feat(AggLayer): Note checks tracking PR#2490
Merged
Conversation
…nders are authorized entities (#2479) * feat: validate CONFIG_AGG_BRIDGE and UPDATE_GER note senders Add sender validation to ensure only authorized entities can update bridge configuration or the global exit root. Two distinct roles are enforced: - **Bridge admin** (BRIDGE_ADMIN_SLOT): authorized to register faucets via CONFIG_AGG_BRIDGE notes - **Global exit root manager** (GER_MANAGER_SLOT): authorized to update the GER via UPDATE_GER notes Changes: - Add BRIDGE_ADMIN_SLOT and GER_MANAGER_SLOT storage slots to bridge account - Add assert_sender_is_bridge_admin account procedure in bridge_config - Add assert_sender_is_ger_manager account procedure in bridge_config - Export both procedures from the bridge component - CONFIG_AGG_BRIDGE calls assert_sender_is_bridge_admin - UPDATE_GER calls assert_sender_is_ger_manager - Update create_bridge_account to accept bridge_admin_id and ger_manager_id - Update all tests accordingly Closes #2450 Closes #2467 Co-authored-by: marti <marti@hungrycats.studio> * test: use distinct bridge_admin and ger_manager accounts in all tests Create separate wallet accounts for bridge admin and GER manager roles in every test, even when only one role is exercised. This makes the role distinction explicit and avoids accidentally relying on both roles sharing the same identity. Co-authored-by: marti <marti@hungrycats.studio> * lints * fix: order of stack comments; simplify ops --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com>
* feat: create BURN note with NetworkAccountTarget attachment Replace NoteTag-based targeting with NetworkAccountTarget attachment for BURN notes created by bridge_out. The BURN note now uses: - A NetworkAccountTarget attachment to specify the faucet as target - A simple tag (0) instead of note_tag::create_account_target - set_attachment is called right after note creation, using a dup'd note_idx so no local is needed to save it Changes: - bridge_out.masm: use network_account_target::new + output_note::set_attachment instead of note_tag::create_account_target - bridge_out test: verify attachment target instead of NoteTag Closes #2470 Co-authored-by: marti <marti@hungrycats.studio> * refactor: use DEFAULT_TAG constant and set_attachment in create_burn_note Replace the local BURN_NOTE_TAG constant with the DEFAULT_TAG constant from the note_tag standards module (re-declared locally since MASM does not support cross-module constant references in push). Save attachment_scheme and attachment_kind to locals and use set_attachment instead of set_word_attachment. Co-authored-by: marti <marti@hungrycats.studio> * Apply suggestions from code review Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> * Apply suggestion from @partylikeits1983 Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> * feat(standards): add NoteExecutionHint constants to MASM standards Add `note/execution_hint.masm` under the standards library exposing the four NoteExecutionHint variants as public constants: - NONE = 0 - ALWAYS = 1 - AFTER_BLOCK = 2 (tag bits only; payload must be composed at runtime) - ON_BLOCK_SLOT = 3 (tag bits only; payload must be composed at runtime) These mirror the `NONE_TAG` / `ALWAYS_TAG` / `AFTER_BLOCK_TAG` / `ON_BLOCK_SLOT_TAG` internal constants from the Rust `NoteExecutionHint` implementation and allow MASM callers to reference them via `use miden::standards::note::execution_hint::ALWAYS` (etc.) rather than duplicating magic numbers locally. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(agglayer): import ALWAYS execution hint from standards library Replace the locally-defined `EXECUTION_HINT_ALWAYS = 1` constants with the canonical `ALWAYS` constant from `miden::standards::note::execution_hint`. - `bridge_out.masm`: add `use miden::standards::note::execution_hint::ALWAYS`, drop local const, update `push.EXECUTION_HINT_ALWAYS` → `push.ALWAYS` - `agglayer_faucet.masm`: drop dead `EXECUTION_HINT_ALWAYS = 1` (was defined but never referenced in the file) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Alexander John Lee <77119221+partylikeits1983@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Collaborator
Author
|
Merging w/o explicit approvals since this is a tracking PR which had the individual components approved already |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For streamlining:
CONFIG_AGG_BRIDGEandUPDATE_GERnote senders are authorized entities #2479refactor: enforce(will be tackled separately)CLAIMnote consumer viaNetworkAccountTargetattachment, notNoteStorage#2480