Skip to content

Add Watchtower Signer Requirement for Verification #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
RonTuretzky wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Watchtower Signer Requirement for Verification #13

RonTuretzky wants to merge 1 commit into from

Conversation

@RonTuretzky
Copy link
Collaborator

@RonTuretzky RonTuretzky commented Aug 13, 2025

Summary

This PR implements issue #11 by adding a mandatory Watchtower component to the OpacitySDK verification system. The Watchtower acts as a trusted signer that must participate in every verification for it to be considered valid, providing an additional layer of security and trust.

Changes

Core SDK Updates (src/OpacitySDK.sol)

  • ✅ Added watchtowerSignature field to VerificationParams struct
  • ✅ Implemented ECDSA signature verification for Watchtower
  • ✅ Added watchtower state variables (watchtowerAddress, watchtowerEnabled)
  • ✅ Added events for watchtower operations (WatchtowerUpdated, WatchtowerStatusChanged, WatchtowerVerification)
  • ✅ Modified verify() function to check watchtower signature before operator quorum
  • ✅ Added admin functions to manage watchtower (updateWatchtower, setWatchtowerStatus)

Example Contracts Updates

  • ✅ Updated SimpleVerificationConsumer constructor to accept watchtower address
  • ✅ Updated StorageQueryConsumer constructor and verification result struct
  • ✅ Modified events to include watchtower verification status

Deployment Scripts (script/DeployOpacityExamples.s.sol)

  • ✅ Added support for configuring watchtower address via environment variable
  • ✅ Updated deployment to pass watchtower address to consumer contracts
  • ✅ Enhanced deployment summary to show watchtower configuration

Testing (test/OpacitySDKWatchtower.t.sol)

  • ✅ Added comprehensive test suite with 8 tests covering:
    • Watchtower signature requirement enforcement
    • Invalid signature rejection
    • Watchtower enable/disable functionality
    • Watchtower address updates
    • Event emissions
    • Zero address validation

How the Watchtower Works

  1. Mandatory Participation: When enabled, every verification must include a valid watchtower signature
  2. ECDSA Signatures: Uses standard Ethereum ECDSA signatures for compatibility
  3. Configurable: Can be enabled/disabled and address can be updated by contract admin
  4. Two-Step Verification:
    • First checks watchtower signature (if enabled)
    • Then verifies operator quorum via BLS signatures

Security Benefits

  • Prevents Operator Collusion: Watchtower acts as independent oversight
  • Audit Trail: All watchtower verifications emit events for monitoring
  • Emergency Circuit Breaker: Can halt verifications if anomalies detected
  • Key Rotation: Watchtower address can be updated for security

Test Results

Ran 8 tests for test/OpacitySDKWatchtower.t.sol:OpacitySDKWatchtowerTest
[PASS] testCannotUpdateWatchtowerToZeroAddress() (gas: 8808)
[PASS] testInvalidWatchtowerSignature() (gas: 28933)
[PASS] testWatchtowerAddressInitialization() (gas: 14414)
[PASS] testWatchtowerCanBeDisabled() (gas: 16062)
[PASS] testWatchtowerCanBeUpdated() (gas: 21188)
[PASS] testWatchtowerSignatureRequired() (gas: 23590)
[PASS] testWatchtowerSignatureVerification() (gas: 25695)
[PASS] testWatchtowerStatusChange() (gas: 19969)

Suite result: ok. 8 passed; 0 failed; 0 skipped

Breaking Changes

⚠️ This is a breaking change - Existing deployments will need to:

  1. Provide a watchtower address when deploying new contracts
  2. Update client libraries to include watchtower signatures in verification requests

Deployment Instructions

Set the watchtower address via environment variable:

export WATCHTOWER_ADDRESS=0x... # Your watchtower address
forge script script/DeployOpacityExamples.s.sol --rpc-url $RPC_URL --private-key $PRIVATE_KEY --broadcast

Closes #11

🤖 Generated with Claude Code

@RonTuretzky @claude
feat: Add Watchtower signer requirement for verification (#11)
dc118bb 
Implements a mandatory Watchtower component that must participate in every verification for it to be considered valid, adding an additional layer of security and trust.

Changes:
- Added watchtowerSignature field to VerificationParams struct
- Implemented ECDSA signature verification for Watchtower
- Added watchtower state management (address, enabled status)
- Updated example consumer contracts to support Watchtower
- Added comprehensive test suite for Watchtower functionality
- Updated deployment scripts to configure Watchtower address

The Watchtower acts as a trusted oversight entity that:
- Must sign every verification for it to be valid
- Can be enabled/disabled by contract admin
- Can have its address updated for key rotation
- Provides an audit trail via events

All tests passing (8/8 Watchtower-specific tests).

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add Watchtower Signer Requirement for Verification

2 participants

@RonTuretzky