fix(gateway-contracts): make getCiphertextMaterials backward compatible with fhevm 0.7 (#791)

* fix(gateway-contracts): make getCiphertextMaterials backward compatible with fhevm 0.7

Author: melanciani

.github/workflows/gateway-contracts-upgrade-tests.yml

@@ -45,7 +45,7 @@ jobs:
         with:
           # This version should be updated whenever we release new contract versions or
           # touch a contract upgrade path.
-          ref: v0.7.4
+          ref: v0.8.0-4
           path: previous-fhevm
           persist-credentials: 'false'
 
@@ -123,33 +123,37 @@ jobs:
           npx hardhat task:deployEmptyUUPSProxies
           docker cp deploy-gateway-contracts:/app/addresses ./
 
-      - name: Upgrade GatewayConfig contract
-        working-directory: current-fhevm/gateway-contracts
-        env:
-          DOTENV_CONFIG_PATH: .env
-          HARDHAT_NETWORK: staging
-          CHAIN_ID_GATEWAY: 54321
-          RPC_URL: http://localhost:8546
-        run: |
-          npx hardhat task:upgradeGatewayConfig \
-            --current-implementation previous-contracts/GatewayConfig.sol:GatewayConfig \
-            --new-implementation contracts/GatewayConfig.sol:GatewayConfig \
-            --use-internal-proxy-address true \
-            --verify-contract false
-
-      - name: Upgrade Decryption contract
-        working-directory: current-fhevm/gateway-contracts
-        env:
-          DOTENV_CONFIG_PATH: .env
-          HARDHAT_NETWORK: staging
-          CHAIN_ID_GATEWAY: 54321
-          RPC_URL: http://localhost:8546
-        run: |
-          npx hardhat task:upgradeDecryption \
-            --current-implementation previous-contracts/Decryption.sol:Decryption \
-            --new-implementation contracts/Decryption.sol:Decryption \
-            --use-internal-proxy-address true \
-            --verify-contract false
+      # TODO: We should instead automatically detect if the contract needs to be upgraded
+      #  See https://github.com/zama-ai/fhevm-internal/issues/379
+      # - name: Upgrade GatewayConfig contract
+      #   working-directory: current-fhevm/gateway-contracts
+      #   env:
+      #     DOTENV_CONFIG_PATH: .env
+      #     HARDHAT_NETWORK: staging
+      #     CHAIN_ID_GATEWAY: 54321
+      #     RPC_URL: http://localhost:8546
+      #   run: |
+      #     npx hardhat task:upgradeGatewayConfig \
+      #       --current-implementation previous-contracts/GatewayConfig.sol:GatewayConfig \
+      #       --new-implementation contracts/GatewayConfig.sol:GatewayConfig \
+      #       --use-internal-proxy-address true \
+      #       --verify-contract false
+
+      # TODO: We should instead automatically detect if the contract needs to be upgraded
+      #  See https://github.com/zama-ai/fhevm-internal/issues/379
+      # - name: Upgrade Decryption contract
+      #   working-directory: current-fhevm/gateway-contracts
+      #   env:
+      #     DOTENV_CONFIG_PATH: .env
+      #     HARDHAT_NETWORK: staging
+      #     CHAIN_ID_GATEWAY: 54321
+      #     RPC_URL: http://localhost:8546
+      #   run: |
+      #     npx hardhat task:upgradeDecryption \
+      #       --current-implementation previous-contracts/Decryption.sol:Decryption \
+      #       --new-implementation contracts/Decryption.sol:Decryption \
+      #       --use-internal-proxy-address true \
+      #       --verify-contract false
 
       - name: Upgrade CiphertextCommits contract
         working-directory: current-fhevm/gateway-contracts
@@ -165,6 +169,54 @@ jobs:
             --use-internal-proxy-address true \
             --verify-contract false
 
+      # TODO: We should instead automatically detect if the contract needs to be upgraded
+      #  See https://github.com/zama-ai/fhevm-internal/issues/379
+      # - name: Upgrade InputVerification contract
+      #   working-directory: current-fhevm/gateway-contracts
+      #   env:
+      #     DOTENV_CONFIG_PATH: .env
+      #     HARDHAT_NETWORK: staging
+      #     CHAIN_ID_GATEWAY: 54321
+      #     RPC_URL: http://localhost:8546
+      #   run: |
+      #     npx hardhat task:upgradeInputVerification \
+      #       --current-implementation previous-contracts/InputVerification.sol:InputVerification \
+      #       --new-implementation contracts/InputVerification.sol:InputVerification \
+      #       --use-internal-proxy-address true \
+      #       --verify-contract false
+
+      # TODO: We should instead automatically detect if the contract needs to be upgraded
+      #  See https://github.com/zama-ai/fhevm-internal/issues/379
+      # - name: Upgrade MultichainAcl contract
+      #   working-directory: current-fhevm/gateway-contracts
+      #   env:
+      #     DOTENV_CONFIG_PATH: .env
+      #     HARDHAT_NETWORK: staging
+      #     CHAIN_ID_GATEWAY: 54321
+      #     RPC_URL: http://localhost:8546
+      #   run: |
+      #     npx hardhat task:upgradeMultichainAcl \
+      #       --current-implementation previous-contracts/MultichainAcl.sol:MultichainAcl \
+      #       --new-implementation contracts/MultichainAcl.sol:MultichainAcl \
+      #       --use-internal-proxy-address true \
+      #       --verify-contract false
+
+      # TODO: We should instead automatically detect if the contract needs to be upgraded
+      #  See https://github.com/zama-ai/fhevm-internal/issues/379
+      # - name: Upgrade KmsManagement contract
+      #   working-directory: current-fhevm/gateway-contracts
+      #   env:
+      #     DOTENV_CONFIG_PATH: .env
+      #     HARDHAT_NETWORK: staging
+      #     CHAIN_ID_GATEWAY: 54321
+      #     RPC_URL: http://localhost:8546
+      #   run: |
+      #     npx hardhat task:upgradeKmsManagement \
+      #       --current-implementation previous-contracts/KmsManagement.sol:KmsManagement \
+      #       --new-implementation contracts/KmsManagement.sol:KmsManagement \
+      #       --use-internal-proxy-address true \
+      #       --verify-contract false
+
       - name: Clean up
         working-directory: previous-fhevm/gateway-contracts
         if: always()

gateway-contracts/contracts/CiphertextCommits.sol

@@ -33,12 +33,12 @@ contract CiphertextCommits is
     /// @dev they can still define their own private constants with the same name.
     string private constant CONTRACT_NAME = "CiphertextCommits";
     uint256 private constant MAJOR_VERSION = 0;
-    uint256 private constant MINOR_VERSION = 2;
+    uint256 private constant MINOR_VERSION = 3;
     uint256 private constant PATCH_VERSION = 0;
 
     /// Constant used for making sure the version number using in the `reinitializer` modifier is
     /// identical between `initializeFromEmptyProxy` and the reinitializeVX` method
-    uint64 private constant REINITIALIZER_VERSION = 3;
+    uint64 private constant REINITIALIZER_VERSION = 4;
 
     /// @notice The contract's variable storage struct (@dev see ERC-7201)
     /// @custom:storage-location erc7201:fhevm_gateway.storage.CiphertextCommits
@@ -50,8 +50,8 @@ contract CiphertextCommits is
         /// @notice The key IDs used for generating the ciphertext.
         /// @dev It's necessary in case new keys are generated: we need to know what key to use for using a ciphertext.
         mapping(bytes32 ctHandle => uint256 keyId) _keyIds;
-        /// @notice The chain IDs associated to the ciphertext handle.
-        mapping(bytes32 ctHandle => uint256 chainId) _chainIds; // deprecated
+        /// @notice DEPRECATED
+        mapping(bytes32 ctHandle => uint256 chainId) _chainIds; // DEPRECATED
         /// @notice The mapping of already added ciphertexts tied to the given handle.
         mapping(bytes32 ctHandle => bool isAdded) _isCiphertextMaterialAdded;
         /// @notice The counter of confirmations received for a ciphertext to be added.
@@ -91,11 +91,11 @@ contract CiphertextCommits is
     }
 
     /**
-     * @notice Re-initializes the contract from V1.
+     * @notice Re-initializes the contract from V2.
      */
     /// @custom:oz-upgrades-unsafe-allow missing-initializer-call
     /// @custom:oz-upgrades-validate-as-initializer
-    function reinitializeV2() public virtual reinitializer(REINITIALIZER_VERSION) {}
+    function reinitializeV3() public virtual reinitializer(REINITIALIZER_VERSION) {}
 
     /// @notice See {ICiphertextCommits-addCiphertextMaterial}.
     /// @dev This function calls the GatewayConfig contract to check that the sender address is a Coprocessor.
@@ -179,17 +179,31 @@ contract CiphertextCommits is
         ctMaterials = new CiphertextMaterial[](ctHandles.length);
 
         for (uint256 i = 0; i < ctHandles.length; i++) {
+            // Check that the consensus has been reached
             checkCiphertextMaterial(ctHandles[i]);
 
             // Get the unique hash associated to the handle in order to retrieve the list of coprocessor
             // transaction sender address that were involved in the consensus
             bytes32 addCiphertextHash = $._ctHandleConsensusHash[ctHandles[i]];
 
+            // If the consensus has been reached but the hash is 0x0, it means that the handle has been
+            // added in V1: the handle was used to retrieve the list of transaction sender addresses
+            // instead of the hash
+            // We therefore consider this in order to be backward compatible.
+            // To be deprecated
+            // See https://github.com/zama-ai/fhevm-internal/issues/381
+            address[] memory coprocessorTxSenderAddresses;
+            if (addCiphertextHash == bytes32(0)) {
+                coprocessorTxSenderAddresses = $._coprocessorTxSenderAddresses[ctHandles[i]];
+            } else {
+                coprocessorTxSenderAddresses = $._coprocessorTxSenderAddresses[addCiphertextHash];
+            }
+
             ctMaterials[i] = CiphertextMaterial(
                 ctHandles[i],
                 $._keyIds[ctHandles[i]],
                 $._ciphertextDigests[ctHandles[i]],
-                $._coprocessorTxSenderAddresses[addCiphertextHash]
+                coprocessorTxSenderAddresses
             );
         }
 
@@ -204,17 +218,31 @@ contract CiphertextCommits is
         snsCtMaterials = new SnsCiphertextMaterial[](ctHandles.length);
 
         for (uint256 i = 0; i < ctHandles.length; i++) {
+            // Check that the consensus has been reached
             checkCiphertextMaterial(ctHandles[i]);
 
             // Get the unique hash associated to the handle in order to retrieve the list of transaction
             // sender address that participated in the consensus
             bytes32 addCiphertextHash = $._ctHandleConsensusHash[ctHandles[i]];
 
+            // If the consensus has been reached but the hash is 0x0, it means that the handle has been
+            // added in V1: the handle was used to retrieve the list of transaction sender addresses
+            // instead of the hash
+            // We therefore consider this in order to be backward compatible.
+            // To be deprecated
+            // See https://github.com/zama-ai/fhevm-internal/issues/381
+            address[] memory coprocessorTxSenderAddresses;
+            if (addCiphertextHash == bytes32(0)) {
+                coprocessorTxSenderAddresses = $._coprocessorTxSenderAddresses[ctHandles[i]];
+            } else {
+                coprocessorTxSenderAddresses = $._coprocessorTxSenderAddresses[addCiphertextHash];
+            }
+
             snsCtMaterials[i] = SnsCiphertextMaterial(
                 ctHandles[i],
                 $._keyIds[ctHandles[i]],
                 $._snsCiphertextDigests[ctHandles[i]],
-                $._coprocessorTxSenderAddresses[addCiphertextHash]
+                coprocessorTxSenderAddresses
             );
         }
 
@@ -235,6 +263,16 @@ contract CiphertextCommits is
         // This digest remains the default value (0x0) until the consensus is reached.
         bytes32 addCiphertextHash = $._ctHandleConsensusHash[ctHandle];
 
+        // If the consensus has been reached but the hash is 0x0, it means that the handle has been
+        // added in V1: the handle was used to retrieve the list of transaction sender addresses
+        // instead of the hash
+        // We therefore consider this in order to be backward compatible.
+        // DEPRECATED: to remove before mainnet
+        // See https://github.com/zama-ai/fhevm-internal/issues/381
+        if (addCiphertextHash == bytes32(0) && $._isCiphertextMaterialAdded[ctHandle]) {
+            return $._coprocessorTxSenderAddresses[ctHandle];
+        }
+
         return $._coprocessorTxSenderAddresses[addCiphertextHash];
     }
 

gateway-contracts/rust_bindings/src/ciphertext_commits.rs

@@ -31,7 +31,7 @@ CiphertextCommits
 |----------+----------------------------------------------------------+--------------------------------------------------------------------|
 | Function | proxiableUUID()                                          | 0x52d1902d                                                         |
 |----------+----------------------------------------------------------+--------------------------------------------------------------------|
-| Function | reinitializeV2()                                         | 0xc4115874                                                         |
+| Function | reinitializeV3()                                         | 0xbac22bb8                                                         |
 |----------+----------------------------------------------------------+--------------------------------------------------------------------|
 | Function | renounceOwnership()                                      | 0x715018a6                                                         |
 |----------+----------------------------------------------------------+--------------------------------------------------------------------|
@@ -960,7 +960,7 @@ CiphertextCommitsV2Example
 |----------+----------------------------------------------------------+--------------------------------------------------------------------|
 | Function | proxiableUUID()                                          | 0x52d1902d                                                         |
 |----------+----------------------------------------------------------+--------------------------------------------------------------------|
-| Function | reinitializeV2()                                         | 0xc4115874                                                         |
+| Function | reinitializeV3()                                         | 0xbac22bb8                                                         |
 |----------+----------------------------------------------------------+--------------------------------------------------------------------|
 | Function | renounceOwnership()                                      | 0x715018a6                                                         |
 |----------+----------------------------------------------------------+--------------------------------------------------------------------|

gateway-contracts/selectors.txt

@@ -91,7 +91,7 @@ describe("Upgrades", function () {
     });
     const ciphertextCommits = await upgrades.upgradeProxy(emptyUUPS, ciphertextCommitsFactoryV1);
     await ciphertextCommits.waitForDeployment();
-    expect(await ciphertextCommits.getVersion()).to.equal("CiphertextCommits v0.2.0");
+    expect(await ciphertextCommits.getVersion()).to.equal("CiphertextCommits v0.3.0");
     const ciphertextCommitsV2 = await upgrades.upgradeProxy(ciphertextCommits, ciphertextCommitsFactoryV2);
     await ciphertextCommitsV2.waitForDeployment();
     expect(await ciphertextCommitsV2.getVersion()).to.equal("CiphertextCommits v1000.0.0");