fix(protocol): use signature check to verify if msg.sender is EOA (#1…

…6641)

packages/protocol/contracts/L1/TaikoData.sol

@@ -59,6 +59,7 @@ library TaikoData {
         bytes32 extraData;
         bytes32 parentMetaHash;
         HookCall[] hookCalls;
+        bytes signature;
     }
 
     /// @dev Struct containing data only required for proving a block

packages/protocol/contracts/L1/TaikoErrors.sol

@@ -21,14 +21,14 @@ abstract contract TaikoErrors {
     error L1_INVALID_PARAM();
     error L1_INVALID_PAUSE_STATUS();
     error L1_INVALID_PROVER();
+    error L1_INVALID_SIG();
     error L1_INVALID_TIER();
     error L1_INVALID_TRANSITION();
     error L1_LIVENESS_BOND_NOT_RECEIVED();
+    error L1_MISSING_VERIFIER();
     error L1_NOT_ASSIGNED_PROVER();
-    error L1_PROPOSER_NOT_EOA();
     error L1_PROVING_PAUSED();
     error L1_RECEIVE_DISABLED();
-    error L1_MISSING_VERIFIER();
     error L1_TOO_MANY_BLOCKS();
     error L1_TOO_MANY_TIERS();
     error L1_TRANSITION_ID_ZERO();

packages/protocol/contracts/L1/TaikoL1.sol

@@ -55,7 +55,7 @@ contract TaikoL1 is EssentialContract, ITaikoL1, TaikoEvents, TaikoErrors {
         LibVerifying.init(state, getConfig(), _genesisBlockHash);
     }
 
-    function init2() external reinitializer(2) {
+    function init2() external onlyOwner reinitializer(2) {
         // reset some previously used slots for future reuse
         state.slotA.__reservedA1 = 0;
         state.slotA.__reservedA2 = 0;
@@ -78,7 +78,9 @@ contract TaikoL1 is EssentialContract, ITaikoL1, TaikoEvents, TaikoErrors {
         returns (TaikoData.BlockMetadata memory meta_, TaikoData.EthDeposit[] memory deposits_)
     {
         TaikoData.Config memory config = getConfig();
-        (meta_, deposits_) = LibProposing.proposeBlock(state, config, this, _params, _txList);
+        (meta_, deposits_) = LibProposing.proposeBlock(
+            state, config, this, _params, _txList, _checkEOAForCalldataDA()
+        );
 
         if (!state.slotB.provingPaused) {
             LibVerifying.verifyBlocks(state, config, this, config.maxBlocksToVerifyPerProposal);
@@ -213,4 +215,8 @@ contract TaikoL1 is EssentialContract, ITaikoL1, TaikoEvents, TaikoErrors {
         override
         onlyFromOwnerOrNamed("chain_pauser")
     { }
+
+    function _checkEOAForCalldataDA() internal pure virtual returns (bool) {
+        return true;
+    }
 }

packages/protocol/contracts/L1/libs/LibProposing.sol

@@ -1,6 +1,7 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.24;
 
+import "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 import "../../common/IAddressResolver.sol";
 import "../../libs/LibAddress.sol";
@@ -38,8 +39,8 @@ library LibProposing {
     error L1_BLOB_NOT_FOUND();
     error L1_INVALID_HOOK();
     error L1_INVALID_PROVER();
+    error L1_INVALID_SIG();
     error L1_LIVENESS_BOND_NOT_RECEIVED();
-    error L1_PROPOSER_NOT_EOA();
     error L1_TOO_MANY_BLOCKS();
     error L1_UNAUTHORIZED();
     error L1_UNEXPECTED_PARENT();
@@ -56,7 +57,8 @@ library LibProposing {
         TaikoData.Config memory _config,
         IAddressResolver _resolver,
         bytes calldata _data,
-        bytes calldata _txList
+        bytes calldata _txList,
+        bool _checkEOAForCalldataDA
     )
         internal
         returns (TaikoData.BlockMetadata memory meta_, TaikoData.EthDeposit[] memory deposits_)
@@ -129,13 +131,18 @@ library LibProposing {
             meta_.blobHash = blobhash(0);
             if (meta_.blobHash == 0) revert L1_BLOB_NOT_FOUND();
         } else {
+            meta_.blobHash = keccak256(_txList);
+
             // This function must be called as the outmost transaction (not an internal one) for
             // the node to extract the calldata easily.
-            // Warning, this code will break after the Pectra hardfork with EIP 7645: Alias ORIGIN
-            // to SENDER
-            if (msg.sender != tx.origin) revert L1_PROPOSER_NOT_EOA();
-
-            meta_.blobHash = keccak256(_txList);
+            // We cannot rely on `msg.sender != tx.origin` for EOA check, as it will break after EIP
+            // 7645: Alias ORIGIN to SENDER
+            if (
+                _checkEOAForCalldataDA
+                    && ECDSA.recover(meta_.blobHash, params.signature) != msg.sender
+            ) {
+                revert L1_INVALID_SIG();
+            }
         }
 
         // Following the Merge, the L1 mixHash incorporates the

packages/protocol/contracts/bridge/Bridge.sol

@@ -53,6 +53,7 @@ contract Bridge is EssentialContract, IBridge {
     error B_INVALID_STATUS();
     error B_INVALID_USER();
     error B_INVALID_VALUE();
+    error B_INVOCATION_TOO_EARLY();
     error B_MESSAGE_NOT_PROVEN();
     error B_MESSAGE_NOT_SENT();
     error B_MESSAGE_NOT_SUSPENDED();
@@ -63,7 +64,6 @@ contract Bridge is EssentialContract, IBridge {
     error B_NOT_RECEIVED();
     error B_PERMISSION_DENIED();
     error B_STATUS_MISMATCH();
-    error B_INVOCATION_TOO_EARLY();
 
     modifier sameChain(uint64 _chainId) {
         if (_chainId != block.chainid) revert B_INVALID_CHAINID();

packages/protocol/test/L1/TaikoL1.t.sol

@@ -12,6 +12,10 @@ contract TaikoL1_NoCooldown is TaikoL1 {
         config.blockRingBufferSize = 12;
         config.livenessBond = 1e18; // 1 Taiko token
     }
+
+    function _checkEOAForCalldataDA() internal pure override returns (bool) {
+        return false;
+    }
 }
 
 contract Verifier {
@@ -222,7 +226,7 @@ contract TaikoL1Test is TaikoL1TestBase {
         vm.prank(proposer, proposer);
         vm.expectRevert(revertReason);
         L1.proposeBlock{ value: msgValue }(
-            abi.encode(TaikoData.BlockParams(prover, address(0), 0, 0, hookcalls)),
+            abi.encode(TaikoData.BlockParams(prover, address(0), 0, 0, hookcalls, "")),
             new bytes(txListSize)
         );
     }

packages/protocol/test/L1/TaikoL1LibProvingWithTiers.t.sol

@@ -12,6 +12,10 @@ contract TaikoL1Tiers is TaikoL1 {
         config.blockRingBufferSize = 12;
         config.livenessBond = 1e18; // 1 Taiko token
     }
+
+    function _checkEOAForCalldataDA() internal pure override returns (bool) {
+        return false;
+    }
 }
 
 contract Verifier {

packages/protocol/test/L1/TaikoL1TestBase.sol

@@ -192,7 +192,7 @@ abstract contract TaikoL1TestBase is TaikoTest {
 
         vm.prank(proposer, proposer);
         (meta, ethDeposits) = L1.proposeBlock{ value: msgValue }(
-            abi.encode(TaikoData.BlockParams(prover, address(0), 0, 0, hookcalls)),
+            abi.encode(TaikoData.BlockParams(prover, address(0), 0, 0, hookcalls, "")),
             new bytes(txListSize)
         );
     }