fix: misc minor contract fixes (#20423)

Fixing misc minor issues:

- The EIP-712 comment in `TallySlashingProposer` had wrong order of
arguments
- The `TallySlashingProposer` had a explicit MUST be >0 in the comments
but did not enforce it in the code
- Comment said 64 bits for a 32 bit value in `FeeConfig`
- Unused `feeHeaders` in the `FeeLib`, was not removed when we
refactored the storage long ago
- Require the bond of the escape hatch to be > 0
- Remove the amount from the `CandidateJoined` since it was just a
immutable value
- Remove the unsed `proposerIndex` and `slot` from the
`verifyAttestations`
- Ensure that we do not get stale values from `getVotes` on the tally
slashing proposer
- The `getRound` on the tally slashing proposer had a few unnecessary
check that the `_getRoundData` was already doing.

Author: LHerskind

l1-contracts/src/core/EscapeHatch.sol

@@ -111,6 +111,9 @@ contract EscapeHatch is IEscapeHatch {
 
     require(_frequency > _activeDuration, Errors.EscapeHatch__InvalidConfiguration());
 
+    // BOND_SIZE must be non-zero to ensure "something at stake"
+    require(_bondSize > 0, Errors.EscapeHatch__InvalidConfiguration());
+
     // FAILED_HATCH_PUNISHMENT must be <= BOND_SIZE to avoid underflow
     require(_failedHatchPunishment <= _bondSize, Errors.EscapeHatch__InvalidConfiguration());
 
@@ -157,7 +160,7 @@ contract EscapeHatch is IEscapeHatch {
 
     BOND_TOKEN.safeTransferFrom(candidate, address(this), BOND_SIZE);
 
-    emit CandidateJoined(candidate, BOND_SIZE);
+    emit CandidateJoined(candidate);
   }
 
   /**

l1-contracts/src/core/interfaces/IEscapeHatch.sol

@@ -36,7 +36,7 @@ struct CandidateInfo {
 }
 
 interface IEscapeHatchCore {
-  event CandidateJoined(address indexed candidate, uint256 amount);
+  event CandidateJoined(address indexed candidate);
   event CandidateExitInitiated(address indexed candidate, uint256 exitableAt);
   event CandidateExited(address indexed candidate, uint256 amountReturned);
   event CandidateSelected(Hatch indexed hatch, address indexed candidate);

l1-contracts/src/core/libraries/Errors.sol

@@ -227,6 +227,7 @@ library Errors {
   error TallySlashingProposer__InvalidEpochIndex(uint256 epochIndex, uint256 roundSizeInEpochs);
   error TallySlashingProposer__VoteSizeTooBig(uint256 voteSize, uint256 maxSize);
   error TallySlashingProposer__VotesMustBeMultipleOf4(uint256 votes);
+  error TallySlashingProposer__SlashAmountMustBeGtZero(string info);
 
   // SlashPayloadLib
   error SlashPayload_ArraySizeMismatch(uint256 expected, uint256 actual);

l1-contracts/src/core/libraries/compressed-data/fees/FeeConfig.sol

@@ -38,7 +38,7 @@ function subEthValue(EthValue _a, EthValue _b) pure returns (EthValue) {
 
 using {addEthValue as +, subEthValue as -} for EthValue global;
 
-// 64 bit manaTarget, 128 bit congestionUpdateFraction, 64 bit provingCostPerMana
+// 32 bit manaTarget, 128 bit congestionUpdateFraction, 64 bit provingCostPerMana
 type CompressedFeeConfig is uint256;
 
 struct FeeConfig {

l1-contracts/src/core/libraries/rollup/EpochProofLib.sol

@@ -303,8 +303,7 @@ library EpochProofLib {
     bytes32 providedAttestationsHash = keccak256(abi.encode(_attestations));
     require(providedAttestationsHash == checkpointLog.attestationsHash, Errors.Rollup__InvalidAttestations());
 
-    // Get the slot and epoch for the last checkpoint
-    Slot slot = checkpointLog.slotNumber.decompress();
+    // Get the epoch for the last checkpoint
     Epoch epoch = STFLib.getEpochForCheckpoint(_endCheckpointNumber);
 
     // Check if this is an escape hatch epoch - skip attestation verification if so
@@ -322,7 +321,7 @@ library EpochProofLib {
       }
     }
 
-    ValidatorSelectionLib.verifyAttestations(slot, epoch, _attestations, checkpointLog.payloadDigest);
+    ValidatorSelectionLib.verifyAttestations(epoch, _attestations, checkpointLog.payloadDigest);
   }
 
   /**

l1-contracts/src/core/libraries/rollup/FeeLib.sol

@@ -85,7 +85,6 @@ struct ManaMinFeeComponents {
 struct FeeStore {
   CompressedFeeConfig config;
   L1GasOracleValues l1GasOracleValues;
-  mapping(uint256 checkpointNumber => CompressedFeeHeader feeHeader) feeHeaders;
 }
 
 library FeeLib {

l1-contracts/src/core/libraries/rollup/RollupOperationsExtLib.sol

@@ -55,7 +55,7 @@ library RollupOperationsExtLib {
 
     Slot slot = _args.header.slotNumber;
     Epoch epoch = slot.epochFromSlot();
-    ValidatorSelectionLib.verifyAttestations(slot, epoch, _attestations, _args.digest);
+    ValidatorSelectionLib.verifyAttestations(epoch, _attestations, _args.digest);
     ValidatorSelectionLib.verifyProposer(
       slot, epoch, _attestations, _signers, _args.digest, _attestationsAndSignersSignature, false
     );

l1-contracts/src/core/libraries/rollup/ValidatorSelectionLib.sol

@@ -110,14 +110,12 @@ library ValidatorSelectionLib {
   /**
    * @dev Stack struct used in verifyAttestations to avoid stack too deep errors
    *      Used when reconstructing the committee commitment from the attestations
-   * @param proposerIndex Index of the proposer within the committee
    * @param index Working index for iteration (unused in current implementation)
    * @param needed Number of signatures required (2/3 + 1 of committee size)
    * @param signaturesRecovered Number of valid signatures found
    * @param reconstructedCommittee Array of committee member addresses reconstructed from attestations
    */
   struct VerifyStack {
-    uint256 proposerIndex;
     uint256 index;
     uint256 needed;
     uint256 signaturesRecovered;
@@ -308,7 +306,6 @@ library ValidatorSelectionLib {
    *      directly from calldata.
    *
    *      Skips validation entirely if target committee size is 0 (test configurations).
-   * @param _slot The slot of the checkpoint
    * @param _epochNumber The epoch of the checkpoint
    * @param _attestations The packed signatures and addresses of committee members
    * @param _digest The digest of the checkpoint that attestations are signed over
@@ -317,12 +314,9 @@ library ValidatorSelectionLib {
    * stored commitment
    * @custom:reverts Errors.ValidatorSelection__EpochNotStable if the requested epoch is not stable
    */
-  function verifyAttestations(
-    Slot _slot,
-    Epoch _epochNumber,
-    CommitteeAttestations memory _attestations,
-    bytes32 _digest
-  ) internal {
+  function verifyAttestations(Epoch _epochNumber, CommitteeAttestations memory _attestations, bytes32 _digest)
+    internal
+  {
     (bytes32 committeeCommitment, uint256 targetCommitteeSize) = getCommitteeCommitmentAt(_epochNumber);
 
     // If the rollup is *deployed* with a target committee size of 0, we skip the validation.
@@ -333,7 +327,6 @@ library ValidatorSelectionLib {
     }
 
     VerifyStack memory stack = VerifyStack({
-      proposerIndex: computeProposerIndex(_epochNumber, _slot, getSampleSeed(_epochNumber), targetCommitteeSize),
       needed: (targetCommitteeSize << 1) / 3 + 1, // targetCommitteeSize * 2 / 3 + 1, but cheaper
       index: 0,
       signaturesRecovered: 0,

l1-contracts/src/core/slashing/TallySlashingProposer.sol

@@ -151,7 +151,7 @@ contract TallySlashingProposer is EIP712 {
 
   /**
    * @notice EIP-712 type hash for the Vote struct used in signature verification
-   * @dev Defines the structure: Vote(uint256 slot,bytes votes) for EIP-712 signing
+   * @dev Defines the structure: Vote(bytes votes,uint256 slot) for EIP-712 signing
    */
   bytes32 public constant VOTE_TYPEHASH = keccak256("Vote(bytes votes,uint256 slot)");
 
@@ -361,6 +361,14 @@ contract TallySlashingProposer is EIP712 {
       COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS % 4 == 0,
       Errors.TallySlashingProposer__VotesMustBeMultipleOf4(COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS)
     );
+
+    // Defense in depth: the ordering constraints (small <= medium <= large) above mean that
+    // if medium or large is zero, small must also be zero, so the small check would fire first.
+    // We keep all three checks explicitly for clarity and to guard against future refactors
+    // that might remove or reorder the sorting constraints.
+    require(SLASH_AMOUNT_SMALL > 0, Errors.TallySlashingProposer__SlashAmountMustBeGtZero("small"));
+    require(SLASH_AMOUNT_MEDIUM > 0, Errors.TallySlashingProposer__SlashAmountMustBeGtZero("medium"));
+    require(SLASH_AMOUNT_LARGE > 0, Errors.TallySlashingProposer__SlashAmountMustBeGtZero("large"));
   }
 
   /**
@@ -562,16 +570,8 @@ contract TallySlashingProposer is EIP712 {
    * @return voteCount The total number of votes that have been cast in this round by proposers
    */
   function getRound(SlashRound _round) external view returns (bool isExecuted, uint256 voteCount) {
-    SlashRound currentRound = getCurrentRound();
-
     // Load round data from the circular storage
-    RoundData memory roundData = _getRoundData(_round, currentRound);
-
-    // If we have not written to this round yet, return fresh round data
-    if (roundData.roundNumber != _round) {
-      return (false, 0);
-    }
-
+    RoundData memory roundData = _getRoundData(_round, getCurrentRound());
     return (roundData.executed, roundData.voteCount);
   }
 
@@ -593,6 +593,17 @@ contract TallySlashingProposer is EIP712 {
    */
   function getVotes(SlashRound _round, uint256 _index) external view returns (bytes memory) {
     uint256 expectedLength = COMMITTEE_SIZE * ROUND_SIZE_IN_EPOCHS / 4;
+
+    // _getRoundVotes reverts if _round is out of the roundabout range.
+    // But within-range the storage slot may still hold stale data from a
+    // previous round that mapped to the same circular index. Guard against
+    // that by checking the authoritative round metadata first.
+    SlashRound currentRound = getCurrentRound();
+    RoundData memory roundData = _getRoundData(_round, currentRound);
+    if (roundData.voteCount == 0) {
+      return new bytes(expectedLength);
+    }
+
     bytes32[4] storage voteSlots = _getRoundVotes(_round).votes[_index];
     return _loadVoteDataFromStorage(voteSlots, expectedLength);
   }

l1-contracts/test/escape-hatch/unit/constructor.t.sol

@@ -127,6 +127,34 @@ contract EscapeHatchConstructorTest is EscapeHatchBase {
     _;
   }
 
+  function test_WhenBOND_SIZEEQ0(uint256 _lagInHatches, uint256 _activeDuration, uint256 _frequency)
+    external
+    whenLAG_IN_HATCHESGE1(_lagInHatches)
+    whenACTIVE_DURATIONGE2(_activeDuration)
+    whenFREQUENCYGTLAG_IN_EPOCHS_FOR_SET_SIZE(_frequency)
+    whenFREQUENCYGTACTIVE_DURATION(_frequency)
+  {
+    // it should revert {EscapeHatch__InvalidConfiguration}
+    vm.expectRevert(Errors.EscapeHatch__InvalidConfiguration.selector);
+    new EscapeHatch(
+      address(rollup),
+      address(bondToken),
+      0,
+      0,
+      0,
+      fuzzFrequency,
+      fuzzActiveDuration,
+      fuzzLagInHatches,
+      DEFAULT_PROPOSING_EXIT_DELAY
+    );
+  }
+
+  modifier whenBOND_SIZEGT0(uint96 _bondSize) {
+    // Leave room for punishment/tax > bondSize tests
+    fuzzBondSize = uint96(bound(_bondSize, 1, type(uint96).max - 1));
+    _;
+  }
+
   function test_WhenFAILED_HATCH_PUNISHMENTGTBOND_SIZE(
     uint256 _lagInHatches,
     uint256 _activeDuration,
@@ -139,16 +167,16 @@ contract EscapeHatchConstructorTest is EscapeHatchBase {
     whenACTIVE_DURATIONGE2(_activeDuration)
     whenFREQUENCYGTLAG_IN_EPOCHS_FOR_SET_SIZE(_frequency)
     whenFREQUENCYGTACTIVE_DURATION(_frequency)
+    whenBOND_SIZEGT0(_bondSize)
   {
     // it should revert {EscapeHatch__InvalidConfiguration}
-    _bondSize = uint96(bound(_bondSize, 1, type(uint96).max - 1));
-    _punishment = uint96(bound(_punishment, uint256(_bondSize) + 1, type(uint96).max));
+    _punishment = uint96(bound(_punishment, uint256(fuzzBondSize) + 1, type(uint96).max));
 
     vm.expectRevert(Errors.EscapeHatch__InvalidConfiguration.selector);
     new EscapeHatch(
       address(rollup),
       address(bondToken),
-      _bondSize,
+      fuzzBondSize,
       0,
       _punishment,
       fuzzFrequency,
@@ -158,9 +186,7 @@ contract EscapeHatchConstructorTest is EscapeHatchBase {
     );
   }
 
-  modifier whenFAILED_HATCH_PUNISHMENTLEBOND_SIZE(uint96 _bondSize, uint96 _punishment) {
-    // Leave room for tax > bondSize test
-    fuzzBondSize = uint96(bound(_bondSize, 1, type(uint96).max - 1));
+  modifier whenFAILED_HATCH_PUNISHMENTLEBOND_SIZE(uint96 _punishment) {
     fuzzFailedHatchPunishment = uint96(bound(_punishment, 0, fuzzBondSize));
     _;
   }
@@ -178,7 +204,8 @@ contract EscapeHatchConstructorTest is EscapeHatchBase {
     whenACTIVE_DURATIONGE2(_activeDuration)
     whenFREQUENCYGTLAG_IN_EPOCHS_FOR_SET_SIZE(_frequency)
     whenFREQUENCYGTACTIVE_DURATION(_frequency)
-    whenFAILED_HATCH_PUNISHMENTLEBOND_SIZE(_bondSize, _punishment)
+    whenBOND_SIZEGT0(_bondSize)
+    whenFAILED_HATCH_PUNISHMENTLEBOND_SIZE(_punishment)
   {
     // it should revert {EscapeHatch__InvalidConfiguration}
     _tax = uint96(bound(_tax, uint256(fuzzBondSize) + 1, type(uint96).max));
@@ -216,7 +243,8 @@ contract EscapeHatchConstructorTest is EscapeHatchBase {
     whenACTIVE_DURATIONGE2(_activeDuration)
     whenFREQUENCYGTLAG_IN_EPOCHS_FOR_SET_SIZE(_frequency)
     whenFREQUENCYGTACTIVE_DURATION(_frequency)
-    whenFAILED_HATCH_PUNISHMENTLEBOND_SIZE(_bondSize, _punishment)
+    whenBOND_SIZEGT0(_bondSize)
+    whenFAILED_HATCH_PUNISHMENTLEBOND_SIZE(_punishment)
     whenWITHDRAWAL_TAXLEBOND_SIZE(_tax)
   {
     // it should revert {EscapeHatch__InvalidConfiguration}
@@ -250,7 +278,8 @@ contract EscapeHatchConstructorTest is EscapeHatchBase {
     whenACTIVE_DURATIONGE2(_activeDuration)
     whenFREQUENCYGTLAG_IN_EPOCHS_FOR_SET_SIZE(_frequency)
     whenFREQUENCYGTACTIVE_DURATION(_frequency)
-    whenFAILED_HATCH_PUNISHMENTLEBOND_SIZE(_bondSize, _punishment)
+    whenBOND_SIZEGT0(_bondSize)
+    whenFAILED_HATCH_PUNISHMENTLEBOND_SIZE(_punishment)
     whenWITHDRAWAL_TAXLEBOND_SIZE(_tax)
   {
     // it should set ROLLUP immutable