@@ -383,20 +383,16 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
383383 if (msg .sender != tx .origin ) revert NotOrigin ();
384384 if (! isBatchPoster[msg .sender ]) revert NotBatchPoster ();
385385
386- // take keccak2256 hash of all the function arguments except the quote
387- bytes32 reportDataHash = keccak256 (
388- abi.encode (
389- sequenceNumber,
390- data,
391- afterDelayedMessagesRead,
392- address (gasRefunder),
393- prevMessageCount,
394- newMessageCount
395- )
386+ // Verification
387+ _verifyAttestation (
388+ sequenceNumber,
389+ data,
390+ afterDelayedMessagesRead,
391+ gasRefunder,
392+ prevMessageCount,
393+ newMessageCount,
394+ quote
396395 );
397- // verify the quote for the batch poster running in the TEE
398- espressoTEEVerifier.verify (quote, reportDataHash);
399- emit TEEAttestationQuoteVerified (sequenceNumber);
400396
401397 (bytes32 dataHash , IBridge.TimeBounds memory timeBounds ) = formCallDataHash (
402398 data,
@@ -439,6 +435,29 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
439435 );
440436 }
441437
438+ function _verifyAttestation (
439+ uint256 sequenceNumber ,
440+ bytes calldata data ,
441+ uint256 afterDelayedMessagesRead ,
442+ IGasRefunder gasRefunder ,
443+ uint256 prevMessageCount ,
444+ uint256 newMessageCount ,
445+ bytes memory quote
446+ ) private {
447+ bytes32 reportDataHash = keccak256 (
448+ abi.encode (
449+ sequenceNumber,
450+ data,
451+ afterDelayedMessagesRead,
452+ address (gasRefunder),
453+ prevMessageCount,
454+ newMessageCount
455+ )
456+ );
457+ espressoTEEVerifier.verify (quote, reportDataHash);
458+ emit TEEAttestationQuoteVerified (sequenceNumber);
459+ }
460+
442461 function addSequencerL2BatchFromBlobs (
443462 uint256 sequenceNumber ,
444463 uint256 afterDelayedMessagesRead ,
@@ -459,30 +478,30 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
459478 ) external refundsGas (gasRefunder, reader4844) {
460479 if (! isBatchPoster[msg .sender ]) revert NotBatchPoster ();
461480
462- bytes32 [] memory dataHashes = reader4844.getDataHashes ();
463- if (dataHashes.length == 0 ) revert MissingDataHashes ();
464- // take keccak2256 hash of all the function arguments and encode packed blob hashes
465- // except the quote
466- bytes32 reportDataHash = keccak256 (
467- abi.encode (
468- sequenceNumber,
469- afterDelayedMessagesRead,
470- address (gasRefunder),
471- prevMessageCount,
472- newMessageCount,
473- abi.encode (dataHashes)
474- )
481+ // Verification logic extracted
482+ _verifyBlobQuote (
483+ sequenceNumber,
484+ afterDelayedMessagesRead,
485+ gasRefunder,
486+ prevMessageCount,
487+ newMessageCount,
488+ quote
475489 );
476- // verify the quote for the batch poster running in the TEE
477- espressoTEEVerifier.verify (quote, reportDataHash);
478- emit TEEAttestationQuoteVerified (sequenceNumber);
479490
480491 (
481492 bytes32 dataHash ,
482493 IBridge.TimeBounds memory timeBounds ,
483494 uint256 blobGas
484495 ) = formBlobDataHash (afterDelayedMessagesRead);
485496
497+ // Reformat the stack to prevent "Stack too deep"
498+ uint256 sequenceNumber_ = sequenceNumber;
499+ bytes32 dataHash_ = dataHash;
500+ uint256 afterDelayedMessagesRead_ = afterDelayedMessagesRead;
501+ uint256 prevMessageCount_ = prevMessageCount;
502+ uint256 newMessageCount_ = newMessageCount;
503+ IBridge.TimeBounds memory timeBounds_ = timeBounds;
504+
486505 // we use addSequencerL2BatchImpl for submitting the message
487506 // normally this would also submit a batch spending report but that is skipped if we pass
488507 // an empty call data size, then we submit a separate batch spending report later
@@ -492,27 +511,25 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
492511 bytes32 delayedAcc ,
493512 bytes32 afterAcc
494513 ) = addSequencerL2BatchImpl (
495- dataHash ,
496- afterDelayedMessagesRead ,
514+ dataHash_ ,
515+ afterDelayedMessagesRead_ ,
497516 0 ,
498- prevMessageCount ,
499- newMessageCount
517+ prevMessageCount_ ,
518+ newMessageCount_
500519 );
501520
502- uint256 _sequenceNumber = sequenceNumber; // stack workaround
503-
504521 // ~uint256(0) is type(uint256).max, but ever so slightly cheaper
505- if (seqMessageIndex != _sequenceNumber && _sequenceNumber != ~ uint256 (0 )) {
506- revert BadSequencerNumber (seqMessageIndex, _sequenceNumber );
522+ if (seqMessageIndex != sequenceNumber_ && sequenceNumber_ != ~ uint256 (0 )) {
523+ revert BadSequencerNumber (seqMessageIndex, sequenceNumber_ );
507524 }
508525
509526 emit SequencerBatchDelivered (
510- _sequenceNumber ,
527+ sequenceNumber_ ,
511528 beforeAcc,
512529 afterAcc,
513530 delayedAcc,
514531 totalDelayedMessagesRead,
515- timeBounds ,
532+ timeBounds_ ,
516533 IBridge.BatchDataLocation.Blob
517534 );
518535
@@ -529,6 +546,30 @@ contract SequencerInbox is DelegateCallAware, GasRefundEnabled, ISequencerInbox
529546 }
530547 }
531548
549+ function _verifyBlobQuote (
550+ uint256 sequenceNumber ,
551+ uint256 afterDelayedMessagesRead ,
552+ IGasRefunder gasRefunder ,
553+ uint256 prevMessageCount ,
554+ uint256 newMessageCount ,
555+ bytes memory quote
556+ ) private {
557+ bytes32 [] memory dataHashes = reader4844.getDataHashes ();
558+ if (dataHashes.length == 0 ) revert MissingDataHashes ();
559+ bytes32 reportDataHash = keccak256 (
560+ abi.encode (
561+ sequenceNumber,
562+ afterDelayedMessagesRead,
563+ address (gasRefunder),
564+ prevMessageCount,
565+ newMessageCount,
566+ abi.encode (dataHashes)
567+ )
568+ );
569+ espressoTEEVerifier.verify (quote, reportDataHash);
570+ emit TEEAttestationQuoteVerified (sequenceNumber);
571+ }
572+
532573 /**
533574 Deprecated because we added a new method with TEE attestation quote
534575 to verify that the batch is posted by the batch poster running in TEE.
0 commit comments