Merge pull request #113 from 0xPolygon/fix/hash-to-sign

Fix/hash to sign
0xPolygon · Aug 19, 2024 · 9b683fc · 9b683fc
2 parents b48599a + 872bb66
commit 9b683fc
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 29 deletions.
diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/ethereum/go-ethereum v1.13.14
 	github.com/gorilla/websocket v1.5.0
 	github.com/hermeznetwork/tracerr v0.3.2
+	github.com/iden3/go-iden3-crypto v0.0.16
 	github.com/invopop/jsonschema v0.7.0
 	github.com/jmoiron/sqlx v1.2.0
 	github.com/lib/pq v1.10.7

diff --git a/go.sum b/go.sum
@@ -162,6 +162,8 @@ github.com/huin/goupnp v1.3.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFck
 github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0 h1:i462o439ZjprVSFSZLZxcsoAe592sZB1rci2Z8j4wdk=
 github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA=
 github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/iden3/go-iden3-crypto v0.0.16 h1:zN867xiz6HgErXVIV/6WyteGcOukE9gybYTorBMEdsk=
+github.com/iden3/go-iden3-crypto v0.0.16/go.mod h1:dLpM4vEPJ3nDHzhWFXDjzkn1qHoBeOT/3UEhXsEsP3E=
 github.com/invopop/jsonschema v0.7.0 h1:2vgQcBz1n256N+FpX3Jq7Y17AjYt46Ig3zIWyy770So=
 github.com/invopop/jsonschema v0.7.0/go.mod h1:O9uiLokuu0+MGFlyiaqtWxwqJm41/+8Nj0lD7A36YH0=
 github.com/jackpal/go-nat-pmp v1.0.2 h1:KzKSgb7qkJvOUTqYl9/Hg/me3pWgBmERKrTGD7BdWus=

diff --git a/services/datacom/datacom.go b/services/datacom/datacom.go
@@ -6,9 +6,11 @@ import (
 	"fmt"
 
 	"github.com/0xPolygon/cdk-data-availability/db"
+	"github.com/0xPolygon/cdk-data-availability/log"
 	"github.com/0xPolygon/cdk-data-availability/rpc"
 	"github.com/0xPolygon/cdk-data-availability/sequencer"
 	"github.com/0xPolygon/cdk-data-availability/types"
+	"github.com/ethereum/go-ethereum/common"
 )
 
 // APIDATACOM is the namespace of the datacom service
@@ -41,6 +43,7 @@ func (d *Endpoints) SignSequence(signedSequence types.SignedSequence) (interface
 // After storing the data that will be sent hashed to the contract, it returns the signature.
 // This endpoint is only accessible to the sequencer
 func (d *Endpoints) SignSequenceBanana(signedSequence types.SignedSequenceBanana) (interface{}, rpc.Error) {
+	log.Debugf("signing sequence, hash to sign: %s", common.BytesToHash(signedSequence.Sequence.HashToSign()))
 	return d.signSequence(&signedSequence)
 }
 

diff --git a/types/sequencebanana.go b/types/sequencebanana.go
@@ -3,10 +3,11 @@ package types
 import (
 	"crypto/ecdsa"
 	"errors"
+	"math/big"
 
 	"github.com/ethereum/go-ethereum/common"
 	"github.com/ethereum/go-ethereum/crypto"
-	solsha3 "github.com/miguelmota/go-solidity-sha3"
+	"github.com/iden3/go-iden3-crypto/keccak256"
 )
 
 // Batch represents the batch data that the sequencer will send to L1
@@ -30,39 +31,41 @@ type SequenceBanana struct {
 // HashToSign returns the accumulated input hash of the sequence.
 // Note that this is equivalent to what happens on the smart contract
 func (s *SequenceBanana) HashToSign() []byte {
-	currentHash := s.OldAccInputHash.Bytes()
+	v1 := s.OldAccInputHash.Bytes()
 	for _, b := range s.Batches {
-		types := []string{
-			"bytes32", // oldAccInputHash
-			"bytes32", // currentTransactionsHash
-			"bytes32", // forcedGlobalExitRoot or l1InfoRoot
-			"uint64",  // forcedTimestamp
-			"address", // coinbase
-			"bytes32", // forcedBlockHashL1
-		}
-		var values []interface{}
+		v2 := b.L2Data
+		var v3, v4 []byte
 		if b.ForcedTimestamp > 0 {
-			values = []interface{}{
-				currentHash,
-				crypto.Keccak256(b.L2Data),
-				b.ForcedGER,
-				b.ForcedTimestamp,
-				b.Coinbase,
-				b.ForcedBlockHashL1,
-			}
+			v3 = b.ForcedGER.Bytes()
+			v4 = big.NewInt(0).SetUint64(uint64(b.ForcedTimestamp)).Bytes()
 		} else {
-			values = []interface{}{
-				currentHash,
-				crypto.Keccak256(b.L2Data),
-				s.L1InfoRoot,
-				s.MaxSequenceTimestamp,
-				b.Coinbase,
-				common.Hash{},
-			}
+			v3 = s.L1InfoRoot.Bytes()
+			v4 = big.NewInt(0).SetUint64(uint64(s.MaxSequenceTimestamp)).Bytes()
+		}
+		v5 := b.Coinbase.Bytes()
+		v6 := b.ForcedBlockHashL1.Bytes()
+
+		// Add 0s to make values 32 bytes long
+		for len(v1) < 32 {
+			v1 = append([]byte{0}, v1...)
+		}
+		v2 = keccak256.Hash(v2)
+		for len(v3) < 32 {
+			v3 = append([]byte{0}, v3...)
 		}
-		currentHash = solsha3.SoliditySHA3(types, values)
+		for len(v4) < 8 {
+			v4 = append([]byte{0}, v4...)
+		}
+		for len(v5) < 20 {
+			v5 = append([]byte{0}, v5...)
+		}
+		for len(v6) < 32 {
+			v6 = append([]byte{0}, v6...)
+		}
+		v1 = keccak256.Hash(v1, v2, v3, v4, v5, v6)
 	}
-	return currentHash
+
+	return v1
 }
 
 // Sign returns a signed sequence by the private key.