hyperlane-monorepo/solidity/contracts/libs/CheckpointLib.sol

// SPDX-License-Identifier: MIT OR Apache-2.0
pragma solidity >=0.8.0;

// ============ External Imports ============
import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";

library CheckpointLib {
    /**
     * @notice Returns the digest validators are expected to sign when signing checkpoints.
     * @param _origin The origin domain of the checkpoint.
     * @param _originmerkleTreeHook The address of the origin merkle tree hook as bytes32.
     * @param _checkpointRoot The root of the checkpoint.
     * @param _checkpointIndex The index of the checkpoint.
     * @param _messageId The message ID of the checkpoint.
     * @dev Message ID must match leaf content of checkpoint root at index.
     * @return The digest of the checkpoint.
     */
    function digest(
        uint32 _origin,
        bytes32 _originmerkleTreeHook,
        bytes32 _checkpointRoot,
        uint32 _checkpointIndex,
        bytes32 _messageId
    ) internal pure returns (bytes32) {
        bytes32 _domainHash = domainHash(_origin, _originmerkleTreeHook);
        return
            ECDSA.toEthSignedMessageHash(
                keccak256(
                    abi.encodePacked(
                        _domainHash,
                        _checkpointRoot,
                        _checkpointIndex,
                        _messageId
                    )
                )
            );
    }

    /**
     * @notice Returns the domain hash that validators are expected to use
     * when signing checkpoints.
     * @param _origin The origin domain of the checkpoint.
     * @param _originmerkleTreeHook The address of the origin merkle tree as bytes32.
     * @return The domain hash.
     */
    function domainHash(
        uint32 _origin,
        bytes32 _originmerkleTreeHook
    ) internal pure returns (bytes32) {
        // Including the origin merkle tree address in the signature allows the slashing
        // protocol to enroll multiple trees. Otherwise, a valid signature for
        // tree A would be indistinguishable from a fraudulent signature for tree B.
        // The slashing protocol should slash if validators sign attestations for
        // anything other than a whitelisted tree.
        return
            keccak256(
                abi.encodePacked(_origin, _originmerkleTreeHook, "HYPERLANE")
            );
    }
}
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`// SPDX-License-Identifier: MIT OR Apache-2.0`
			`pragma solidity >=0.8.0;`

			`// ============ External Imports ============`
			`import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";`

			`library CheckpointLib {`
			`/**`
			`* @notice Returns the digest validators are expected to sign when signing checkpoints.`
			`* @param _origin The origin domain of the checkpoint.`
Update router implementations for v3 (#2749) 1 year ago			`* @param _originmerkleTreeHook The address of the origin merkle tree hook as bytes32.`
Make merkle proofs optional on multisig ISM (#2173) ### Description Validators currently sign `(root, index)` checkpoints and during verification, a `message` is passed as calldata, an `id()` is derived, and a `proof` of `id()` at `index` in `root` is verified This provides “all or nothing” censorship resistance guarantees because a validator can only sign roots to allow any contained messages to be processed. We have considered alternatives where validators sign `message` directly and we lose censorship resistance in exchange for eliminating merkle proof verification gas costs. However, if validators sign `(root, index, message)` tuples, we can skip merkle proof verification on the destination chain while still maintaining censorship resistance by providing two valid metadata formats: 1. existing validator signatures and merkle proof verification of inclusion 2. including merkle proof verification for pathway where validators are censoring `message` It’s worth noting the validator is required to index event data to produce this new signature format. However, this does not require historical indexing and new validators being spun up can simply begin indexing from tip. See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2187 for validator changes See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2248 for relayer and e2e test changes ### Drive-by changes Merkle index also optional ### Related issues - Fixes https://github.com/hyperlane-xyz/hyperlane-monorepo/issues/2192 ### Backward compatibility - new ISM deployment is necessary (we could upgrade implementation in theory) - Validator and relayer upgrades ### Testing Unit (fuzz) Tests, E2E tests 2 years ago			`* @param _checkpointRoot The root of the checkpoint.`
			`* @param _checkpointIndex The index of the checkpoint.`
			`* @param _messageId The message ID of the checkpoint.`
			`* @dev Message ID must match leaf content of checkpoint root at index.`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`* @return The digest of the checkpoint.`
			`*/`
			`function digest(`
			`uint32 _origin,`
Update router implementations for v3 (#2749) 1 year ago			`bytes32 _originmerkleTreeHook,`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`bytes32 _checkpointRoot,`
Make merkle proofs optional on multisig ISM (#2173) ### Description Validators currently sign `(root, index)` checkpoints and during verification, a `message` is passed as calldata, an `id()` is derived, and a `proof` of `id()` at `index` in `root` is verified This provides “all or nothing” censorship resistance guarantees because a validator can only sign roots to allow any contained messages to be processed. We have considered alternatives where validators sign `message` directly and we lose censorship resistance in exchange for eliminating merkle proof verification gas costs. However, if validators sign `(root, index, message)` tuples, we can skip merkle proof verification on the destination chain while still maintaining censorship resistance by providing two valid metadata formats: 1. existing validator signatures and merkle proof verification of inclusion 2. including merkle proof verification for pathway where validators are censoring `message` It’s worth noting the validator is required to index event data to produce this new signature format. However, this does not require historical indexing and new validators being spun up can simply begin indexing from tip. See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2187 for validator changes See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2248 for relayer and e2e test changes ### Drive-by changes Merkle index also optional ### Related issues - Fixes https://github.com/hyperlane-xyz/hyperlane-monorepo/issues/2192 ### Backward compatibility - new ISM deployment is necessary (we could upgrade implementation in theory) - Validator and relayer upgrades ### Testing Unit (fuzz) Tests, E2E tests 2 years ago			`uint32 _checkpointIndex,`
			`bytes32 _messageId`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`) internal pure returns (bytes32) {`
Update router implementations for v3 (#2749) 1 year ago			`bytes32 _domainHash = domainHash(_origin, _originmerkleTreeHook);`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`return`
			`ECDSA.toEthSignedMessageHash(`
			`keccak256(`
			`abi.encodePacked(`
			`_domainHash,`
			`_checkpointRoot,`
Make merkle proofs optional on multisig ISM (#2173) ### Description Validators currently sign `(root, index)` checkpoints and during verification, a `message` is passed as calldata, an `id()` is derived, and a `proof` of `id()` at `index` in `root` is verified This provides “all or nothing” censorship resistance guarantees because a validator can only sign roots to allow any contained messages to be processed. We have considered alternatives where validators sign `message` directly and we lose censorship resistance in exchange for eliminating merkle proof verification gas costs. However, if validators sign `(root, index, message)` tuples, we can skip merkle proof verification on the destination chain while still maintaining censorship resistance by providing two valid metadata formats: 1. existing validator signatures and merkle proof verification of inclusion 2. including merkle proof verification for pathway where validators are censoring `message` It’s worth noting the validator is required to index event data to produce this new signature format. However, this does not require historical indexing and new validators being spun up can simply begin indexing from tip. See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2187 for validator changes See https://github.com/hyperlane-xyz/hyperlane-monorepo/pull/2248 for relayer and e2e test changes ### Drive-by changes Merkle index also optional ### Related issues - Fixes https://github.com/hyperlane-xyz/hyperlane-monorepo/issues/2192 ### Backward compatibility - new ISM deployment is necessary (we could upgrade implementation in theory) - Validator and relayer upgrades ### Testing Unit (fuzz) Tests, E2E tests 2 years ago			`_checkpointIndex,`
			`_messageId`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`)`
			`)`
			`);`
			`}`

			`/**`
			`* @notice Returns the domain hash that validators are expected to use`
			`* when signing checkpoints.`
			`* @param _origin The origin domain of the checkpoint.`
Update router implementations for v3 (#2749) 1 year ago			`* @param _originmerkleTreeHook The address of the origin merkle tree as bytes32.`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`* @return The domain hash.`
			`*/`
Graduate to yarn 4 🧶 (#2899) Co-authored-by: J M Rossy <jm.rossy@gmail.com> Fixes https://github.com/hyperlane-xyz/issues/issues/687 Fixes #2228 Fixes https://github.com/hyperlane-xyz/issues/issues/704 1 year ago			`function domainHash(`
			`uint32 _origin,`
			`bytes32 _originmerkleTreeHook`
			`) internal pure returns (bytes32) {`
Update multisig ISMs for merkle hooks (#2722) Fixes https://github.com/hyperlane-xyz/issues/issues/591 1 year ago			`// Including the origin merkle tree address in the signature allows the slashing`
			`// protocol to enroll multiple trees. Otherwise, a valid signature for`
			`// tree A would be indistinguishable from a fraudulent signature for tree B.`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`// The slashing protocol should slash if validators sign attestations for`
Update multisig ISMs for merkle hooks (#2722) Fixes https://github.com/hyperlane-xyz/issues/issues/591 1 year ago			`// anything other than a whitelisted tree.`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`return`
Update multisig ISMs for merkle hooks (#2722) Fixes https://github.com/hyperlane-xyz/issues/issues/591 1 year ago			`keccak256(`
Update router implementations for v3 (#2749) 1 year ago			`abi.encodePacked(_origin, _originmerkleTreeHook, "HYPERLANE")`
Update multisig ISMs for merkle hooks (#2722) Fixes https://github.com/hyperlane-xyz/issues/issues/591 1 year ago			`);`
Add Aggregation ISM (#1737) ### Description This PR introduces the Aggregation ISM, which requires interchain messages to be verified by an m-of-n ISM set. This PR also introduces a new MultisigISM, which does not make use of the "commitment" optimization in its metadata. The previous MultisigISM has been moved to LegacyMultisigISM. Both AggregationISM and MultisigISM have abstract contracts that require `valuesAndThreshold` implementations. This PR implements versions with static m-of-n sets, using the EIP-3448 MetaProxy standard. These implementations are intended to be combined with a future RoutingISM implementation to replace LegacyMultisigISM. ### Drive-by changes - genhtml in solidity code coverage ### Related issues - Fixes #1522 ### Backward compatibility _Are these changes backward compatible?_ Yes ### Testing _What kind of testing have these changes undergone? Unit Tests 2 years ago			`}`
			`}`