@@ -375,20 +375,16 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
375375 if (! CallerChecker.isCallerCodelessOrigin ()) revert NotCodelessOrigin ();
376376 if (! isBatchPoster[msg .sender ]) revert NotBatchPoster ();
377377
378- // take keccak2256 hash of all the function arguments except the quote
379- bytes32 reportDataHash = keccak256 (
380- abi.encode (
381- sequenceNumber,
382- data,
383- afterDelayedMessagesRead,
384- address (gasRefunder),
385- prevMessageCount,
386- newMessageCount
387- )
378+ // Verification
379+ _verifyAttestation (
380+ sequenceNumber,
381+ data,
382+ afterDelayedMessagesRead,
383+ gasRefunder,
384+ prevMessageCount,
385+ newMessageCount,
386+ quote
388387 );
389- // verify the quote for the batch poster running in the TEE
390- espressoTEEVerifier.verify (quote, reportDataHash);
391- emit TEEAttestationQuoteVerified (sequenceNumber);
392388
393389 (bytes32 dataHash , IBridge.TimeBounds memory timeBounds ) = formCallDataHash (
394390 data,
@@ -431,6 +427,29 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
431427 );
432428 }
433429
430+ function _verifyAttestation (
431+ uint256 sequenceNumber ,
432+ bytes calldata data ,
433+ uint256 afterDelayedMessagesRead ,
434+ IGasRefunder gasRefunder ,
435+ uint256 prevMessageCount ,
436+ uint256 newMessageCount ,
437+ bytes memory quote
438+ ) private {
439+ bytes32 reportDataHash = keccak256 (
440+ abi.encode (
441+ sequenceNumber,
442+ data,
443+ afterDelayedMessagesRead,
444+ address (gasRefunder),
445+ prevMessageCount,
446+ newMessageCount
447+ )
448+ );
449+ espressoTEEVerifier.verify (quote, reportDataHash);
450+ emit TEEAttestationQuoteVerified (sequenceNumber);
451+ }
452+
434453 function addSequencerL2BatchFromBlobs (
435454 uint256 sequenceNumber ,
436455 uint256 afterDelayedMessagesRead ,
@@ -451,30 +470,30 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
451470 ) external refundsGas (gasRefunder, reader4844) {
452471 if (! isBatchPoster[msg .sender ]) revert NotBatchPoster ();
453472
454- bytes32 [] memory dataHashes = reader4844.getDataHashes ();
455- if (dataHashes.length == 0 ) revert MissingDataHashes ();
456- // take keccak2256 hash of all the function arguments and encode packed blob hashes
457- // except the quote
458- bytes32 reportDataHash = keccak256 (
459- abi.encode (
460- sequenceNumber,
461- afterDelayedMessagesRead,
462- address (gasRefunder),
463- prevMessageCount,
464- newMessageCount,
465- abi.encode (dataHashes)
466- )
473+ // Verification logic extracted
474+ _verifyBlobQuote (
475+ sequenceNumber,
476+ afterDelayedMessagesRead,
477+ gasRefunder,
478+ prevMessageCount,
479+ newMessageCount,
480+ quote
467481 );
468- // verify the quote for the batch poster running in the TEE
469- espressoTEEVerifier.verify (quote, reportDataHash);
470- emit TEEAttestationQuoteVerified (sequenceNumber);
471482
472483 (
473484 bytes32 dataHash ,
474485 IBridge.TimeBounds memory timeBounds ,
475486 uint256 blobGas
476487 ) = formBlobDataHash (afterDelayedMessagesRead);
477488
489+ // Reformat the stack to prevent "Stack too deep"
490+ uint256 sequenceNumber_ = sequenceNumber;
491+ bytes32 dataHash_ = dataHash;
492+ uint256 afterDelayedMessagesRead_ = afterDelayedMessagesRead;
493+ uint256 prevMessageCount_ = prevMessageCount;
494+ uint256 newMessageCount_ = newMessageCount;
495+ IBridge.TimeBounds memory timeBounds_ = timeBounds;
496+
478497 // we use addSequencerL2BatchImpl for submitting the message
479498 // normally this would also submit a batch spending report but that is skipped if we pass
480499 // an empty call data size, then we submit a separate batch spending report later
@@ -484,27 +503,25 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
484503 bytes32 delayedAcc ,
485504 bytes32 afterAcc
486505 ) = addSequencerL2BatchImpl (
487- dataHash ,
488- afterDelayedMessagesRead ,
506+ dataHash_ ,
507+ afterDelayedMessagesRead_ ,
489508 0 ,
490- prevMessageCount ,
491- newMessageCount
509+ prevMessageCount_ ,
510+ newMessageCount_
492511 );
493512
494- uint256 _sequenceNumber = sequenceNumber; // stack workaround
495-
496513 // ~uint256(0) is type(uint256).max, but ever so slightly cheaper
497- if (seqMessageIndex != _sequenceNumber && _sequenceNumber != ~ uint256 (0 )) {
498- revert BadSequencerNumber (seqMessageIndex, _sequenceNumber );
514+ if (seqMessageIndex != sequenceNumber_ && sequenceNumber_ != ~ uint256 (0 )) {
515+ revert BadSequencerNumber (seqMessageIndex, sequenceNumber_ );
499516 }
500517
501518 emit SequencerBatchDelivered (
502- _sequenceNumber ,
519+ sequenceNumber_ ,
503520 beforeAcc,
504521 afterAcc,
505522 delayedAcc,
506523 totalDelayedMessagesRead,
507- timeBounds ,
524+ timeBounds_ ,
508525 IBridge.BatchDataLocation.Blob
509526 );
510527
@@ -521,6 +538,30 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
521538 }
522539 }
523540
541+ function _verifyBlobQuote (
542+ uint256 sequenceNumber ,
543+ uint256 afterDelayedMessagesRead ,
544+ IGasRefunder gasRefunder ,
545+ uint256 prevMessageCount ,
546+ uint256 newMessageCount ,
547+ bytes memory quote
548+ ) private {
549+ bytes32 [] memory dataHashes = reader4844.getDataHashes ();
550+ if (dataHashes.length == 0 ) revert MissingDataHashes ();
551+ bytes32 reportDataHash = keccak256 (
552+ abi.encode (
553+ sequenceNumber,
554+ afterDelayedMessagesRead,
555+ address (gasRefunder),
556+ prevMessageCount,
557+ newMessageCount,
558+ abi.encode (dataHashes)
559+ )
560+ );
561+ espressoTEEVerifier.verify (quote, reportDataHash);
562+ emit TEEAttestationQuoteVerified (sequenceNumber);
563+ }
564+
524565 /**
525566 Deprecated because we added a new method with TEE attestation quote
526567 to verify that the batch is posted by the batch poster running in TEE.
0 commit comments