merge main

Author: luiz-lvj

src/contracts/Broadcaster.sol

@@ -10,7 +10,6 @@ import {StorageSlot} from "@openzeppelin/contracts/utils/StorageSlot.sol";
 /// @dev Message timestamps are stored in deterministic storage slots calculated from hash(message, publisher) to prevent duplicate broadcasts.
 ///      Each broadcast is timestamped with the block timestamp and emits an event for off-chain indexing.
 ///      The storage layout is designed to be efficiently provable for cross-chain message verification.
-/// @custom:security-contact security@openzeppelin.com
 contract Broadcaster is IBroadcaster {
     error MessageAlreadyBroadcasted();
 
@@ -47,17 +46,17 @@ contract Broadcaster is IBroadcaster {
     }
 
     /// @dev Helper function to store a value in a storage slot.
-    function _writeStorageSlot(bytes32 slot, uint256 value) private {
+    function _writeStorageSlot(bytes32 slot, uint256 value) internal {
         StorageSlot.getUint256Slot(slot).value = value;
     }
 
     /// @dev Helper function to load a storage slot.
-    function _loadStorageSlot(bytes32 slot) private view returns (uint256 value) {
+    function _loadStorageSlot(bytes32 slot) internal view returns (uint256 value) {
         value = StorageSlot.getUint256Slot(slot).value;
     }
 
     /// @dev Helper function to calculate the storage slot for a message.
-    function _computeMessageSlot(bytes32 message, address publisher) private pure returns (bytes32) {
+    function _computeMessageSlot(bytes32 message, address publisher) internal pure returns (bytes32) {
         return keccak256(abi.encode(message, publisher));
     }
 }

src/contracts/Receiver.sol

@@ -14,7 +14,6 @@ import {STATE_PROVER_POINTER_SLOT} from "./StateProverPointer.sol";
 ///      3. Following a proof route that can span multiple chain hops
 ///      The verification process ensures that a message was actually broadcast on a remote chain
 ///      at a specific timestamp without requiring trust in intermediaries.
-/// @custom:security-contact security@openzeppelin.com
 contract Receiver is IReceiver {
     mapping(bytes32 stateProverPointerId => IStateProver stateProverCopy) private _stateProverCopies;
 
@@ -112,7 +111,7 @@ contract Receiver is IReceiver {
     }
 
     function _readRemoteSlot(RemoteReadArgs calldata readArgs)
-        private
+        internal
         view
         returns (bytes32 remoteAccountId, uint256 slot, bytes32 slotValue)
     {
@@ -150,7 +149,7 @@ contract Receiver is IReceiver {
         remoteAccountId = accumulator(remoteAccountId, remoteAccount);
     }
 
-    function accumulator(bytes32 acc, address addr) private pure returns (bytes32) {
+    function accumulator(bytes32 acc, address addr) internal pure returns (bytes32) {
         return keccak256(abi.encode(acc, addr));
     }
 }

src/contracts/StateProverPointer.sol

@@ -13,7 +13,6 @@ bytes32 constant STATE_PROVER_POINTER_SLOT = bytes32(uint256(keccak256("eip7888.
 /// @dev This contract stores the address and code hash of the current StateProver implementation.
 ///      It enforces version monotonicity to ensure that updates always move to newer versions.
 ///      The code hash is stored in a dedicated storage slot for efficient cross-chain verification.
-/// @custom:security-contact security@openzeppelin.com
 contract StateProverPointer is IStateProverPointer, Ownable {
     address internal _implementationAddress;
 
@@ -30,7 +29,7 @@ contract StateProverPointer is IStateProverPointer, Ownable {
 
     /// @notice Return the code hash of the latest version of the prover.
     /// @return codeHash The code hash of the current implementation stored in the pointer slot.
-    function implementationCodeHash() external view returns (bytes32 codeHash) {
+    function implementationCodeHash() public view returns (bytes32 codeHash) {
         codeHash = StorageSlot.getBytes32Slot(STATE_PROVER_POINTER_SLOT).value;
     }
 
@@ -69,7 +68,7 @@ contract StateProverPointer is IStateProverPointer, Ownable {
         );
     }
 
-    function _setCodeHash(bytes32 _codeHash) private {
+    function _setCodeHash(bytes32 _codeHash) internal {
         StorageSlot.getBytes32Slot(STATE_PROVER_POINTER_SLOT).value = _codeHash;
     }
 }

src/contracts/ZkSyncBroadcaster.sol

@@ -22,7 +22,6 @@ interface IL1Messenger {
 ///      with the block timestamp and emits an event for off-chain indexing. Additionally, when a message is
 ///      broadcast, it sends an L2->L1 message containing the original message and timestamp (ABI encoded together).
 ///      The storage layout is designed to be efficiently provable for cross-chain message verification.
-/// @custom:security-contact security@openzeppelin.com
 contract ZkSyncBroadcaster is IBroadcaster {
     /// @notice Error thrown when attempting to broadcast a message that has already been broadcast by the same publisher.
     error MessageAlreadyBroadcasted();
@@ -72,29 +71,29 @@ contract ZkSyncBroadcaster is IBroadcaster {
 
     /// @notice Returns the L1 messenger contract address.
     /// @return The IL1Messenger contract instance used to send messages to L1.
-    function l1Messenger() external view returns (IL1Messenger) {
+    function l1Messenger() public view returns (IL1Messenger) {
         return _l1Messenger;
     }
 
     /// @dev Helper function to store a value in a storage slot.
     /// @param slot The storage slot to write to.
     /// @param value The value to store.
-    function _writeStorageSlot(bytes32 slot, uint256 value) private {
+    function _writeStorageSlot(bytes32 slot, uint256 value) internal {
         StorageSlot.getUint256Slot(slot).value = value;
     }
 
     /// @dev Helper function to load a storage slot.
     /// @param slot The storage slot to read from.
     /// @return value The value stored in the slot.
-    function _loadStorageSlot(bytes32 slot) private view returns (uint256 value) {
+    function _loadStorageSlot(bytes32 slot) internal view returns (uint256 value) {
         value = StorageSlot.getUint256Slot(slot).value;
     }
 
     /// @dev Helper function to calculate the storage slot for a message.
     /// @param message The message to compute the slot for.
     /// @param publisher The address of the publisher.
     /// @return The computed storage slot.
-    function _computeMessageSlot(bytes32 message, address publisher) private pure returns (bytes32) {
+    function _computeMessageSlot(bytes32 message, address publisher) internal pure returns (bytes32) {
         return keccak256(abi.encode(message, publisher));
     }
 }

src/contracts/libraries/ProverUtils.sol

@@ -6,7 +6,6 @@ import {RLP} from "@openzeppelin/contracts/utils/RLP.sol";
 import {Memory} from "@openzeppelin/contracts/utils/Memory.sol";
 
 /// @notice Base contract for IStateProver contracts. Contains helpers for verifying block headers and MPT proofs.
-/// @custom:security-contact security@openzeppelin.com
 library ProverUtils {
     using Memory for bytes;
     using RLP for Memory.Slice;

src/contracts/provers/arbitrum/ChildToParentProver.sol

@@ -10,7 +10,6 @@ import {SlotDerivation} from "@openzeppelin/contracts/utils/SlotDerivation.sol";
 /// @dev    verifyTargetStateCommitment and getTargetStateCommitment get block hashes from the block hash buffer at 0x0000000048C4Ed10cF14A02B9E0AbDDA5227b071.
 ///         See https://github.com/OffchainLabs/block-hash-pusher/blob/a1e26f2e42e6306d1e7f03c5d20fa6aa64ff7a12 for more details.
 ///         verifyStorageSlot is implemented to work against any parent chain with a standard Ethereum block header and state trie.
-/// @custom:security-contact security@openzeppelin.com
 contract ChildToParentProver is IStateProver {
     /// @dev Address of the block hash buffer contract
     ///      See https://github.com/OffchainLabs/block-hash-pusher/blob/a1e26f2e42e6306d1e7f03c5d20fa6aa64ff7a12/.env.example#L12

src/contracts/provers/arbitrum/ParentToChildProver.sol

@@ -9,7 +9,6 @@ import {SlotDerivation} from "@openzeppelin/contracts/utils/SlotDerivation.sol";
 /// @notice Arbitrum implementation of a parent to child IStateProver.
 /// @dev    verifyTargetStateCommitment and getTargetStateCommitment get block hashes from the child chain's Outbox contract.
 ///         verifyStorageSlot is implemented to work against any Arbitrum child chain with a standard Ethereum block header and state trie.
-/// @custom:security-contact security@openzeppelin.com
 contract ParentToChildProver is IStateProver {
     /// @dev Address of the child chain's Outbox contract
     address public immutable outbox;

src/contracts/provers/linea/ChildToParentProver.sol

@@ -1,7 +1,6 @@
 // SPDX-License-Identifier: MIT
 pragma solidity 0.8.30;
 
-import {SparseMerkleProof} from "../../libraries/linea/SparseMerkleProof.sol";
 import {ProverUtils} from "../../libraries/ProverUtils.sol";
 import {IStateProver} from "../../interfaces/IStateProver.sol";
 import {IBuffer} from "../../block-hash-pusher/interfaces/IBuffer.sol";
@@ -10,7 +9,6 @@ import {SlotDerivation} from "@openzeppelin/contracts/utils/SlotDerivation.sol";
 /// @notice Linea implementation of a child to parent IStateProver.
 /// @dev    verifyTargetStateCommitment and getTargetStateCommitment get block hashes from the block hash buffer.
 ///         verifyStorageSlot is implemented to work against any parent chain with a standard Ethereum block header and state trie.
-/// @custom:security-contact security@openzeppelin.com
 contract ChildToParentProver is IStateProver {
     /// @dev Address of the block hash buffer contract.
     address public immutable blockHashBuffer;
@@ -23,25 +21,16 @@ contract ChildToParentProver is IStateProver {
 
     error CallNotOnHomeChain();
     error CallOnHomeChain();
-    error InvalidAccountProof();
-    error InvalidStorageProof();
-    error StorageValueMismatch();
-    error AccountKeyMismatch();
-    error AccountValueMismatch();
-    error StorageKeyMismatch();
     error InvalidTargetStateCommitment();
 
     constructor(address _blockHashBuffer, uint256 _homeChainId) {
         blockHashBuffer = _blockHashBuffer;
         homeChainId = _homeChainId;
     }
 
-    /// @notice Get a parent chain block hash from the buffer at `blockHashBuffer` using a Linea SMT proof
-    /// @dev Linea uses Sparse Merkle Trees with MiMC hashing.
-    ///      Proofs must be generated using linea_getProof RPC method.
-    /// @param  homeBlockHash The state root of the home chain (Linea SMT state root).
-    /// @param  input ABI encoded (uint256 targetBlockNumber, uint256 accountLeafIndex, bytes[] accountProof,
-    ///         bytes accountValue, uint256 storageLeafIndex, bytes[] storageProof, bytes32 claimedStorageValue)
+    /// @notice Get a parent chain block hash from the buffer at `blockHashBuffer` using a storage proof
+    /// @param  homeBlockHash The block hash of the home chain.
+    /// @param  input ABI encoded (bytes blockHeader, uint256 targetBlockNumber, bytes accountProof, bytes storageProof)
     function verifyTargetStateCommitment(bytes32 homeBlockHash, bytes calldata input)
         external
         view
@@ -50,62 +39,18 @@ contract ChildToParentProver is IStateProver {
         if (block.chainid == homeChainId) {
             revert CallOnHomeChain();
         }
+        // decode the input
+        (bytes memory rlpBlockHeader, uint256 targetBlockNumber, bytes memory accountProof, bytes memory storageProof) =
+            abi.decode(input, (bytes, uint256, bytes, bytes));
 
-        uint256 targetBlockNumber;
-        uint256 accountLeafIndex;
-        bytes[] memory accountProof;
-        bytes memory accountValue;
-        uint256 storageLeafIndex;
-        bytes[] memory storageProof;
-        bytes32 claimedStorageValue;
-
-        (
-            targetBlockNumber,
-            accountLeafIndex,
-            accountProof,
-            accountValue,
-            storageLeafIndex,
-            storageProof,
-            claimedStorageValue
-        ) = abi.decode(input, (uint256, uint256, bytes[], bytes, uint256, bytes[], bytes32));
-
+        // calculate the slot based on the provided block number
+        // see: https://github.com/OffchainLabs/block-hash-pusher/blob/a1e26f2e42e6306d1e7f03c5d20fa6aa64ff7a12/contracts/Buffer.sol#L32
         uint256 slot = uint256(SlotDerivation.deriveMapping(bytes32(BLOCK_HASH_MAPPING_SLOT), targetBlockNumber));
 
-        bool accountValid = SparseMerkleProof.verifyProof(accountProof, accountLeafIndex, homeBlockHash);
-        if (!accountValid) {
-            revert InvalidAccountProof();
-        }
-
-        SparseMerkleProof.Leaf memory accountLeaf = SparseMerkleProof.getLeaf(accountProof[accountProof.length - 1]);
-        bytes32 expectedAccountHKey = SparseMerkleProof.hashAccountKey(blockHashBuffer);
-        if (accountLeaf.hKey != expectedAccountHKey) {
-            revert AccountKeyMismatch();
-        }
-
-        bytes32 expectedAccountHValue = SparseMerkleProof.hashAccountValue(accountValue);
-        if (accountLeaf.hValue != expectedAccountHValue) {
-            revert AccountValueMismatch();
-        }
-
-        SparseMerkleProof.Account memory accountData = SparseMerkleProof.getAccount(accountValue);
-
-        bool storageValid = SparseMerkleProof.verifyProof(storageProof, storageLeafIndex, accountData.storageRoot);
-        if (!storageValid) {
-            revert InvalidStorageProof();
-        }
-
-        SparseMerkleProof.Leaf memory storageLeaf = SparseMerkleProof.getLeaf(storageProof[storageProof.length - 1]);
-        bytes32 expectedStorageHKey = SparseMerkleProof.hashStorageKey(bytes32(slot));
-        if (storageLeaf.hKey != expectedStorageHKey) {
-            revert StorageKeyMismatch();
-        }
-
-        bytes32 expectedHValue = SparseMerkleProof.hashStorageValue(claimedStorageValue);
-        if (storageLeaf.hValue != expectedHValue) {
-            revert StorageValueMismatch();
-        }
-
-        targetStateCommitment = claimedStorageValue;
+        // verify proofs and get the block hash
+        targetStateCommitment = ProverUtils.getSlotFromBlockHeader(
+            homeBlockHash, rlpBlockHeader, blockHashBuffer, slot, accountProof, storageProof
+        );
         require(targetStateCommitment != bytes32(0), InvalidTargetStateCommitment());
     }
 

src/contracts/provers/linea/ParentToChildProver.sol

@@ -16,7 +16,6 @@ import {ZkEvmV2} from "@linea-contracts/rollup/ZkEvmV2.sol";
 ///
 ///      Note: Linea uses Sparse Merkle Tree (SMT) with MiMC hashing, NOT Merkle-Patricia Trie (MPT).
 ///      The state root stored on L1 is the SMT root, which requires linea_getProof for verification.
-/// @custom:security-contact security@openzeppelin.com
 contract ParentToChildProver is IStateProver {
     /// @dev Address of the LineaRollup contract on L1
     address public immutable lineaRollup;

src/contracts/provers/optimism/ChildToParentProver.sol

@@ -16,7 +16,6 @@ interface IL1Block {
 ///         Historical messages CAN be verified by generating fresh proofs on-demand.
 ///         Pre-generated proofs become stale when L1Block updates (~5 minutes).
 ///         Operational difference from Arbitrum: proofs must be generated just-in-time rather than pre-cached.
-/// @custom:security-contact security@openzeppelin.com
 contract ChildToParentProver is IStateProver {
     address public constant L1_BLOCK_PREDEPLOY = 0x4200000000000000000000000000000000000015;
     uint256 public constant L1_BLOCK_HASH_SLOT = 2; // hash is at slot 2