feat: add BLS precompile size limits for Isthmus (#490)

meyer9 · web-flow · commit 06f3281a942e · 2025-02-05T13:16:55.000-05:00
* feat: add Isthmus precompiles

Make sure g1 add implemented

* feat: add BLS precompile size limits for Isthmus

* Fix

* Fix tests

* Update definition order
diff --git a/core/vm/contracts.go b/core/vm/contracts.go
@@ -130,10 +130,10 @@ var PrecompiledContractsPrague = PrecompiledContracts{
 	common.BytesToAddress([]byte{0x09}): &blake2F{},
 	common.BytesToAddress([]byte{0x0a}): &kzgPointEvaluation{},
 	common.BytesToAddress([]byte{0x0b}): &bls12381G1Add{},
-	common.BytesToAddress([]byte{0x0c}): &bls12381G1MultiExp{},
+	common.BytesToAddress([]byte{0x0c}): &bls12381G1MultiExpPrague{},
 	common.BytesToAddress([]byte{0x0d}): &bls12381G2Add{},
-	common.BytesToAddress([]byte{0x0e}): &bls12381G2MultiExp{},
-	common.BytesToAddress([]byte{0x0f}): &bls12381Pairing{},
+	common.BytesToAddress([]byte{0x0e}): &bls12381G2MultiExpPrague{},
+	common.BytesToAddress([]byte{0x0f}): &bls12381PairingPrague{},
 	common.BytesToAddress([]byte{0x10}): &bls12381MapG1{},
 	common.BytesToAddress([]byte{0x11}): &bls12381MapG2{},
 }
@@ -174,7 +174,29 @@ var PrecompiledContractsGranite = map[common.Address]PrecompiledContract{
 	common.BytesToAddress([]byte{0x01, 0x00}): &p256Verify{},
 }
 
+var PrecompiledContractsIsthmus = map[common.Address]PrecompiledContract{
+	common.BytesToAddress([]byte{1}):          &ecrecover{},
+	common.BytesToAddress([]byte{2}):          &sha256hash{},
+	common.BytesToAddress([]byte{3}):          &ripemd160hash{},
+	common.BytesToAddress([]byte{4}):          &dataCopy{},
+	common.BytesToAddress([]byte{5}):          &bigModExp{eip2565: true},
+	common.BytesToAddress([]byte{6}):          &bn256AddIstanbul{},
+	common.BytesToAddress([]byte{7}):          &bn256ScalarMulIstanbul{},
+	common.BytesToAddress([]byte{8}):          &bn256PairingGranite{},
+	common.BytesToAddress([]byte{9}):          &blake2F{},
+	common.BytesToAddress([]byte{0x0a}):       &kzgPointEvaluation{},
+	common.BytesToAddress([]byte{0x0b}):       &bls12381G1Add{},
+	common.BytesToAddress([]byte{0x0c}):       &bls12381G1MultiExpIsthmus{},
+	common.BytesToAddress([]byte{0x0d}):       &bls12381G2Add{},
+	common.BytesToAddress([]byte{0x0e}):       &bls12381G2MultiExpIsthmus{},
+	common.BytesToAddress([]byte{0x0f}):       &bls12381PairingIsthmus{},
+	common.BytesToAddress([]byte{0x10}):       &bls12381MapG1{},
+	common.BytesToAddress([]byte{0x11}):       &bls12381MapG2{},
+	common.BytesToAddress([]byte{0x01, 0x00}): &p256Verify{},
+}
+
 var (
+	PrecompiledAddressesIsthmus   []common.Address
 	PrecompiledAddressesGranite   []common.Address
 	PrecompiledAddressesFjord     []common.Address
 	PrecompiledAddressesPrague    []common.Address
@@ -210,10 +232,16 @@ func init() {
 	for k := range PrecompiledContractsGranite {
 		PrecompiledAddressesGranite = append(PrecompiledAddressesGranite, k)
 	}
+	for k := range PrecompiledContractsIsthmus {
+		PrecompiledAddressesIsthmus = append(PrecompiledAddressesIsthmus, k)
+	}
 }
 
 func activePrecompiledContracts(rules params.Rules) PrecompiledContracts {
+	// note: the order of these switch cases is important
 	switch {
+	case rules.IsOptimismIsthmus:
+		return PrecompiledContractsIsthmus
 	case rules.IsOptimismGranite:
 		return PrecompiledContractsGranite
 	case rules.IsOptimismFjord:
@@ -243,6 +271,8 @@ func ActivePrecompiledContracts(rules params.Rules) PrecompiledContracts {
 // ActivePrecompiles returns the precompile addresses enabled with the current configuration.
 func ActivePrecompiles(rules params.Rules) []common.Address {
 	switch {
+	case rules.IsOptimismIsthmus:
+		return PrecompiledAddressesIsthmus
 	case rules.IsOptimismGranite:
 		return PrecompiledAddressesGranite
 	case rules.IsOptimismFjord:
@@ -778,6 +808,9 @@ var (
 	errBLS12381InvalidFieldElementTopBytes = errors.New("invalid field element top bytes")
 	errBLS12381G1PointSubgroup             = errors.New("g1 point is not on correct subgroup")
 	errBLS12381G2PointSubgroup             = errors.New("g2 point is not on correct subgroup")
+	errBLS12381MaxG1Size                   = errors.New("g1 msm input size exceeds maximum")
+	errBLS12381MaxG2Size                   = errors.New("g2 msm input size exceeds maximum")
+	errBLS12381MaxPairingSize              = errors.New("pairing input size exceeds maximum")
 )
 
 // bls12381G1Add implements EIP-2537 G1Add precompile.
@@ -816,11 +849,26 @@ func (c *bls12381G1Add) Run(input []byte) ([]byte, error) {
 	return encodePointG1(p0), nil
 }
 
-// bls12381G1MultiExp implements EIP-2537 G1MultiExp precompile.
-type bls12381G1MultiExp struct{}
+type bls12381G1MultiExpIsthmus struct {
+}
+
+func (c *bls12381G1MultiExpIsthmus) RequiredGas(input []byte) uint64 {
+	return new(bls12381G1MultiExpPrague).RequiredGas(input)
+}
+
+func (c *bls12381G1MultiExpIsthmus) Run(input []byte) ([]byte, error) {
+	if len(input) > int(params.Bls12381G1MulMaxInputSizeIsthmus) {
+		return nil, errBLS12381MaxG1Size
+	}
+
+	return new(bls12381G1MultiExpPrague).Run(input)
+}
+
+// bls12381G1MultiExpPrague implements EIP-2537 G1MultiExp precompile for Prague (no size limits).
+type bls12381G1MultiExpPrague struct{}
 
 // RequiredGas returns the gas required to execute the pre-compiled contract.
-func (c *bls12381G1MultiExp) RequiredGas(input []byte) uint64 {
+func (c *bls12381G1MultiExpPrague) RequiredGas(input []byte) uint64 {
 	// Calculate G1 point, scalar value pair length
 	k := len(input) / 160
 	if k == 0 {
@@ -838,7 +886,7 @@ func (c *bls12381G1MultiExp) RequiredGas(input []byte) uint64 {
 	return (uint64(k) * params.Bls12381G1MulGas * discount) / 1000
 }
 
-func (c *bls12381G1MultiExp) Run(input []byte) ([]byte, error) {
+func (c *bls12381G1MultiExpPrague) Run(input []byte) ([]byte, error) {
 	// Implements EIP-2537 G1MultiExp precompile.
 	// G1 multiplication call expects `160*k` bytes as an input that is interpreted as byte concatenation of `k` slices each of them being a byte concatenation of encoding of G1 point (`128` bytes) and encoding of a scalar value (`32` bytes).
 	// Output is an encoding of multiexponentiation operation result - single G1 point (`128` bytes).
@@ -913,11 +961,26 @@ func (c *bls12381G2Add) Run(input []byte) ([]byte, error) {
 	return encodePointG2(r), nil
 }
 
-// bls12381G2MultiExp implements EIP-2537 G2MultiExp precompile.
-type bls12381G2MultiExp struct{}
+type bls12381G2MultiExpIsthmus struct {
+}
+
+func (c *bls12381G2MultiExpIsthmus) RequiredGas(input []byte) uint64 {
+	return new(bls12381G2MultiExpPrague).RequiredGas(input)
+}
+
+func (c *bls12381G2MultiExpIsthmus) Run(input []byte) ([]byte, error) {
+	if len(input) > int(params.Bls12381G2MulMaxInputSizeIsthmus) {
+		return nil, errBLS12381MaxG2Size
+	}
+
+	return new(bls12381G2MultiExpPrague).Run(input)
+}
+
+// bls12381G2MultiExpPrague implements EIP-2537 G2MultiExp precompile.
+type bls12381G2MultiExpPrague struct{}
 
 // RequiredGas returns the gas required to execute the pre-compiled contract.
-func (c *bls12381G2MultiExp) RequiredGas(input []byte) uint64 {
+func (c *bls12381G2MultiExpPrague) RequiredGas(input []byte) uint64 {
 	// Calculate G2 point, scalar value pair length
 	k := len(input) / 288
 	if k == 0 {
@@ -935,7 +998,7 @@ func (c *bls12381G2MultiExp) RequiredGas(input []byte) uint64 {
 	return (uint64(k) * params.Bls12381G2MulGas * discount) / 1000
 }
 
-func (c *bls12381G2MultiExp) Run(input []byte) ([]byte, error) {
+func (c *bls12381G2MultiExpPrague) Run(input []byte) ([]byte, error) {
 	// Implements EIP-2537 G2MultiExp precompile logic
 	// > G2 multiplication call expects `288*k` bytes as an input that is interpreted as byte concatenation of `k` slices each of them being a byte concatenation of encoding of G2 point (`256` bytes) and encoding of a scalar value (`32` bytes).
 	// > Output is an encoding of multiexponentiation operation result - single G2 point (`256` bytes).
@@ -973,15 +1036,30 @@ func (c *bls12381G2MultiExp) Run(input []byte) ([]byte, error) {
 	return encodePointG2(r), nil
 }
 
-// bls12381Pairing implements EIP-2537 Pairing precompile.
-type bls12381Pairing struct{}
+type bls12381PairingIsthmus struct {
+}
+
+func (c *bls12381PairingIsthmus) RequiredGas(input []byte) uint64 {
+	return new(bls12381PairingPrague).RequiredGas(input)
+}
+
+func (c *bls12381PairingIsthmus) Run(input []byte) ([]byte, error) {
+	if len(input) > int(params.Bls12381PairingMaxInputSizeIsthmus) {
+		return nil, errBLS12381MaxPairingSize
+	}
+
+	return new(bls12381PairingPrague).Run(input)
+}
+
+// bls12381PairingPrague implements EIP-2537 Pairing precompile.
+type bls12381PairingPrague struct{}
 
 // RequiredGas returns the gas required to execute the pre-compiled contract.
-func (c *bls12381Pairing) RequiredGas(input []byte) uint64 {
+func (c *bls12381PairingPrague) RequiredGas(input []byte) uint64 {
 	return params.Bls12381PairingBaseGas + uint64(len(input)/384)*params.Bls12381PairingPerPairGas
 }
 
-func (c *bls12381Pairing) Run(input []byte) ([]byte, error) {
+func (c *bls12381PairingPrague) Run(input []byte) ([]byte, error) {
 	// Implements EIP-2537 Pairing precompile logic.
 	// > Pairing call expects `384*k` bytes as an inputs that is interpreted as byte concatenation of `k` slices. Each slice has the following structure:
 	// > - `128` bytes of G1 point encoding
diff --git a/core/vm/contracts_test.go b/core/vm/contracts_test.go
@@ -59,15 +59,18 @@ var allPrecompiles = map[common.Address]PrecompiledContract{
 	common.BytesToAddress([]byte{9}):    &blake2F{},
 	common.BytesToAddress([]byte{0x0a}): &kzgPointEvaluation{},
 
-	common.BytesToAddress([]byte{0x01, 0x00}): &p256Verify{},
-
 	common.BytesToAddress([]byte{0x0f, 0x0a}): &bls12381G1Add{},
-	common.BytesToAddress([]byte{0x0f, 0x0b}): &bls12381G1MultiExp{},
+	common.BytesToAddress([]byte{0x0f, 0x0b}): &bls12381G1MultiExpPrague{},
+	common.BytesToAddress([]byte{0x1f, 0x0b}): &bls12381G1MultiExpIsthmus{},
 	common.BytesToAddress([]byte{0x0f, 0x0c}): &bls12381G2Add{},
-	common.BytesToAddress([]byte{0x0f, 0x0d}): &bls12381G2MultiExp{},
-	common.BytesToAddress([]byte{0x0f, 0x0e}): &bls12381Pairing{},
+	common.BytesToAddress([]byte{0x0f, 0x0d}): &bls12381G2MultiExpPrague{},
+	common.BytesToAddress([]byte{0x1f, 0x0d}): &bls12381G2MultiExpIsthmus{},
+	common.BytesToAddress([]byte{0x0f, 0x0e}): &bls12381PairingPrague{},
+	common.BytesToAddress([]byte{0x1f, 0x0e}): &bls12381PairingIsthmus{},
 	common.BytesToAddress([]byte{0x0f, 0x0f}): &bls12381MapG1{},
 	common.BytesToAddress([]byte{0x0f, 0x10}): &bls12381MapG2{},
+
+	common.BytesToAddress([]byte{0x01, 0x00}): &p256Verify{},
 }
 
 // EIP-152 test vectors
@@ -282,6 +285,29 @@ func TestPrecompileBn256PairingTooLargeInput(t *testing.T) {
 	}, t)
 }
 
+func TestPrecompileBlsInputSize(t *testing.T) {
+	big := make([]byte, params.Bls12381G1MulMaxInputSizeIsthmus+1)
+	testPrecompiledFailure("1f0b", precompiledFailureTest{
+		Input:         common.Bytes2Hex(big),
+		ExpectedError: "g1 msm input size exceeds maximum",
+		Name:          "bls12381G1MSM_input_too_big",
+	}, t)
+
+	big = make([]byte, params.Bls12381G2MulMaxInputSizeIsthmus+1)
+	testPrecompiledFailure("1f0d", precompiledFailureTest{
+		Input:         common.Bytes2Hex(big),
+		ExpectedError: "g2 msm input size exceeds maximum",
+		Name:          "bls12381G2MSM_input_too_big",
+	}, t)
+
+	big = make([]byte, params.Bls12381PairingMaxInputSizeIsthmus+1)
+	testPrecompiledFailure("1f0e", precompiledFailureTest{
+		Input:         common.Bytes2Hex(big),
+		ExpectedError: "pairing input size exceeds maximum",
+		Name:          "bls12381Pairing_input_too_big",
+	}, t)
+}
+
 func TestPrecompiledEcrecover(t *testing.T) { testJson("ecRecover", "01", t) }
 
 func testJson(name, addr string, t *testing.T) {
diff --git a/params/protocol_params.go b/params/protocol_params.go
@@ -172,6 +172,10 @@ const (
 	Bls12381MapG1Gas          uint64 = 5500  // Gas price for BLS12-381 mapping field element to G1 operation
 	Bls12381MapG2Gas          uint64 = 23800 // Gas price for BLS12-381 mapping field element to G2 operation
 
+	Bls12381G1MulMaxInputSizeIsthmus   uint64 = 513760 // Maximum input size for BLS12-381 G1 multiple-scalar-multiply operation
+	Bls12381G2MulMaxInputSizeIsthmus   uint64 = 488448 // Maximum input size for BLS12-381 G2 multiple-scalar-multiply operation
+	Bls12381PairingMaxInputSizeIsthmus uint64 = 235008 // Maximum input size for BLS12-381 pairing check
+
 	P256VerifyGas uint64 = 3450 // secp256r1 elliptic curve signature verifier gas price
 
 	// The Refund Quotient is the cap on how much of the used gas can be refunded. Before EIP-3529,
