feat: Refactoring System Hooks to communicate with System Contracts #414

Raid5594 · 2025-11-18T12:28:28Z

What ❔

PR strips down the messenger system hook, so all of the checks can be delegated to the respective system contract and the hook only accepts the raw message and emits events.

Why ❔

Simplification of protocol integration

Is this a breaking change?

Yes
No

Checklist

PR title corresponds to the body of PR (we generate changelog entries from PRs).
Tests for the changes have been added / updated.
Documentation comments have been added / updated.
Code has been formatted.

…contract

system_hooks/src/burn_native_token.rs

system_hooks/src/lib.rs

0xVolosnikov · 2025-11-18T13:27:16Z

tests/instances/transactions/src/lib.rs

 #[test]
 fn test_withdrawal() {
    let mut chain = Chain::empty(None);
+    let bytecode_vec: Vec<u8> = hex::decode("60806040526004361015610013575b610129565b61001e60003561002d565b6362f84b240361000e576100f3565b60e01c90565b60405190565b600080fd5b600080fd5b600080fd5b600080fd5b600080fd5b600080fd5b909182601f830112156100915781359167ffffffffffffffff831161008c57602001926001830284011161008757565b610052565b61004d565b610048565b906020828203126100c857600082013567ffffffffffffffff81116100c3576100bf9201610057565b9091565b610043565b61003e565b90565b6100d9906100cd565b9052565b91906100f1906000602085019401906100d0565b565b346101245761012061010f610109366004610096565b90610404565b610117610033565b918291826100dd565b0390f35b610039565b600080fd5b600090565b90565b60018060a01b031690565b90565b61015861015361015d92610133565b610141565b610136565b90565b61016b617000610144565b90565b90565b61018561018061018a9261016e565b610141565b610136565b90565b634e487b7160e01b600052601160045260246000fd5b6101af6101b591610136565b91610136565b019060018060a01b0382116101c657565b61018d565b6101df6101da6101e492610136565b610141565b610136565b90565b6101f0906101cb565b90565b610216610211610201610160565b61020b6001610171565b906101a3565b6101e7565b90565b905090565b90826000939282370152565b90918261023a8161024193610219565b809361021e565b0190565b90916102509261022a565b90565b601f801991011690565b634e487b7160e01b600052604160045260246000fd5b9061027d90610253565b810190811067ffffffffffffffff82111761029757604052565b61025d565b906102af6102a8610033565b9283610273565b565b67ffffffffffffffff81116102cf576102cb602091610253565b0190565b61025d565b906102e66102e1836102b1565b61029c565b918252565b606090565b3d60001461030d576103013d6102d4565b903d6000602084013e5b565b6103156102eb565b9061030b565b151590565b5190565b90565b90565b61033e61033961034392610327565b610141565b610324565b90565b60000190565b60200190565b61035c90516100cd565b90565b1b90565b61037d61037861037283610320565b9261034c565b610352565b906020811061038b575b5090565b61039e906000199060200360080261035f565b1638610387565b6103ae906101e7565b90565b6103ba906100cd565b90565b60209181520190565b91906103e0816103d9816103e5956103bd565b809561021e565b610253565b0190565b909161040192602083019260008185039101526103c6565b90565b919061040e61012e565b5060008061041a6101f3565b85828591610432610429610033565b93849283610245565b03925af16104486104416102f0565b911561031b565b80156104cb575b6104ae5761045c90610363565b923384919261049461048e7f3a36e47291f4201faf137fab081d92295bce2d53be2c6ca68ba82c7faa9ce241936103a5565b936103b1565b936104a96104a0610033565b928392836103e9565b0390a3565b600063f801b06960e01b8152806104c760048201610346565b0390fd5b506104d581610320565b6104e86104e2602061032a565b91610324565b141561044f56fea2646970667358221220eaa72a072e95715690c88c25da2fd94b2b0a7a610c93721e3eb39b3c9804086464736f6c634300081c0033").expect("valid hex");


Would be nice to add the source code as a comment (if it's not too big)

Shall I just link PR for contracts?

tests/instances/transactions/src/lib.rs

system_hooks/src/l1_messenger.rs

system_hooks/src/set_bytecode_on_address.rs

system_hooks/src/l1_messenger.rs

system_hooks/src/addresses_constants.rs

system_hooks/src/l1_messenger.rs

…tly for incorrect callee / caller

AntonD3 · 2025-12-03T22:17:36Z

tests/fuzzer/fuzz/fuzz_targets/bootloader/bootloader_run_single_interaction.rs

-            }
-            4 => {
-                // contract_deployer: setBytecodeDetailsEVM(address,bytes32,uint32,bytes32)
+                // contract_deployer: setBytecodeDetailsEVM(address,bytes32,uint32,bytes32,uint32)


nit: please update comment

AntonD3 · 2025-12-03T22:18:41Z

tests/instances/system_hooks/Cargo.toml


 [dependencies]
 rig = { path = "../../rig", features = ["for_tests"] }
+system_hooks = { path = "../../../system_hooks" }


looks like it's not used

AntonD3 · 2025-12-03T22:22:28Z

tests/rig/src/testing_utils.rs

+};
+
+// RUNTIME bytecode
+pub static L1_MESSENGER_BYTECODE: Lazy<Vec<u8>> = Lazy::new(|| {


nit: you can do it without lazy, just define a const string, and then hex::decode as needed, there is an example in utils.rs. Though it's a styling preference, so if you prefer the current approach, we can keep it

But then if we'll need to re-use in multiple places, hex::decode will be called every time, I think it looks neater with Lazy

AntonD3 · 2025-12-03T22:24:07Z

tests/instances/transactions/Cargo.toml


 [dependencies]
 rig = { path = "../../rig", features = ["for_tests"] }
+system_hooks = { path = "../../../system_hooks" }


not used as well?

AntonD3 · 2025-12-03T22:25:05Z

system_hooks/src/l1_messenger.rs

    } = request;

-    debug_assert_eq!(callee, L1_MESSENGER_ADDRESS);
+    if caller != L1_MESSENGER_ADDRESS || callee != L1_MESSENGER_ADDRESS_HOOK {


for callee check it makes sense to keep debug assert IMHO

AntonD3 · 2025-12-03T22:27:55Z

system_hooks/src/l1_messenger.rs

-            "L1 messenger failure: sendToL1 called with invalid calldata",
-        ));
-    }
+    let length: usize = U256::from_be_slice(&calldata[offset..offset + 32])


it's not safe, we need to check that calldata length >= offset + 32

AntonD3 · 2025-12-03T22:31:38Z

system_hooks/src/l1_messenger.rs

+    if calldata.len() < end {
+        return Ok(Err("L1 messenger failure: truncated bytes payload"));
    }
+    let message = &calldata[start..end];


same here, actually you can check code before your change in this place, there is similar logic to parse abi encoded bytes with needed checks. I understand that in practice it's not critical as this hook can be called only by our contract which always encodes data correctly, but better to make it error resistant for future

Btw, not sure what are requirements, but you can also consider simplified ABI here, let's say that first 20/32 bytes is the sender, and rest of calldata is the message(&calldata[32..]), something like encodePacked

AntonD3 · 2025-12-03T22:32:36Z

system_hooks/src/l1_messenger.rs

-    resources.charge(&S::Resources::from_ergs(l1_message_cost_ergs))?;
+    // emit L1 message
    let message_hash = system.io.emit_l1_message(
-        // We already charged gas for it


nit: IMHO it's nice to keep this comment

AntonD3 · 2025-12-03T22:33:03Z

system_hooks/src/set_bytecode_on_address.rs

    } = request;

-    debug_assert_eq!(callee, CONTRACT_DEPLOYER_ADDRESS);
+    if caller != CONTRACT_DEPLOYER_ADDRESS || callee != SET_BYTECODE_ON_ADDRESS_HOOK {


Also better to check callee with debug assert

AntonD3 · 2025-12-03T22:35:50Z

system_hooks/src/set_bytecode_on_address.rs

+        ));
+    }
+
+    let address = B160::try_from_be_slice(&calldata[12..32]).ok_or(SystemError::LeafDefect(


nit: when parsing abi encoded addresses it makes sense to check that first 12 bytes are zeroes just in case, or add a explicit comment

github-actions · 2025-12-09T14:33:24Z

Benchmark report

Benchmark	Symbol	Base Eff	Head Eff (%)	Base Raw	Head Raw (%)	Base Blake	Head Blake (%)	Base Bigint	Head Bigint (%)
`block_19299001`	`run_prepared`	310,878,540	310,878,540 (+0.00%)	268,212,764	268,212,764 (+0.00%)	410,610	410,610 (+0.00%)	9,024,004	9,024,004 (+0.00%)
`block_22244135`	`run_prepared`	191,043,084	191,043,084 (+0.00%)	164,127,024	164,127,024 (+0.00%)	172,020	172,020 (+0.00%)	6,040,935	6,040,935 (+0.00%)
`precompiles`	`bn254_ecadd`	53,197	53,197 (+0.00%)	47,745	47,745 (+0.00%)	0	0 (+0.00%)	1,363	1,363 (+0.00%)
`precompiles`	`bn254_ecmul`	731,034	731,034 (+0.00%)	566,846	566,846 (+0.00%)	0	0 (+0.00%)	41,047	41,047 (+0.00%)
`precompiles`	`bn254_pairing`	72,689,618	72,689,618 (+0.00%)	58,161,474	58,161,474 (+0.00%)	0	0 (+0.00%)	3,632,036	3,632,036 (+0.00%)
`precompiles`	`ecrecover`	480,176	480,300 (+0.03%)	311,540	311,676 (+0.04%)	0	0 (+0.00%)	42,159	42,156 (-0.01%)
`precompiles`	`id`	933	933 (+0.00%)	933	933 (+0.00%)	0	0 (+0.00%)	0	0 (+0.00%)
`precompiles`	`keccak`	137,578	137,578 (+0.00%)	137,578	137,578 (+0.00%)	0	0 (+0.00%)	0	0 (+0.00%)
`precompiles`	`modexp`	32,084,944	32,084,944 (+0.00%)	21,427,124	21,427,124 (+0.00%)	0	0 (+0.00%)	2,664,455	2,664,455 (+0.00%)
`precompiles`	`p256_verify`	750,769	750,769 (+0.00%)	472,077	472,077 (+0.00%)	0	0 (+0.00%)	69,673	69,673 (+0.00%)
`precompiles`	`point_evaluation`	51,158,394	51,158,394 (+0.00%)	39,535,766	39,535,766 (+0.00%)	0	0 (+0.00%)	2,905,657	2,905,657 (+0.00%)
`precompiles`	`process_transaction`	73,840,446	73,834,343 (-0.01%)	59,142,306	59,138,271 (-0.01%)	160	160 (+0.00%)	3,673,895	3,673,378 (-0.01%)
`precompiles`	`ripemd`	8,028	8,028 (+0.00%)	8,028	8,028 (+0.00%)	0	0 (+0.00%)	0	0 (+0.00%)
`precompiles`	`run_prepared`	148,161,064	148,153,100 (-0.01%)	118,690,128	118,684,964 (-0.00%)	5,070	5,050 (-0.39%)	7,347,454	7,346,834 (-0.01%)
`precompiles`	`sha256`	13,167	13,167 (+0.00%)	13,167	13,167 (+0.00%)	0	0 (+0.00%)	0	0 (+0.00%)
`precompiles`	`verify_and_apply_batch`	131,835	132,169 (+0.25%)	97,115	97,449 (+0.34%)	2,170	2,170 (+0.00%)	0	0 (+0.00%)

Raid5594 and others added 4 commits November 11, 2025 17:27

format system hook to only accept raw message from respective system …

d2c2cae

…contract

feat: refactor hooks for l1 messenger and burn native token

a808c67

Merge branch 'dev' into ra/zksync-os-hooks

b48aa63

fix: lint / fmt

15c7e1a