy SP1 `bytes32` in DISABLE is currently trusted on-chain or otherwise reconciled before approval. | +| **G5** (post-execution) | ENABLE SP1 digests read `true`; DISABLE SP1 digests read `false` through `isProgramTrusted(bytes32)`. | -1. **Read** at minimum `README.md` (and any `docs/` or `CONTRIBUTING.md` linked from it) **at** `RAIKO2_TAG`. -2. **Inspect** CI under [`.github/workflows/`](https://github.com/taikoxyz/raiko2/tree/v0.2.0/.github/workflows) for the **job that builds guests / prints image IDs and SP1 vkeys** (search for `image_id`, `guest`, `sp1`, `risc0`, `digest`, `vk_bn254`, `hash_bytes`). Re-run the same command sequence in a clean environment, or treat **published CI logs for a workflow run on `RAIKO2_COMMIT`** as equivalent if your policy allows it. -3. **Extract** from build output (or CI log) the six identifiers corresponding to: - - RISC0 **proposal** guest `image_id` - - RISC0 **aggregation** guest `image_id` - - SP1 **proposal** `vk_bn254` and `vk_hash_bytes` - - SP1 **aggregation** `vk_bn254` and `vk_hash_bytes` -4. **Assert** all six equal the YAML block above (and thus the release page and `Proposal0014.s.sol`). - -If the repository does not print all six in one command, use the **documented** split steps (e.g. separate RISC0 vs SP1 targets); the union must still match the YAML. - -### Pass / fail gates (agent checklist) - -| Gate | Check | -| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **G1** | `RAIKO2_TAG` checks out to `RAIKO2_COMMIT` consistent with GitHub’s `v0.2.0` release. | -| **G2** | Reproduced (or CI-attested) build emits the **six ENABLE** digests; each equals the YAML entry **and** a line in [`Proposal0014.s.sol`](./Proposal0014.s.sol). | -| **G3** | Same six values appear on [raiko2 v0.2.0 release](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0) under **ZK Guest Digests**. | -| **G4** (pre-execution) | Chain reads / Etherscan: each legacy `bytes32` in **§ DISABLE** is **`true`** today (Proposal0009/0010). | -| **G5** (post-execution) | **ENABLE** digests decode to **`true`**; **DISABLE** rows decode to **`false`** (`isImageTrusted` / `isProgramTrusted`; see checklist **§ B**). | - -**Fail closed:** if **ENABLE** reproduction or release parity (**G2**/**G3**) fails, halt; if **G4** shows a legacy marker already **`false`** on mainnet, reconcile upstream revocations before approving; fix documentation or Solidity before approving any persistent mismatch after execution (**G5**). - -### What this proposal does _not_ require external verifiers to do - -- Rebuild historic **zk:v1.16.0** or Proposal0010 **hotfix** guests to attest the DISABLE list—anchor cross-check on Proposal0009/0010 Solidity and pre-/post-chain reads instead. - -- Rebuild **taiko-mono** protocol contracts to “derive” digests (digests come from **raiko2** guests). -- Trust **only** this Markdown file: always anchor on **tag + raiko2 build** and on-chain constants in `.s.sol`. +Fail closed if ENABLE reproduction or release parity fails. If any legacy marker is already false before execution, reconcile upstream revocations before approving. --- -## How to run (local / CI) - -Environment: **repo root monorepo** with `pnpm` installed; Solidity script uses **`FOUNDRY_PROFILE=layer1`** (wired in npm scripts). +## How To Run -### Step 1 — Install deps (once per machine) +Environment: monorepo root with `pnpm` installed; Solidity script uses `FOUNDRY_PROFILE=layer1`. -From monorepo root: +### Step 1 - Install Dependencies ```bash pnpm install ``` -### Step 2 — Compile (`packages/protocol`) +### Step 2 - Compile ```bash cd packages/protocol FOUNDRY_PROFILE=layer1 forge build --contracts script/layer1/proposals/Proposal0014.s.sol ``` -(Optional sanity: full `pnpm compile:l1`.) - -### Step 3 — Regenerate DAO action markdown (**required** after any `.s.sol` change) +### Step 3 - Regenerate DAO Action Markdown ```bash cd packages/protocol @@ -218,70 +165,37 @@ P=0014 pnpm proposal Expected outcome: - Console prints the DAO `Execute` calldata snippet. -- File `packages/protocol/script/layer1/proposals/Proposal0014.action.md` is **overwritten**. -- Diff the regenerated `Proposal0014.action.md` with git; commit it together with Solidity changes. +- `packages/protocol/script/layer1/proposals/Proposal0014.action.md` is overwritten. +- Commit the regenerated action markdown together with Solidity changes. -### Step 4 — Dry-run on L1 (mainnet RPC) - -Uses the npm script wrapper (Ethereum mainnet `chain-id=1`; RPC is pinned in [`packages/protocol/package.json`](../../../package.json) `proposal:dryrun:l1`): +### Step 4 - Dry-Run On L1 ```bash cd packages/protocol P=0014 pnpm proposal:dryrun:l1 ``` -Expected: the script completes per `BuildProposal` / controller `dryrun` behavior (successful dryrun completes with `DryrunSucceeded()` on that code path). - -To use a **different RPC** (fork or paid endpoint), invoke `forge script` manually with `--rpc-url` per your ops policy, matching `MODE=l1dryrun` and `--chain-id=1` behavior from the npm script. +Expected: the script completes per `BuildProposal` / controller dryrun behavior. --- -## Verification checklist +## Verification Checklist -### A. Before DAO submission / before merging this PR +### A. Before DAO Submission / Before Merging -0. **External gate** — Complete **§ External verification**. Automation should ideally cover **G1–G5** (ENABLE reproduction **and** DISABLE cross-check paths). +1. Complete the external verification gates G1-G5. +2. Compare the four SP1 v0.2.0 ENABLE values against the raiko2 release page and `Proposal0014.s.sol`. +3. Confirm the eight DISABLE values match Proposal0009/0010 SP1 registrations. +4. Run `P=0014 pnpm proposal` after any `.s.sol` change. +5. Run the L1 dryrun with `P=0014 pnpm proposal:dryrun:l1`. -1. **Release parity (manual)** — Open [raiko2 v0.2.0](https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0). Copy each line under **ZK Guest Digests** and confirm **byte-for-byte** equality with [`Proposal0014.s.sol`](./Proposal0014.s.sol). Use this mapping between release wording and Solidity names: +### B. After Governance Execution - - Release “risc0 proposal `image_id`” → `RISC0_PROPOSAL_IMAGE_ID` - - Release “risc0 aggregation `image_id`” → `RISC0_AGGREGATION_IMAGE_ID` - - Release “sp1 proposal `vk_bn254`” → `SP1_PROPOSAL_VKEY_BN256` - - Release “sp1 proposal `vk_hash_bytes`” → `SP1_PROPOSAL_VKEY_HASH_BYTES` - - Release “sp1 aggregation `vk_bn254`” → `SP1_AGGREGATION_VKEY_BN256` - - Release “sp1 aggregation `vk_hash_bytes`” → `SP1_AGGREGATION_VKEY_HASH_BYTES` - -2. **Release tag metadata** — On the release page, confirm tag **v0.2.0** and referenced commit (**e.g. `f5d4665`** on the release timeline) matches the build you intend to attest (if release is retagged, re-verify digests). - -3. **Rebuild `Proposal0014.action.md` from source** — After checking constants, run **Step 3** above so `Proposal0014.action.md` cannot drift from `.s.sol`. - -4. **L1 dryrun** — Run **Step 4** above on a workstation with Foundry configured. - -5. **DISABLE cross-check** — Confirm every **`false`** digest in **`Proposal0014.s.sol`** still matches Proposal0009/0010’s historical `..., true)` registrations (grep / diff against [`Proposal0009.s.sol`](./Proposal0009.s.sol) actions 4–9 and [`Proposal0010.s.sol`](./Proposal0010.s.sol) ZK block). - -### B. After governance execution on mainnet (`cast read`) - -The verifiers expose public getters: - -- RISC0: `isImageTrusted(bytes32) → bool` -- SP1: `isProgramTrusted(bytes32) → bool` +The SP1 verifier exposes `isProgramTrusted(bytes32) -> bool`. Replace `$RPC_URL` with a trustworthy mainnet JSON-RPC endpoint. -**ENABLE — raiko2 v0.2.0 (expect `true` after execution)** - -RISC0: - -```bash -R=0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b - -cast call "$R" 'isImageTrusted(bytes32)(bool)' \ - 0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754 --rpc-url "$RPC_URL" -cast call "$R" 'isImageTrusted(bytes32)(bool)' \ - 0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f --rpc-url "$RPC_URL" -``` - -SP1: +**ENABLE - raiko2 v0.2.0 SP1 values, expect `true` after execution:** ```bash S=0x96337327648dcFA22b014009cf10A2D5E2F305f6 @@ -296,24 +210,7 @@ cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ 0x0f104ed375c260ee04db1196227861d1131a1aff153eb5b91cbb078b13ee94c5 --rpc-url "$RPC_URL" ``` -Expect **`true`** for each call **after** the DAO executes Proposal0014. - -**DISABLE — Proposal0009 / Proposal0010 ZK bundles (expect `false` after execution)** - -RISC0 (same `$R`; four image IDs revoked across P9+P10): - -```bash -cast call "$R" 'isImageTrusted(bytes32)(bool)' \ - 0x779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544 --rpc-url "$RPC_URL" -cast call "$R" 'isImageTrusted(bytes32)(bool)' \ - 0x26abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee7 --rpc-url "$RPC_URL" -cast call "$R" 'isImageTrusted(bytes32)(bool)' \ - 0x46efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b --rpc-url "$RPC_URL" -cast call "$R" 'isImageTrusted(bytes32)(bool)' \ - 0xdfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e --rpc-url "$RPC_URL" -``` - -SP1 (same `$S`; eight program keys revoked across P9+P10): +**DISABLE - Proposal0009 / Proposal0010 legacy SP1 values, expect `false` after execution:** ```bash cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ @@ -334,12 +231,6 @@ cast call "$S" 'isProgramTrusted(bytes32)(bool)' \ 0x01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c --rpc-url "$RPC_URL" ``` -Expect **`false`** for each DISABLE row **after** execution (and typically **`true`** immediately **before**, per **G4**). - -### C. Reproduce digests (required for external sign-off; optional for merge-only QA) - -Fully specified under **§ External verification**. Shortcut: clone [taikoxyz/raiko2](https://github.com/taikoxyz/raiko2) at **`v0.2.0`**, follow README / docs / workflows at that tag, extract the six guest identifiers, and assert equality with the **YAML normative block** above and [`Proposal0014.s.sol`](./Proposal0014.s.sol). - --- ## Security Contacts diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol index 22ccde415b..5510737b06 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol +++ b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol @@ -2,29 +2,21 @@ pragma solidity ^0.8.24; import "../governance/BuildProposal.sol"; -import "src/layer1/verifiers/Risc0Verifier.sol"; import "src/layer1/verifiers/SP1Verifier.sol"; // To print the proposal action data: `P=0014 pnpm proposal` // To dryrun the proposal actions on L1: `P=0014 pnpm proposal:dryrun:l1` // -// ENABLE: Registers ZK guest digests from raiko2 v0.2.0 on Shasta verifiers only (`true`). +// ENABLE: Registers SP1 guest digests from raiko2 v0.2.0 on the Shasta SP1 verifier (`true`). // Source: https://github.com/taikoxyz/raiko2/releases/tag/v0.2.0 // -// DISABLE: Revokes legacy Shasta ZK digests from Proposal0009 (zk:v1.16.0) and Proposal0010 -// (emergency hotfix). Targets ONLY `RISC0_SHASTA_VERIFIER` and `SP1_SHASTA_VERIFIER` -// (`setImageIdTrusted` / `setProgramTrusted` with false). Proposal0009/0010 `setMrEnclave` -// entries on attesters are NOT included. +// DISABLE: Revokes legacy Shasta SP1 digests from Proposal0009 (zk:v1.16.0) and Proposal0010 +// (emergency hotfix). Targets ONLY `SP1_SHASTA_VERIFIER` (`setProgramTrusted` with false). +// RISC0 image IDs and Proposal0009/0010 `setMrEnclave` entries on attesters are NOT included. contract Proposal0014 is BuildProposal { address public constant SP1_SHASTA_VERIFIER = 0x96337327648dcFA22b014009cf10A2D5E2F305f6; - address public constant RISC0_SHASTA_VERIFIER = 0x059dAF31F571da48Ab4e74Ae12F64f907681Cd8b; - // --- ENABLE: raiko2 v0.2.0 (release ZK Guest Digests) --- - - bytes32 public constant RISC0_PROPOSAL_IMAGE_ID = - bytes32(0x588c81521db5bef5e07f5beab37f1f0b2bba925ac82e733db7cc72e046362754); - bytes32 public constant RISC0_AGGREGATION_IMAGE_ID = - bytes32(0x91ddc48054ff4ec62a93bfa0583582d0e04de6ab3928e51e0ea3ee523fee129f); + // --- ENABLE: raiko2 v0.2.0 (release SP1 guest digests) --- bytes32 public constant SP1_PROPOSAL_VKEY_BN256 = bytes32(0x00cbb3390c27696467170dd5dac119dc7d579da7d069afae078806f9d6f47580); @@ -38,25 +30,17 @@ contract Proposal0014 is BuildProposal { // --- DISABLE: Proposal0009 (Proposal0009.s.sol L1 ZK actions 4–9) --- - bytes32 public constant RISC0_P9_BOUNDLESS_BATCH_IMAGE_ID = - bytes32(0x779c032b91d0730ef13b26eafa47b32df7ebdaa4ed766d587fe905530afa2544); - bytes32 public constant RISC0_P9_BOUNDLESS_SHASTA_AGG_IMAGE_ID = - bytes32(0x26abb0237d10e891443e2a76bd3c1f6704c1ad03c07cb2165f4afcfc64b3cee7); - bytes32 public constant SP1_P9_PROG_A = + bytes32 public constant SP1_P9_BATCH_VKEY_BN256 = bytes32(0x0026ff63d649779a5dbc88c3359ab83399a21fb6ef9b7ec082f77a8a465806e7); - bytes32 public constant SP1_P9_PROG_B = + bytes32 public constant SP1_P9_BATCH_VKEY_HASH_BYTES = bytes32(0x137fb1eb125de6973791186659ab83394d10fdb73e6dfb0205eef514465806e7); - bytes32 public constant SP1_P9_PROG_C = + bytes32 public constant SP1_P9_AGG_VKEY_BN256 = bytes32(0x008e24716118be9594358d8882d93d5425f0827cf0a7a4fd0ea2fc4414debfe7); - bytes32 public constant SP1_P9_PROG_D = + bytes32 public constant SP1_P9_AGG_VKEY_HASH_BYTES = bytes32(0x471238b0462fa56506b1b1102d93d5422f8413e7429e93f41d45f88814debfe7); // --- DISABLE: Proposal0010 (`Proposal0010.s.sol`) --- - bytes32 public constant RISC0_P10_BATCH_IMAGE_ID = - bytes32(0x46efe5e0c74976548ee6856789fbfb4929b8f2f9118a119c57ced6e1062e727b); - bytes32 public constant RISC0_P10_SHASTA_AGG_IMAGE_ID = - bytes32(0xdfbce2039ad8b78b236b5a9dceba5d8cee0d9e4638fc8f1fe11a0b2d8bfa039e); bytes32 public constant SP1_P10_BATCH_VKEY_BN256 = bytes32(0x0079682c7b5af614273de79761aaad20d1c8e1a65091388b81be836632d382f8); bytes32 public constant SP1_P10_BATCH_VKEY_HASH_BYTES = @@ -67,118 +51,72 @@ contract Proposal0014 is BuildProposal { bytes32(0x01563a3a5c1448263943382f75a3b9f34b4bf2b05e867fcb65648c8429a50c7c); function buildL1Actions() internal pure override returns (Controller.Action[] memory actions) { - actions = new Controller.Action[](18); + actions = new Controller.Action[](12); // --- ENABLE: raiko2 v0.2.0 --- actions[0] = Controller.Action({ - target: RISC0_SHASTA_VERIFIER, - value: 0, - data: abi.encodeCall(Risc0Verifier.setImageIdTrusted, (RISC0_PROPOSAL_IMAGE_ID, true)) - }); - actions[1] = Controller.Action({ - target: RISC0_SHASTA_VERIFIER, - value: 0, - data: abi.encodeCall( - Risc0Verifier.setImageIdTrusted, (RISC0_AGGREGATION_IMAGE_ID, true) - ) - }); - actions[2] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_BN256, true)) }); - actions[3] = Controller.Action({ + actions[1] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall( - SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_HASH_BYTES, true) - ) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_HASH_BYTES, true)) }); - actions[4] = Controller.Action({ + actions[2] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_BN256, true)) }); - actions[5] = Controller.Action({ + actions[3] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall( - SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_HASH_BYTES, true) - ) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_HASH_BYTES, true)) }); // --- DISABLE: Proposal0009 Shasta ZK digests --- - actions[6] = Controller.Action({ - target: RISC0_SHASTA_VERIFIER, - value: 0, - data: abi.encodeCall( - Risc0Verifier.setImageIdTrusted, (RISC0_P9_BOUNDLESS_BATCH_IMAGE_ID, false) - ) - }); - actions[7] = Controller.Action({ - target: RISC0_SHASTA_VERIFIER, - value: 0, - data: abi.encodeCall( - Risc0Verifier.setImageIdTrusted, (RISC0_P9_BOUNDLESS_SHASTA_AGG_IMAGE_ID, false) - ) - }); - actions[8] = Controller.Action({ + actions[4] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_PROG_A, false)) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_BATCH_VKEY_BN256, false)) }); - actions[9] = Controller.Action({ + actions[5] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_PROG_B, false)) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_BATCH_VKEY_HASH_BYTES, false)) }); - actions[10] = Controller.Action({ + actions[6] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_PROG_C, false)) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_AGG_VKEY_BN256, false)) }); - actions[11] = Controller.Action({ + actions[7] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_PROG_D, false)) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_AGG_VKEY_HASH_BYTES, false)) }); // --- DISABLE: Proposal0010 Shasta ZK digests --- - actions[12] = Controller.Action({ - target: RISC0_SHASTA_VERIFIER, - value: 0, - data: abi.encodeCall(Risc0Verifier.setImageIdTrusted, (RISC0_P10_BATCH_IMAGE_ID, false)) - }); - actions[13] = Controller.Action({ - target: RISC0_SHASTA_VERIFIER, - value: 0, - data: abi.encodeCall( - Risc0Verifier.setImageIdTrusted, (RISC0_P10_SHASTA_AGG_IMAGE_ID, false) - ) - }); - actions[14] = Controller.Action({ + actions[8] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_BN256, false)) }); - actions[15] = Controller.Action({ + actions[9] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall( - SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_HASH_BYTES, false) - ) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_HASH_BYTES, false)) }); - actions[16] = Controller.Action({ + actions[10] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P10_AGG_VKEY_BN256, false)) }); - actions[17] = Controller.Action({ + actions[11] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall( - SP1Verifier.setProgramTrusted, (SP1_P10_AGG_VKEY_HASH_BYTES, false) - ) + data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P10_AGG_VKEY_HASH_BYTES, false)) }); } } From c8387bbe1efc99deb6711dadd8f79736b55e87a9 Mon Sep 17 00:00:00 2001 From: smtmfft <99081233+smtmfft@users.noreply.github.com> Date: Thu, 28 May 2026 16:22:02 +0000 Subject: [PATCH 8/8] Update protocol generated artifacts --- .../layer1/proposals/Proposal0014.s.sol | 20 ++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol index 5510737b06..baf7bfaa1f 100644 --- a/packages/protocol/script/layer1/proposals/Proposal0014.s.sol +++ b/packages/protocol/script/layer1/proposals/Proposal0014.s.sol @@ -62,7 +62,9 @@ contract Proposal0014 is BuildProposal { actions[1] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_HASH_BYTES, true)) + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_PROPOSAL_VKEY_HASH_BYTES, true) + ) }); actions[2] = Controller.Action({ target: SP1_SHASTA_VERIFIER, @@ -72,7 +74,9 @@ contract Proposal0014 is BuildProposal { actions[3] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_HASH_BYTES, true)) + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_AGGREGATION_VKEY_HASH_BYTES, true) + ) }); // --- DISABLE: Proposal0009 Shasta ZK digests --- @@ -84,7 +88,9 @@ contract Proposal0014 is BuildProposal { actions[5] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P9_BATCH_VKEY_HASH_BYTES, false)) + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_P9_BATCH_VKEY_HASH_BYTES, false) + ) }); actions[6] = Controller.Action({ target: SP1_SHASTA_VERIFIER, @@ -106,7 +112,9 @@ contract Proposal0014 is BuildProposal { actions[9] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_HASH_BYTES, false)) + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_P10_BATCH_VKEY_HASH_BYTES, false) + ) }); actions[10] = Controller.Action({ target: SP1_SHASTA_VERIFIER, @@ -116,7 +124,9 @@ contract Proposal0014 is BuildProposal { actions[11] = Controller.Action({ target: SP1_SHASTA_VERIFIER, value: 0, - data: abi.encodeCall(SP1Verifier.setProgramTrusted, (SP1_P10_AGG_VKEY_HASH_BYTES, false)) + data: abi.encodeCall( + SP1Verifier.setProgramTrusted, (SP1_P10_AGG_VKEY_HASH_BYTES, false) + ) }); } }