fix: Change nonce to height. (#105)

* Change nonce to height.

* Update wrapper.

* Fix typo.

* Fix to use old -> new height contiguous.

* Refactor tests to use cheatcode sign.

* Update wrappers.

Author: adlerjohn

ethereum/solidity/src/Constants.sol

@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: Apache-2.0
+pragma solidity ^0.8.4;
+
+/// @dev bytes32 encoding of the string "checkpoint"
+bytes32 constant VALIDATOR_SET_HASH_DOMAIN_SEPARATOR = 0x636865636b706f696e7400000000000000000000000000000000000000000000;
+
+/// @dev bytes32 encoding of the string "transactionBatch"
+bytes32 constant DATA_ROOT_TUPLE_ROOT_DOMAIN_SEPARATOR = 0x7472616e73616374696f6e426174636800000000000000000000000000000000;

ethereum/solidity/src/QuantumGravityBridge.sol

@@ -3,6 +3,7 @@ pragma solidity ^0.8.4;
 
 import "./lib/openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 
+import "./Constants.sol";
 import "./DataRootTuple.sol";
 import "./IDAOracle.sol";
 import "./lib/tree/binary/BinaryMerkleProof.sol";
@@ -36,18 +37,6 @@ contract QuantumGravityBridge is IDAOracle {
     // be accounted for in any upgrades. Always test an exact upgrade on testnet
     // and localhost before mainnet upgrades.
 
-    ///////////////
-    // Constants //
-    ///////////////
-
-    /// @dev bytes32 encoding of the string "checkpoint"
-    bytes32 constant VALIDATOR_SET_HASH_DOMAIN_SEPARATOR =
-        0x636865636b706f696e7400000000000000000000000000000000000000000000;
-
-    /// @dev bytes32 encoding of the string "transactionBatch"
-    bytes32 constant DATA_ROOT_TUPLE_ROOT_DOMAIN_SEPARATOR =
-        0x7472616e73616374696f6e426174636800000000000000000000000000000000;
-
     ////////////////
     // Immutables //
     ////////////////
@@ -114,31 +103,33 @@ contract QuantumGravityBridge is IDAOracle {
 
     /// @param _bridge_id Identifier of the bridge, used in signatures for
     /// domain separation.
+    /// @param _nonce Celestia block height at which bridge is initialized.
     /// @param _powerThreshold Initial voting power that is needed to approve
     /// operations.
     /// @param _validatorSetHash Initial validator set hash. This does not need
     /// to be the genesis validator set of the bridged chain, only the initial
     /// validator set of the bridge.
     constructor(
         bytes32 _bridge_id,
+        uint256 _nonce,
         uint256 _powerThreshold,
         bytes32 _validatorSetHash
     ) {
         BRIDGE_ID = _bridge_id;
 
         // CHECKS
 
-        uint256 nonce = 0;
-        bytes32 newCheckpoint = domainSeparateValidatorSetHash(_bridge_id, nonce, _powerThreshold, _validatorSetHash);
+        bytes32 newCheckpoint = domainSeparateValidatorSetHash(_bridge_id, _nonce, _powerThreshold, _validatorSetHash);
 
         // EFFECTS
 
+        state_lastValidatorSetNonce = _nonce;
         state_lastValidatorSetCheckpoint = newCheckpoint;
         state_powerThreshold = _powerThreshold;
 
         // LOGS
 
-        emit ValidatorSetUpdatedEvent(nonce, _powerThreshold, _validatorSetHash);
+        emit ValidatorSetUpdatedEvent(_nonce, _powerThreshold, _validatorSetHash);
     }
 
     /// @notice Utility function to check if a signature is nil.
@@ -189,17 +180,19 @@ contract QuantumGravityBridge is IDAOracle {
     /// @dev Make a domain-separated commitment to a data root tuple root.
     /// A hash of all relevant information about a data root tuple root.
     /// The format of the hash is:
-    ///     keccak256(bridge_id, DATA_ROOT_TUPLE_ROOT_DOMAIN_SEPARATOR, nonce, _dataRootTupleRoot)
+    ///     keccak256(bridge_id, DATA_ROOT_TUPLE_ROOT_DOMAIN_SEPARATOR, oldNonce, newNonce, dataRootTupleRoot)
     /// @param _bridge_id Bridge ID.
-    /// @param _nonce Nonce.
+    /// @param _oldNonce Celestia block height at which commitment begins.
+    /// @param _newNonce Celestia block height at which commitment ends.
     /// @param _dataRootTupleRoot Data root tuple root.
     function domainSeparateDataRootTupleRoot(
         bytes32 _bridge_id,
-        uint256 _nonce,
+        uint256 _oldNonce,
+        uint256 _newNonce,
         bytes32 _dataRootTupleRoot
     ) private pure returns (bytes32) {
         bytes32 c = keccak256(
-            abi.encode(_bridge_id, DATA_ROOT_TUPLE_ROOT_DOMAIN_SEPARATOR, _nonce, _dataRootTupleRoot)
+            abi.encode(_bridge_id, DATA_ROOT_TUPLE_ROOT_DOMAIN_SEPARATOR, _oldNonce, _newNonce, _dataRootTupleRoot)
         );
 
         return c;
@@ -255,7 +248,7 @@ contract QuantumGravityBridge is IDAOracle {
     /// The validator set hash that is signed over is domain separated as per
     /// `domainSeparateValidatorSetHash`.
     /// @param _newValidatorSetHash The hash of the new validator set.
-    /// @param _newNonce The new nonce.
+    /// @param _newNonce The new Celestia block height.
     /// @param _currentValidatorSet The current validator set.
     /// @param _sigs Signatures.
     function updateValidatorSet(
@@ -270,7 +263,7 @@ contract QuantumGravityBridge is IDAOracle {
         uint256 currentNonce = state_lastValidatorSetNonce;
         uint256 currentPowerThreshold = state_powerThreshold;
 
-        // Check that the valset nonce is greater than the old one.
+        // Check that the new validator set nonce is greater than the old one.
         if (_newNonce <= currentNonce) {
             revert InvalidValidatorSetNonce();
         }
@@ -321,7 +314,8 @@ contract QuantumGravityBridge is IDAOracle {
     ///
     /// The data tuple root that is signed over is domain separated as per
     /// `domainSeparateDataRootTupleRoot`.
-    /// @param _nonce The data root tuple root nonce.
+    /// @param _nonce The Celestia block height up to which the data root tuple
+    /// root commits to.
     /// @param _dataRootTupleRoot The Merkle root of data root tuples.
     /// @param _currentValidatorSet The current validator set.
     /// @param _sigs Signatures.
@@ -333,10 +327,11 @@ contract QuantumGravityBridge is IDAOracle {
     ) external {
         // CHECKS
 
+        uint256 currentNonce = state_lastDataRootTupleRootNonce;
         uint256 currentPowerThreshold = state_powerThreshold;
 
         // Check that the data root tuple root nonce is higher than the last nonce.
-        if (_nonce <= state_lastDataRootTupleRootNonce) {
+        if (_nonce <= currentNonce) {
             revert InvalidDataRootTupleRootNonce();
         }
 
@@ -360,7 +355,7 @@ contract QuantumGravityBridge is IDAOracle {
 
         // Check that enough current validators have signed off on the data
         // root tuple root and nonce.
-        bytes32 c = domainSeparateDataRootTupleRoot(BRIDGE_ID, _nonce, _dataRootTupleRoot);
+        bytes32 c = domainSeparateDataRootTupleRoot(BRIDGE_ID, currentNonce, _nonce, _dataRootTupleRoot);
         checkValidatorSignatures(_currentValidatorSet, _sigs, c, currentPowerThreshold);
 
         // EFFECTS

ethereum/solidity/src/test/QuantumGravityBridge.t.sol

@@ -3,75 +3,90 @@ pragma solidity ^0.8.4;
 
 import "../lib/openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 
+import "../Constants.sol";
 import "../DataRootTuple.sol";
 import "../QuantumGravityBridge.sol";
 
 import "ds-test/test.sol";
 
-contract RelayerTest is DSTest {
-    // private keys used for hardcoded signatures
-    // testAddr  = "0x9c2B12b5a07FC6D719Ed7646e5041A7E85758329"
-    // testPriv  = "64a1d6f0e760a8d62b4afdde4096f16f51b401eaaecc915740f71770ea76a8ad"
-    // testAddr2 = "0xe650B084f05C6194f6e552e3b9f08718Bc8a9d56"
-    // testPriv2 = "6e8bdfa979ab645b41c4d17cb1329b2a44684c82b61b1b060ea9b6e1c927a4f4"
+interface CheatCodes {
+    function addr(uint256 privateKey) external returns (address);
 
-    bytes32 constant VALIDATOR_SET_HASH_DOMAIN_SEPARATOR =
-        0x636865636b706f696e7400000000000000000000000000000000000000000000;
+    function sign(uint256 privateKey, bytes32 digest)
+        external
+        returns (
+            uint8 v,
+            bytes32 r,
+            bytes32 s
+        );
+}
 
-    bytes32 constant DATA_ROOT_TUPLE_ROOT_DOMAIN_SEPARATOR =
-        0x7472616e73616374696f6e426174636800000000000000000000000000000000;
+contract RelayerTest is DSTest {
+    // Private keys used for test signatures.
+    uint256 constant testPriv1 = 0x64a1d6f0e760a8d62b4afdde4096f16f51b401eaaecc915740f71770ea76a8ad;
+    uint256 constant testPriv2 = 0x6e8bdfa979ab645b41c4d17cb1329b2a44684c82b61b1b060ea9b6e1c927a4f4;
 
-    bytes32 constant BRIDGE_ID =
-        VALIDATOR_SET_HASH_DOMAIN_SEPARATOR;
+    // 32 bytes, chosen at random.
+    bytes32 constant BRIDGE_ID = 0x6de92bac0b357560d821f8e7b6f5c9fe4f3f88f6c822283efd7ab51ad56a640e;
 
     QuantumGravityBridge bridge;
-    
+
     Validator[] private validators;
-    uint256 private votingPower = 3334;
+    uint256 private votingPower = 5000;
     uint256 private valsetNonce = 0;
     uint256 private dataTupleRootNonce = 0;
+
+    // Set up Foundry cheatcodes.
+    CheatCodes cheats = CheatCodes(HEVM_ADDRESS);
+
     function setUp() public {
-        validators.push(Validator(0x9c2B12b5a07FC6D719Ed7646e5041A7E85758329, 5000));
+        validators.push(Validator(cheats.addr(testPriv1), votingPower));
         bytes32 hash = computeValidatorSetHash(validators);
-        bridge = new QuantumGravityBridge(BRIDGE_ID, votingPower, hash);
+        bridge = new QuantumGravityBridge(BRIDGE_ID, valsetNonce, (2 * votingPower) / 3, hash);
     }
 
     function testUpdateValidatorSet() public {
-        // save the old test validator set before we add to it
+        // Save the old test validator set before we add to it.
         Validator[] memory oldVS = new Validator[](1);
-        oldVS[0] = Validator(0x9c2B12b5a07FC6D719Ed7646e5041A7E85758329, 5000);
+        oldVS[0] = Validator(cheats.addr(testPriv1), votingPower);
 
-        // hardcoded signature for the first validator set update
+        uint256 newNonce = 1;
+        validators.push(Validator(cheats.addr(testPriv2), votingPower));
+        votingPower += votingPower;
+        uint256 newPowerThreshold = (2 * votingPower) / 3;
+        bytes32 newVSHash = keccak256(abi.encode(validators));
+        bytes32 newCheckpoint = domainSeparateValidatorSetHash(BRIDGE_ID, newNonce, newPowerThreshold, newVSHash);
+
+        // Signature for the first validator set update.
         Signature[] memory sigs = new Signature[](1);
-        sigs[0] = Signature(27, 0xbe1d908f5f4f307230f7f6489253ea3051096f0de57377bf1ac218cf7c560a08, 0x4eed1044b69cebcaf45aabc2363b55a7047ce7dd0dd219baec4c4ac3d097c6f8);
+        bytes32 digest_eip191 = ECDSA.toEthSignedMessageHash(newCheckpoint);
+        (uint8 v, bytes32 r, bytes32 s) = cheats.sign(testPriv1, digest_eip191);
+        sigs[0] = Signature(v, r, s);
 
-        // change test validator set
-        validators.push(Validator(0xe650B084f05C6194f6e552e3b9f08718Bc8a9d56, 5000));
-        bytes32 newVSHash = keccak256(abi.encode(validators));
+        bridge.updateValidatorSet(newNonce, newPowerThreshold, newVSHash, oldVS, sigs);
 
-        uint256 newNonce = 1;
-        uint256 newPowerThreshhold = 6668;
-        bridge.updateValidatorSet(newNonce, newPowerThreshhold, newVSHash, oldVS, sigs);
-        bytes32 newCheckpoint = domainSeparateValidatorSetHash(BRIDGE_ID, newNonce, newPowerThreshhold, newVSHash);
         assertEq(bridge.state_lastValidatorSetNonce(), newNonce);
-        assertEq(bridge.state_powerThreshold(), newPowerThreshhold);
-        assertEq(
-            bridge.state_lastValidatorSetCheckpoint(), 
-            newCheckpoint
-        );
+        assertEq(bridge.state_powerThreshold(), newPowerThreshold);
+        assertEq(bridge.state_lastValidatorSetCheckpoint(), newCheckpoint);
     }
 
     function testSubmitDataRootTupleRoot() public {
-        // hardcoded signature for the first validator set update
+        uint256 newNonce = 1;
+        // 32 bytes, chosen at random.
+        bytes32 newTupleRoot = 0x0de92bac0b356560d821f8e7b6f5c9fe4f3f88f6c822283efd7ab51ad56a640e;
+
+        bytes32 newDataRootTupleRoot = domainSeparateDataRootTupleRoot(BRIDGE_ID, valsetNonce, newNonce, newTupleRoot);
+
+        // Signature for the update.
         Signature[] memory sigs = new Signature[](1);
-        sigs[0] = Signature(28, 0x8a71b11dfc2f5bf6ac3a9e7f8e74a3e6d58aa24957c4a6a8fb6021b6b3c9a57e, 0x796de792753d60cdd79a922516c8345db6661fe1762a59c0aff7698ac4cb7eea);
-        
-        Validator[] memory vals = new Validator[](1);
-        vals[0] = Validator(0x9c2B12b5a07FC6D719Ed7646e5041A7E85758329, 5000);
+        bytes32 digest_eip191 = ECDSA.toEthSignedMessageHash(newDataRootTupleRoot);
+        (uint8 v, bytes32 r, bytes32 s) = cheats.sign(testPriv1, digest_eip191);
+        sigs[0] = Signature(v, r, s);
 
-        uint256 newNonce = 1;
-        bytes32 newTupleRoot = VALIDATOR_SET_HASH_DOMAIN_SEPARATOR;
-        bridge.submitDataRootTupleRoot(newNonce, newTupleRoot, vals, sigs);
+        Validator[] memory valSet = new Validator[](1);
+        valSet[0] = Validator(cheats.addr(testPriv1), votingPower);
+
+        bridge.submitDataRootTupleRoot(newNonce, newTupleRoot, valSet, sigs);
 
         assertEq(bridge.state_lastDataRootTupleRootNonce(), newNonce);
         assertEq(bridge.state_dataRootTupleRoots(newNonce), newTupleRoot);
@@ -93,4 +108,17 @@ contract RelayerTest is DSTest {
 
         return c;
     }
+
+    function domainSeparateDataRootTupleRoot(
+        bytes32 _bridge_id,
+        uint256 _oldNonce,
+        uint256 _newNonce,
+        bytes32 _dataRootTupleRoot
+    ) private pure returns (bytes32) {
+        bytes32 c = keccak256(
+            abi.encode(_bridge_id, DATA_ROOT_TUPLE_ROOT_DOMAIN_SEPARATOR, _oldNonce, _newNonce, _dataRootTupleRoot)
+        );
+
+        return c;
+    }
 }