feat: add EIP-1186 MPT proof verification for on-chain reads#414
Open
feat: add EIP-1186 MPT proof verification for on-chain reads#414
Conversation
Add Merkle-Patricia trie proof verification for token balance queries using eth_getProof. The proof module verifies account and storage proofs against a pinned block's state root, detecting inconsistent or forged data from the RPC provider. Changes: - New proof module in tempo-common with verify_account_proof, verify_storage_proof, verified_token_balance, and helpers - TokenConfig gains balance_mapping_slot for contract-specific slot - query_all_balances now attempts proof-verified reads first - Session deposit clamping also uses verified reads when available - Storage proof key binding prevents proof substitution attacks Co-authored-by: dankrad <6130607+dankrad@users.noreply.github.com> Amp-Thread-ID: https://ampcode.com/threads/T-019d5e67-b71b-734c-b532-ba31a316edca
Contributor
✅ Changelog found on PR. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Merkle-Patricia trie (MPT) proof verification for token balance queries using
eth_getProof. This is the first step toward trustless RPC verification for Tempo and Zones.Motivation
In Zones (privacy validium L2s), there's a single RPC operator — users can't pick a trusted provider. By verifying EIP-1186 proofs against the block's state root, the wallet can detect inconsistent or forged data from the RPC.
Currently the state root is fetched from the same RPC, so this provides consistency verification (proof matches the provider's claimed state). Full malicious-RPC resistance requires anchoring the state root to an independent trust source (e.g., Tempo L1), which is a follow-up.
Changes
proofmodule intempo-commonwith:pin_latest_block— fetches latest block header for state root anchoringverify_account_proof/verify_storage_proof— MPT verification viaalloy-trieverified_storage_at/verified_token_balance/verified_account_balance— high-level verified read helpersTokenConfiggainsbalance_mapping_slotfield for explicit slot configurationquery_all_balancesnow attempts proof-verified reads first, falls back toeth_callquery_token_balance_verifiedadded to channel moduleTesting
Follow-up
getChannel)eth_getProofresponsesPrompted by: dankrad
Co-Authored-By: dankrad 6130607+dankrad@users.noreply.github.com