Skip to content

fix: multichain pt2 audit fixes #1592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ypatil12 merged 12 commits into from
Aug 11, 2025
Merged

fix: multichain pt2 audit fixes #1592

ypatil12 merged 12 commits into from
Aug 11, 2025

Conversation

@ypatil12
Copy link
Collaborator

@ypatil12 ypatil12 commented Aug 6, 2025
edited by nadir-akhtar
Loading

ypatil12 and others added 8 commits August 8, 2025 12:40
@ypatil12
fix: check for key upon gen reservation (#1561)
750ef6b 
**Motivation:**

Currently, we don't require the `KeyType` to be set in the `KeyRegistry`
when creating a generation reservation

**Modifications:**

Update the `CCR` to check for key type. Also update docs

**Result:**

Stricter user flow
@nadir-akhtar @ypatil12
fix(audit): add salt to Merkle leaf hashing (#1580)
d0ed821 
**Motivation:**

As part of an audit finding, to protect against [second preimage
attacks](https://flawed.net.nz/2018/02/21/attacking-merkle-trees-with-a-second-preimage-attack/),
we add a salt to the leaf similar to the RewardsCoordinator to
significantly reduce the likelihood of an internal node being used to
produce an unintentional proof.

**Modifications:**

* Created new `LeafCalculatorMixin` with `getOperatorInfoLeaf` and
`getOperatorTableLeaf` calculations, which take in salt
* Updated tests to use `getOperatorInfoLeaf` and `getOperatorTableLeaf`
for hash calculation

**Result:**

Significantly diminished likelihood of second preimage attack

---------

Co-authored-by: Yash Patil <40046473+ypatil12@users.noreply.github.com>
@ypatil12 @eigenmikem
@nadir-akhtar @0xClandestine
docs: multichain natspec (#1584)
145c72a 
**Motivation:**

Make natspec clearer after internal review

**Modifications:**

- Document errors and events
- Add error codes
- Add error reason 

**Result:**

- Cleaner Natspec

---------

Co-authored-by: eigenmikem <michael.muehl@eigenlabs.org>
Co-authored-by: Nadir Akhtar <nadir-akhtar@users.noreply.github.com>
Co-authored-by: clandestine.eth <96172957+0xClandestine@users.noreply.github.com>
@ypatil12
fix(h-04): race condition (#1575)
ee8a74a 
**Motivation:**

- There is an offchain race condition where updating the table can cause
the entire service to panic if it is frontrun by another tx

**Modifications:**

- Return if the table has already been updated
- Clean up integration testing lib 

**Result:**

- Clear off chain responses
@nadir-akhtar @ypatil12
fix(docs): correct hash value in natspec (#1587)
1e398db 
<!-- 
    🚨 ATTENTION! 🚨 
    
This PR template is REQUIRED. PRs not following this format will be
closed without review.
    
    Requirements:
- PR title must follow commit conventions:
https://www.conventionalcommits.org/en/v1.0.0/
- Label your PR with the correct type (e.g., 🐛 Bug, ✨ Enhancement, 🧪
Test, etc.)
    - Provide clear and specific details in each section
-->

**Motivation:**

Small typo in natspec regarding hash value. The value in the code is
correct, but the docs are not.

**Modifications:**

* Fixed value in documentation for how salts were derived

**Result:**

More accurate docs
@ypatil12
fix(h-03): add pagination (#1569)
6203567 
**Motivation:**

`getActiveGenerationReservation` can have an OOG error if there are many
gen reservations

**Modifications:**

Paginate the function by adding two view funcs:

- `getActiveGenerationReservationsByRange`
- `getActiveGenerationReservationCount`

**Result:**

DOS-resistant API
@0xClandestine @ypatil12
fix: add hasActiveGenerationReservation (#1589)
724b3c2 
**Motivation:**

Certora L-03: `CrossChainRegistry` getters do not revert if there's not
an active generation reservation for the given operator set.

**Modifications:**

- Added `hasActiveGenerationReservation`.
- Added comments in other view methods to first call
`hasActiveGenerationReservation`.

**Result:**

Integrators can validate view before calling.
@ypatil12
chore: bindings
941e44b
@ypatil12 ypatil12 force-pushed the release-dev/multichain-pt2-audit-fixes branch from dcb25e2 to 941e44b Compare August 8, 2025 16:40
@ypatil12
chore: clearer error message (#1602)
53a12d7 
**Motivation:**

We used the `KeyAlreadyRegistered` error when an operator is already
registered as well as when a key already registered. This is not a
descriptive error message.

**Modifications:**

Add `OperatorAlreadyRegistered` message

**Result:**

More descriptive code
@ypatil12 ypatil12 merged commit 5e133a1 into main Aug 11, 2025
14 checks passed
@ypatil12 ypatil12 deleted the release-dev/multichain-pt2-audit-fixes branch August 11, 2025 18:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nadir-akhtar nadir-akhtar nadir-akhtar approved these changes

Assignees

No one assigned

Labels

⚖️ Audit Fix Audit-related fixes. 🌎 Multichain

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ypatil12 @nadir-akhtar @0xClandestine