Merge branch 'master' into dataapi-reservations

Author: dmanc

api/clients/v2/coretypes/blob.go

@@ -116,7 +116,7 @@ func (b *Blob) toEncodedPayload(payloadForm codecs.PolynomialForm) (*encodedPayl
 
 	encodedPayload, err := encodedPayloadFromElements(payloadElements, maxPermissiblePayloadLength)
 	if err != nil {
-		return nil, fmt.Errorf("encoded payload from elements %w", err)
+		return nil, fmt.Errorf("encoded payload from elements: %w", err)
 	}
 
 	return encodedPayload, nil

api/clients/v2/coretypes/derivation_errors.go

@@ -0,0 +1,102 @@
+package coretypes
+
+import (
+	"encoding/json"
+	"fmt"
+
+	_ "github.com/Layr-Labs/eigenda/api/clients/codecs"
+)
+
+// DerivationErrorStatusCode is an enum for the different error status codes
+// that can be returned during EigenDA "derivation" of a payload from a DA cert.
+// For more details, see the EigenDA spec on derivation:
+// https://github.com/Layr-Labs/eigenda/blob/f4ef5cd5/docs/spec/src/integration/spec/6-secure-integration.md#derivation-process
+//
+// This error is meant to be marshalled to JSON and returned as an HTTP 418 body
+// to indicate that the cert should be discarded from rollups' derivation pipelines.
+//
+// See https://github.com/Layr-Labs/optimism/pull/50 for how this is
+// used in optimism's derivation pipeline.
+type DerivationError struct {
+	StatusCode uint8
+	Msg        string
+}
+
+func (e DerivationError) Error() string {
+	return fmt.Sprintf("derivation error: status code %d, message: %s", e.StatusCode, e.Msg)
+}
+
+// Marshalled to JSON and returned as an HTTP 418 body
+// to indicate that the cert should be discarded from rollups' derivation pipelines.
+// We panic if marshalling fails, since the caller won't be able to handle the derivation error
+// properly, so they'll receive a 500 and must retry.
+func (e DerivationError) MarshalToTeapotBody() string {
+	e.Validate()
+	bodyJSON, err := json.Marshal(e)
+	if err != nil {
+		panic(fmt.Errorf("failed to marshal derivation error: %w", err))
+	}
+	return string(bodyJSON)
+}
+
+// Used to add context to the sentinel errors below. For example:
+// ErrInvalidCertDerivationError.WithMessage("failed to parse cert")
+func (e DerivationError) WithMessage(msg string) DerivationError {
+	return DerivationError{
+		StatusCode: e.StatusCode,
+		Msg:        msg,
+	}
+}
+
+// Validate that the DerivationError has a valid status code.
+// The only valid status codes are 1-4, as defined in the sentinel errors below, eg [ErrCertParsingFailedDerivationError].
+func (e DerivationError) Validate() {
+	if e.StatusCode < 1 || e.StatusCode > 4 {
+		panic(fmt.Sprintf("DerivationError: invalid status code %d, must be between 1 and 4", e.StatusCode))
+	}
+	// The Msg field should ideally be a human-readable string that explains the error,
+	// but we don't enforce it.
+}
+
+// These errors can be used as sentinels to indicate specific derivation errors,
+// but they should be used with the `WithMessage` method to add context.
+// Also see the constructors below for creating these errors with context.
+//
+// Note: we purposefully don't use StatusCode 0 here, to prevent default value bugs in case people
+// create a DerivationError by hand without using the constructors or sentinel errors defined here.
+var (
+	// Signifies that the input can't be parsed into a versioned cert.
+	ErrCertParsingFailedDerivationError = DerivationError{StatusCode: 1}
+	// Signifies that the cert is invalid due to a recency check failure,
+	// meaning that `cert.L1InclusionBlock > batch.RBN + rbnRecencyWindowSize`.
+	// See https://layr-labs.github.io/eigenda/integration/spec/6-secure-integration.html#1-rbn-recency-validation
+	ErrRecencyCheckFailedDerivationError = DerivationError{StatusCode: 2}
+	// Signifies that the CertVerifier.checkDACert eth-call returned an error status code.
+	// See https://layr-labs.github.io/eigenda/integration/spec/6-secure-integration.html#2-cert-validation
+	ErrInvalidCertDerivationError = DerivationError{StatusCode: 3}
+	// Signifies that the blob is incorrectly encoded, and cannot be decoded into a valid payload.
+	// See [codecs.PayloadEncodingVersion] for the different supported encodings.
+	// See https://layr-labs.github.io/eigenda/integration/spec/6-secure-integration.html#3-blob-validation
+	ErrBlobDecodingFailedDerivationError = DerivationError{StatusCode: 4}
+)
+
+// Signifies that the cert is invalid due to a parsing failure,
+// meaning that a versioned cert could not be parsed from the serialized hex string.
+// For example a CertV3 failed to get rlp.decoded from the hex string.
+func NewCertParsingFailedError(serializedCertHex string, err string) DerivationError {
+	return ErrCertParsingFailedDerivationError.WithMessage(
+		fmt.Sprintf("cert parsing failed for cert %s: %v", serializedCertHex, err),
+	)
+}
+
+// Signifies that the cert is invalid due to a recency check failure,
+// meaning that `cert.L1InclusionBlock > batch.RBN + rbnRecencyWindowSize`.
+func NewRBNRecencyCheckFailedError(
+	certRBN, certL1InclusionBlock, rbnRecencyWindowSize uint64,
+) DerivationError {
+	return ErrRecencyCheckFailedDerivationError.WithMessage(
+		fmt.Sprintf(
+			"RBN recency check failed: certL1InclusionBlockNumber (%d) > cert.RBN (%d) + RBNRecencyWindowSize (%d)",
+			certL1InclusionBlock, certRBN, rbnRecencyWindowSize,
+		))
+}

api/clients/v2/coretypes/eigenda_cert.go

@@ -45,7 +45,9 @@ const (
 	VersionThreeCert = 0x3
 )
 
-// VerificationStatusCode reflects the return byte generated by a verification call to a generic cert verifier
+// VerificationStatusCode represents the status codes that can be returned by the EigenDACertVerifier.checkDACert contract calls.
+// It should match exactly the status codes defined in the contract:
+// https://github.com/Layr-Labs/eigenda/blob/1091f460ba762b84019389cbb82d9b04bb2c2bdb/contracts/src/integrations/cert/libraries/EigenDACertVerificationLib.sol#L48-L54
 type VerificationStatusCode uint8
 
 const (
@@ -94,7 +96,10 @@ const (
 
 // EigenDACert is a sum type interface returned by the payload disperser
 type EigenDACert interface {
-	Version() CertificateVersion
+	// isEigenDACert is an unexported method that restricts
+	// which types can implement this interface to only those
+	// defined in this package
+	isEigenDACert()
 }
 
 // RetrievableEigenDACert is an interface that defines data field accessor methods
@@ -253,9 +258,7 @@ func (c *EigenDACertV3) Commitments() (*encoding.BlobCommitments, error) {
 }
 
 // Version returns the version of the EigenDA certificate
-func (c *EigenDACertV3) Version() CertificateVersion {
-	return VersionThreeCert
-}
+func (c *EigenDACertV3) isEigenDACert() {}
 
 // This struct represents the composition of an EigenDA V2 certificate
 // NOTE: This type is hardforked from the V3 type and will no longer
@@ -384,9 +387,7 @@ func (c *EigenDACertV2) ComputeBlobKey() (*coreV2.BlobKey, error) {
 }
 
 // Version returns the version of the EigenDA certificate
-func (c *EigenDACertV2) Version() CertificateVersion {
-	return VersionTwoCert
-}
+func (c *EigenDACertV2) isEigenDACert() {}
 
 // ToV3 converts an EigenDACertV2 to an EigenDACertV3
 func (c *EigenDACertV2) ToV3() (*EigenDACertV3, error) {

api/clients/v2/coretypes/encoded_payload.go

@@ -44,6 +44,16 @@ func newEncodedPayload(payload *Payload) (*encodedPayload, error) {
 
 // decode applies the inverse of PayloadEncodingVersion0 to an encodedPayload, and returns the decoded Payload
 func (ep *encodedPayload) decode() (*Payload, error) {
+	if len(ep.bytes) < 32 {
+		return nil, fmt.Errorf("encoded payload must be at least 32 bytes long, but got %d bytes", len(ep.bytes))
+	}
+	if ep.bytes[0] != 0x00 {
+		return nil, fmt.Errorf("encoded payload header first byte must be 0x00, but got %x", ep.bytes[0])
+	}
+	if ep.bytes[1] != byte(codecs.PayloadEncodingVersion0) {
+		return nil, fmt.Errorf("encoded payload header version byte must be %x, but got %x", codecs.PayloadEncodingVersion0, ep.bytes[1])
+	}
+
 	claimedLength := binary.BigEndian.Uint32(ep.bytes[2:6])
 
 	// decode raw data modulo bn254

api/clients/v2/payload_retriever.go

@@ -3,6 +3,7 @@ package clients
 import (
 	"context"
 
+	_ "github.com/Layr-Labs/eigenda/api/clients/codecs"
 	"github.com/Layr-Labs/eigenda/api/clients/v2/coretypes"
 )
 
@@ -12,5 +13,7 @@ import (
 // bucket instead of from EigenDA relays or nodes.
 type PayloadRetriever interface {
 	// GetPayload retrieves a payload from some backend, using the provided certificate
+	// GetPayload should return a [coretypes.ErrBlobDecodingFailedDerivationError] if the blob cannot be decoding according
+	// to one of the encodings available via [codecs.PayloadEncodingVersion]s.
 	GetPayload(ctx context.Context, eigenDACert coretypes.RetrievableEigenDACert) (*coretypes.Payload, error)
 }

api/clients/v2/payloadretrieval/relay_payload_retriever.go

@@ -130,12 +130,12 @@ func (pr *RelayPayloadRetriever) GetPayload(
 		payload, err := blob.ToPayload(pr.config.PayloadPolynomialForm)
 		if err != nil {
 			pr.log.Error(
-				`Commitment verification was successful, but conversion from blob to payload failed!
-					This is likely a problem with the local configuration, but could potentially indicate
-					malicious dispersed data. It should not be possible for a commitment to verify for an
-					invalid blob!`,
+				`Commitment verification was successful, but decoding of blob to payload failed!
+					This client only supports blobs that were encoded using the codec(s) defined in
+					https://github.com/Layr-Labs/eigenda/blob/86e27fa03/api/clients/codecs/blob_codec.go.`,
 				"blobKey", blobKey.Hex(), "relayKey", relayKey, "eigenDACert", eigenDACert, "error", err)
-			return nil, fmt.Errorf("decode blob: %w", err)
+			return nil, coretypes.ErrBlobDecodingFailedDerivationError.WithMessage(
+				fmt.Sprintf("blob %v from relay %v: %v", blobKey.Hex(), relayKey, err))
 		}
 
 		return payload, nil

api/clients/v2/payloadretrieval/relay_payload_retriever_test.go

@@ -39,7 +39,10 @@ type RelayPayloadRetrieverTester struct {
 	RelayPayloadRetriever *RelayPayloadRetriever
 	MockRelayClient       *clientsmock.MockRelayClient
 	G1Srs                 []bn254.G1Affine
-	PayloadPolynomialForm codecs.PolynomialForm
+}
+
+func (t *RelayPayloadRetrieverTester) PayloadPolynomialForm() codecs.PolynomialForm {
+	return t.RelayPayloadRetriever.config.PayloadPolynomialForm
 }
 
 // buildRelayPayloadRetrieverTester sets up a client with mocks necessary for testing
@@ -76,7 +79,6 @@ func buildRelayPayloadRetrieverTester(t *testing.T) RelayPayloadRetrieverTester
 		RelayPayloadRetriever: client,
 		MockRelayClient:       &mockRelayClient,
 		G1Srs:                 g1Srs,
-		PayloadPolynomialForm: clientConfig.PayloadPolynomialForm,
 	}
 }
 
@@ -88,11 +90,22 @@ func buildBlobAndCert(
 ) (core.BlobKey, []byte, *coretypes.EigenDACertV3) {
 
 	payloadBytes := tester.Random.Bytes(tester.Random.Intn(maxPayloadBytes))
-	blob, err := coretypes.NewPayload(payloadBytes).ToBlob(tester.PayloadPolynomialForm)
+	blob, err := coretypes.NewPayload(payloadBytes).ToBlob(tester.PayloadPolynomialForm())
 	require.NoError(t, err)
-
 	blobBytes := blob.Serialize()
 	require.NotNil(t, blobBytes)
+	blobKey, cert := buildCertFromBlobBytes(t, blobBytes, relayKeys)
+	return blobKey, blobBytes, cert
+
+}
+
+// buildCert builds a blob key, blob bytes, and valid certificate from the given blob and relay keys.
+// It is used to generate a valid cert from a wrongly encoded blob, to test for decoding errors.
+func buildCertFromBlobBytes(
+	t *testing.T,
+	blobBytes []byte,
+	relayKeys []core.RelayKey,
+) (core.BlobKey, *coretypes.EigenDACertV3) {
 
 	kzgConfig := &kzg.KzgConfig{
 		G1Path:          "../../../../inabox/resources/kzg/g1.point",
@@ -141,7 +154,7 @@ func buildBlobAndCert(
 	blobKey, err := eigenDACert.ComputeBlobKey()
 	require.NoError(t, err)
 
-	return *blobKey, blobBytes, eigenDACert
+	return *blobKey, eigenDACert
 }
 
 // TestGetPayloadSuccess tests that a blob is received without error in the happy case
@@ -446,3 +459,38 @@ func TestErrorClose(t *testing.T) {
 
 	tester.MockRelayClient.AssertExpectations(t)
 }
+
+// TestCommitmentVerifiesButBlobToPayloadFails tests the case where commitment verification succeeds
+// but conversion from blob to payload fails. This is a critical edge case that should not be possible
+// with valid data, but could indicate malicious dispersed data.
+func TestCommitmentVerifiesButBlobToPayloadFails(t *testing.T) {
+	tester := buildRelayPayloadRetrieverTester(t)
+	// We keep the blob in coeff form so that we can manipulate it directly (otherwise it gets IFFT'd)
+	tester.RelayPayloadRetriever.config.PayloadPolynomialForm = codecs.PolynomialFormCoeff
+	relayKeys := make([]core.RelayKey, 1)
+	relayKeys[0] = tester.Random.Uint32()
+
+	payloadBytes := tester.Random.Bytes(tester.Random.Intn(maxPayloadBytes))
+	blob, err := coretypes.NewPayload(payloadBytes).ToBlob(tester.PayloadPolynomialForm())
+	require.NoError(t, err)
+	blobBytes := blob.Serialize()
+	require.NotNil(t, blobBytes)
+	blobBytes[1] = 0xFF // Invalid encoding version - this will cause decode to fail
+
+	blobKey, blobCert := buildCertFromBlobBytes(t, blobBytes, relayKeys)
+
+	// Mock the relay to return our incorrectly encoded blob
+	tester.MockRelayClient.On("GetBlob", mock.Anything, relayKeys[0], blobKey).Return(blobBytes, nil).Once()
+
+	// Try to get the payload - this should fail during blob to payload conversion
+	payload, err := tester.RelayPayloadRetriever.GetPayload(context.Background(), blobCert)
+	require.Nil(t, payload)
+	require.Error(t, err)
+
+	// Verify it's specifically a DerivationError with status code 4 (blob decoding failed)
+	derivationErr := coretypes.DerivationError{}
+	require.ErrorAs(t, err, &derivationErr)
+	require.Equal(t, coretypes.ErrBlobDecodingFailedDerivationError.StatusCode, derivationErr.StatusCode)
+
+	tester.MockRelayClient.AssertExpectations(t)
+}

api/clients/v2/payloadretrieval/validator_payload_retriever.go

@@ -102,10 +102,9 @@ func (pr *ValidatorPayloadRetriever) GetPayload(
 		payload, err := blob.ToPayload(pr.config.PayloadPolynomialForm)
 		if err != nil {
 			pr.logger.Error(
-				`Commitment verification was successful, but conversion from blob to payload failed!
-					This is likely a problem with the local configuration, but could potentially indicate
-					malicious dispersed data. It should not be possible for a commitment to verify for an
-					invalid blob!`,
+				`Commitment verification was successful, but decoding of blob to payload failed!
+					This client only supports blobs that were encoded using the codec(s) defined in
+					https://github.com/Layr-Labs/eigenda/blob/86e27fa03/api/clients/codecs/blob_codec.go.`,
 				"blobKey", blobKey.Hex(), "quorumID", quorumID, "eigenDACert", eigenDACert, "error", err)
 			return nil, fmt.Errorf("decode blob: %w", err)
 		}

api/clients/v2/verification/cert_verifier.go

@@ -47,36 +47,30 @@ func NewCertVerifier(
 }
 
 // CheckDACert calls the CheckDACert view function on the EigenDACertVerifier contract.
-// This method returns nil if the certificate is successfully verified; otherwise, it returns an error.
+// This method returns nil if the certificate is successfully verified; otherwise, it returns a
+// [CertVerifierInvalidCertError] or [CertVerifierInternalError] error.
 func (cv *CertVerifier) CheckDACert(
 	ctx context.Context,
 	cert coretypes.EigenDACert,
 ) error {
-	// 1 - switch on the certificate version to determine which underlying type to decode into
-	//     and which contract to call
-
-	// EigenDACertV3 is the only version that is supported by the CheckDACert function
+	// 1 - switch on the certificate type to determine which contract to call
 	var certV3 *coretypes.EigenDACertV3
 	var err error
-	switch cert.Version() {
-	case coretypes.VersionThreeCert:
-		var ok bool
-		certV3, ok = cert.(*coretypes.EigenDACertV3)
-		if !ok {
-			return &CertVerifierInputError{Msg: fmt.Sprintf("expected cert to be of type EigenDACertV3, got %T", cert)}
-		}
-	case coretypes.VersionTwoCert:
-		certV2, ok := cert.(*coretypes.EigenDACertV2)
-		if !ok {
-			return &CertVerifierInputError{Msg: fmt.Sprintf("expected cert to be of type EigenDACertV2, got %T", cert)}
-		}
-
-		certV3, err = certV2.ToV3()
+	switch cert := cert.(type) {
+	case *coretypes.EigenDACertV3:
+		certV3 = cert
+	case *coretypes.EigenDACertV2:
+		// EigenDACertV3 is the only version that is supported by the CheckDACert function
+		// but the V2 cert is a simple permutation of the V3 cert fields, so we convert it.
+		certV3, err = cert.ToV3()
 		if err != nil {
 			return &CertVerifierInternalError{Msg: "convert V2 cert to V3", Err: err}
 		}
 	default:
-		return &CertVerifierInputError{Msg: fmt.Sprintf("unsupported cert version: %d", cert.Version())}
+		// If golang had enums the world would be a better place.
+		panic(fmt.Sprintf("unsupported cert version: %T. All cert versions that we can "+
+			"construct offchain should have a CertVerifier contract which we can call to "+
+			"verify the certificate", cert))
 	}
 
 	// 2 - Call the contract method CheckDACert to verify the certificate
@@ -108,9 +102,9 @@ func (cv *CertVerifier) CheckDACert(
 	if verifyResultCode == coretypes.StatusNullError {
 		return &CertVerifierInternalError{Msg: fmt.Sprintf("checkDACert eth-call bug: %s", verifyResultCode.String())}
 	} else if verifyResultCode != coretypes.StatusSuccess {
-		return &CertVerificationFailedError{
+		return &CertVerifierInvalidCertError{
 			StatusCode: verifyResultCode,
-			Msg:        fmt.Sprintf("cert verification failed: status code (%d) %s", verifyResultCode, verifyResultCode.String()),
+			Msg:        verifyResultCode.String(),
 		}
 	}
 	return nil