@inco/lightning 0.6.8 → 0.7.0

package/src/lightning-parts/interfaces/IEncryptedOperations.sol

@@ -4,75 +4,31 @@ pragma solidity ^0.8;
 import {euint256, ebool, ETypes} from "../../Types.sol";
 
 interface IEncryptedOperations {
-    function eAdd(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eSub(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eMul(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eDiv(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eRem(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eBitAnd(
-        bytes32 lhs,
-        bytes32 rhs
-    ) external returns (bytes32 result);
+
+    function eAdd(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eSub(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eMul(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eDiv(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eRem(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eBitAnd(bytes32 lhs, bytes32 rhs) external returns (bytes32 result);
     function eBitOr(bytes32 lhs, bytes32 rhs) external returns (bytes32 result);
-    function eBitXor(
-        bytes32 lhs,
-        bytes32 rhs
-    ) external returns (bytes32 result);
-    function eShl(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eShr(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eRotl(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eRotr(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
+    function eBitXor(bytes32 lhs, bytes32 rhs) external returns (bytes32 result);
+    function eShl(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eShr(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eRotl(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eRotr(euint256 lhs, euint256 rhs) external returns (euint256 result);
     function eEq(bytes32 lhs, bytes32 rhs) external returns (ebool result);
     function eNe(bytes32 lhs, bytes32 rhs) external returns (ebool result);
     function eGe(euint256 lhs, euint256 rhs) external returns (ebool result);
     function eGt(euint256 lhs, euint256 rhs) external returns (ebool result);
     function eLe(euint256 lhs, euint256 rhs) external returns (ebool result);
     function eLt(euint256 lhs, euint256 rhs) external returns (ebool result);
-    function eMin(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
-    function eMax(
-        euint256 lhs,
-        euint256 rhs
-    ) external returns (euint256 result);
+    function eMin(euint256 lhs, euint256 rhs) external returns (euint256 result);
+    function eMax(euint256 lhs, euint256 rhs) external returns (euint256 result);
     function eNot(ebool operand) external returns (ebool result);
     function eCast(bytes32 ct, ETypes toType) external returns (bytes32 result);
     function eRand(ETypes randType) external payable returns (bytes32 result);
-    function eRandBounded(
-        bytes32 upperBound,
-        ETypes randType
-    ) external payable returns (bytes32 result);
-    function eIfThenElse(
-        ebool condition,
-        bytes32 ifTrue,
-        bytes32 ifFalse
-    ) external returns (bytes32 result);
+    function eRandBounded(bytes32 upperBound, ETypes randType) external payable returns (bytes32 result);
+    function eIfThenElse(ebool condition, bytes32 ifTrue, bytes32 ifFalse) external returns (bytes32 result);
+
 }

package/src/lightning-parts/interfaces/ITEELifecycle.sol

@@ -3,9 +3,10 @@ pragma solidity ^0.8.19;
 
 import {BootstrapResult, UpgradeResult, AddNodeResult} from "../TEELifecycle.types.sol";
 import {IQuoteVerifier} from "../../interfaces/automata-interfaces/IQuoteVerifier.sol";
-import {TD10ReportBody} from "../../interfaces/automata-interfaces/Types.sol";
+import {Td10ReportBody} from "../../interfaces/automata-interfaces/Types.sol";
 
 interface ITEELifecycle {
+
     function verifyBootstrapResult(
         BootstrapResult calldata bootstrapResult,
         bytes calldata quote,
@@ -23,15 +24,10 @@ interface ITEELifecycle {
         bytes calldata quote,
         bytes calldata signature
     ) external;
-    function approveNewTEEVersion(bytes32 newMrAggregated) external;
-    function parseTD10ReportBody(
-        bytes calldata rawQuote
-    ) external pure returns (TD10ReportBody memory report);
-    function parseReport(
-        TD10ReportBody memory tdReport
-    ) external pure returns (address, bytes32);
-    function bootstrapResultDigest(
-        BootstrapResult memory bootstrapResult
-    ) external view returns (bytes32);
+    function approveNewTeeVersion(bytes32 newMrAggregated) external;
+    function parseTd10ReportBody(bytes calldata rawQuote) external pure returns (Td10ReportBody memory report);
+    function parseReport(Td10ReportBody memory tdReport) external pure returns (address, bytes32);
+    function bootstrapResultDigest(BootstrapResult memory bootstrapResult) external view returns (bytes32);
     function quoteVerifier() external view returns (IQuoteVerifier);
+
 }

package/src/lightning-parts/interfaces/ITrivialEncryption.sol

@@ -4,7 +4,9 @@ pragma solidity ^0.8;
 import {euint256, ebool, eaddress} from "../../Types.sol";
 
 interface ITrivialEncryption {
+
     function asEuint256(uint256 value) external returns (euint256 newEuint256);
     function asEbool(bool value) external returns (ebool newEbool);
     function asEaddress(address value) external returns (eaddress newEaddress);
+
 }

package/src/lightning-parts/primitives/EventCounter.sol

@@ -4,27 +4,25 @@ pragma solidity ^0.8;
 import {IEventCounter} from "./interfaces/IEventCounter.sol";
 
 contract EventCounterStorage {
+
     struct Storage {
         // TODO: change type to bytes32 when we rename away from "counter".
         uint256 eventCounter;
     }
 
-    bytes32 private constant eventCounterStorageLocation =
-        keccak256("lightning.storage.EventCounter");
+    bytes32 private constant EVENT_COUNTER_STORAGE_LOCATION = keccak256("lightning.storage.EventCounter");
 
-    function getEventCounterStorage()
-        internal
-        pure
-        returns (Storage storage $)
-    {
-        bytes32 loc = eventCounterStorageLocation;
+    function getEventCounterStorage() internal pure returns (Storage storage $) {
+        bytes32 loc = EVENT_COUNTER_STORAGE_LOCATION;
         assembly {
             $.slot := loc
         }
     }
+
 }
 
 contract EventCounter is IEventCounter, EventCounterStorage {
+
     function getNewEventId() internal returns (uint256 newEventId) {
         newEventId = getEventCounterStorage().eventCounter++;
     }
@@ -43,4 +41,5 @@ contract EventCounter is IEventCounter, EventCounterStorage {
     function getEventCounter() public view returns (uint256) {
         return getNextEventId();
     }
+
 }

package/src/lightning-parts/primitives/HandleGeneration.sol

@@ -1,20 +1,17 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import {
-    ETypes,
-    EOps,
-    EVM_HOST_CHAIN_PREFIX,
-    HANDLE_INDEX
-} from "../../Types.sol";
+import {ETypes, EOps, EVM_HOST_CHAIN_PREFIX, HANDLE_INDEX} from "../../Types.sol";
 import {HandleMetadata} from "./HandleMetadata.sol";
 import {IHandleGeneration} from "./interfaces/IHandleGeneration.sol";
 
 contract HandleGeneration is IHandleGeneration, HandleMetadata {
-    function getTrivialEncryptHandle(
-        bytes32 plaintextBytes,
-        ETypes handleType
-    ) public view returns (bytes32 generatedHandle) {
+
+    function getTrivialEncryptHandle(bytes32 plaintextBytes, ETypes handleType)
+        public
+        pure
+        returns (bytes32 generatedHandle)
+    {
         generatedHandle = keccak256(
             abi.encodePacked(
                 EOps.TrivialEncrypt, // !! Note[Silas]: I reordered this to be first element for greater regularity 26/08/2025 (remove this note after 1 month) !!
@@ -24,20 +21,12 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
         generatedHandle = embedTypeVersion(generatedHandle, handleType);
     }
 
-    function getInputHandle(
-        bytes memory ciphertext,
-        address user,
-        address contractAddress,
-        ETypes inputType
-    ) internal view returns (bytes32 generatedHandle) {
-        return
-            getInputHandle(
-            ciphertext,
-            address(this),
-            user,
-            contractAddress,
-            inputType
-        );
+    function getInputHandle(bytes memory ciphertext, address user, address contractAddress, ETypes inputType)
+        internal
+        view
+        returns (bytes32 generatedHandle)
+    {
+        return getInputHandle(ciphertext, address(this), user, contractAddress, inputType);
     }
 
     function getInputHandle(
@@ -49,9 +38,7 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
     ) internal view returns (bytes32 generatedHandle) {
         // Here we ensure that our hashing scheme is binary-compatible between IncoLightning and IncoFhevm, this helps
         // keep client-side code consistent in its ciphertext, context => handle mappings
-        bytes32 ctIndexHash = keccak256(
-            abi.encodePacked(keccak256(ciphertext), HANDLE_INDEX)
-        );
+        bytes32 ctIndexHash = keccak256(abi.encodePacked(keccak256(ciphertext), HANDLE_INDEX));
         bytes32 prehandle = embedIndexTypeVersion(ctIndexHash, inputType);
         // We must also propagate the handle metadata to the final handle
         generatedHandle = embedIndexTypeVersion(
@@ -69,11 +56,12 @@ contract HandleGeneration is IHandleGeneration, HandleMetadata {
         );
     }
 
-    function getOpResultHandle(
-        EOps op,
-        ETypes returnType,
-        bytes memory packedInputs
-    ) public pure returns (bytes32 generatedHandle) {
+    function getOpResultHandle(EOps op, ETypes returnType, bytes memory packedInputs)
+        public
+        pure
+        returns (bytes32 generatedHandle)
+    {
         generatedHandle = embedTypeVersion(keccak256(abi.encodePacked(op, packedInputs)), returnType);
     }
+
 }

package/src/lightning-parts/primitives/HandleMetadata.sol

@@ -1,19 +1,13 @@
 // SPDX-License-Identifier: No License
 pragma solidity ^0.8;
 
-import { HANDLE_VERSION, HANDLE_INDEX, ETypes } from "../../Types.sol";
+import {HANDLE_VERSION, HANDLE_INDEX, ETypes} from "../../Types.sol";
 
 contract HandleMetadata {
-    function embedIndexTypeVersion(
-        bytes32 prehandle,
-        ETypes inputType
-    ) internal pure returns (bytes32 result) {
+
+    function embedIndexTypeVersion(bytes32 prehandle, ETypes inputType) internal pure returns (bytes32 result) {
         // Create a mask to clear the last three bytes
-        bytes32 mask = bytes32(
-            uint256(
-                0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFF
-            )
-        );
+        bytes32 mask = bytes32(uint256(0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00FFFF));
         // Clear the last three bytes of the original value
         bytes32 clearedOriginal = prehandle & mask;
         // Combine the cleared original value with the new last three bytes
@@ -21,13 +15,8 @@ contract HandleMetadata {
         result = embedTypeVersion(result, inputType);
     }
 
-    function embedTypeVersion(
-        bytes32 prehandle,
-        ETypes handleType
-    ) internal pure returns (bytes32 result) {
-        result =
-            prehandle &
-            0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000;
+    function embedTypeVersion(bytes32 prehandle, ETypes handleType) internal pure returns (bytes32 result) {
+        result = prehandle & 0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000;
         result = bytes32(uint256(result) | (uint256(handleType) << 8)); // append type
         result = bytes32(uint256(result) | HANDLE_VERSION);
     }
@@ -35,4 +24,5 @@ contract HandleMetadata {
     function typeOf(bytes32 handle) internal pure returns (ETypes) {
         return ETypes(uint8(uint256(handle) >> 8));
     }
+
 }

package/src/lightning-parts/primitives/LightningAddressGetter.sol

@@ -2,9 +2,12 @@
 pragma solidity ^0.8;
 
 abstract contract LightningAddressGetter {
+
+    // forge-lint: disable-next-line(screaming-snake-case-immutable)
     address internal immutable incoLightningAddress;
 
     constructor(address _incoLightningAddress) {
         incoLightningAddress = _incoLightningAddress;
     }
+
 }

package/src/lightning-parts/primitives/SignatureVerifier.sol

@@ -4,64 +4,128 @@ pragma solidity ^0.8;
 import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/OwnableUpgradeable.sol";
 import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 import {ISignatureVerifier} from "./interfaces/ISignatureVerifier.sol";
-import {TEELifecycle} from "../TEELifecycle.sol";
 
 contract SignatureVerifierStorage {
+
     struct StorageForSigVerifier {
+        address[] signers;
         mapping(address => bool) isSigner;
+        uint256 threshold;
     }
 
     // State changelog:
     // 0.2.0: Shifting state location to support multiple signers
-    bytes32 private constant SignatureVerifierStorageLocation =
-        keccak256("inco.storage.SignatureVerifier.v0.2.0");
-
-    function getSigVerifierStorage()
-        internal
-        pure
-        returns (StorageForSigVerifier storage $)
-    {
-        bytes32 loc = SignatureVerifierStorageLocation;
+    bytes32 private constant SIGNATURE_VERIFIER_STORAGE_LOCATION = keccak256("inco.storage.SignatureVerifier.v0.2.0");
+
+    function getSigVerifierStorage() internal pure returns (StorageForSigVerifier storage $) {
+        bytes32 loc = SIGNATURE_VERIFIER_STORAGE_LOCATION;
         assembly {
             $.slot := loc
         }
     }
+
 }
 
 abstract contract SignatureVerifier is ISignatureVerifier, OwnableUpgradeable, SignatureVerifierStorage {
+
+    // we use ECDSA as the signers are meant to be EOAs controlled by TEEs, and no smart contract wallet
     using ECDSA for bytes32;
 
     error SignerNotFound(address signerAddress);
+    error SignerAlreadyAdded(address signerAddress);
+    error InvalidThreshold(uint256 threshold, uint256 nbOfSigners);
+    error SignersNotInAscendingOrder(address currentSigner, address lastSigner);
 
     event AddedSignatureVerifier(address signerAddress);
     event RemovedSignatureVerifier(address signerAddress);
+    event ThresholdChanged(uint256 oldThreshold, uint256 newThreshold);
 
-    // @todo: This function should be removed once we have a way to read the signers from the TEELifecycle contract
-    function addSigner(address signerAddress) external onlyOwner {
-        getSigVerifierStorage().isSigner[signerAddress] = true;
+    /// @dev internal sensible function, should be used only as part of an onlyOwner function / access controlled
+    function addSigner(address signerAddress) internal {
+        StorageForSigVerifier storage $ = getSigVerifierStorage();
+        require(!isSigner(signerAddress), SignerAlreadyAdded(signerAddress));
+        $.signers.push(signerAddress);
+        $.isSigner[signerAddress] = true;
         emit AddedSignatureVerifier(signerAddress);
     }
 
-    // @todo: This function should be removed once we have a way to read the signers from the TEELifecycle contract
     function removeSigner(address signerAddress) external onlyOwner {
-        require(
-            getSigVerifierStorage().isSigner[signerAddress],
-            SignerNotFound(signerAddress)
-        );
-        getSigVerifierStorage().isSigner[signerAddress] = false;
-        emit AddedSignatureVerifier(signerAddress);
+        StorageForSigVerifier storage $ = getSigVerifierStorage();
+        require(isSigner(signerAddress), SignerNotFound(signerAddress));
+        require($.signers.length - 1 >= $.threshold, InvalidThreshold($.threshold, $.signers.length - 1));
+
+        // Find and remove the signer from the array
+        for (uint256 i = 0; i < $.signers.length; i++) {
+            if ($.signers[i] == signerAddress) {
+                // Move the last element to this position and pop
+                $.signers[i] = $.signers[$.signers.length - 1];
+                $.signers.pop();
+                break;
+            }
+        }
+
+        $.isSigner[signerAddress] = false;
+        emit RemovedSignatureVerifier(signerAddress);
+    }
+
+    function setThreshold(uint256 newThreshold) external onlyOwner {
+        StorageForSigVerifier storage $ = getSigVerifierStorage();
+        require(newThreshold <= $.signers.length, InvalidThreshold(newThreshold, $.signers.length));
+        require(newThreshold > 0, InvalidThreshold(newThreshold, $.signers.length));
+
+        uint256 oldThreshold = $.threshold;
+        $.threshold = newThreshold;
+        emit ThresholdChanged(oldThreshold, newThreshold);
+    }
+
+    function getThreshold() public view returns (uint256) {
+        return getSigVerifierStorage().threshold;
     }
 
-    // @todo: This function should read from the TEELifecycle contract instead of the storage
     function isSigner(address signerAddress) public view returns (bool) {
         return getSigVerifierStorage().isSigner[signerAddress];
     }
 
-    function isValidSignature(
-        bytes32 hash,
-        bytes memory signature
-    ) public view returns (bool) {
-        address signerAddress = hash.recover(signature);
-        return getSigVerifierStorage().isSigner[signerAddress];
+    /// @dev each signer id is NOT fixed, it can change over time, be removed, readded, etc.
+    function getSignerAtIndex(uint256 index) public view returns (address) {
+        return getSigVerifierStorage().signers[index];
     }
+
+    function getSignersCount() public view returns (uint256) {
+        return getSigVerifierStorage().signers.length;
+    }
+
+    /// @dev signature signers MUST be in ascending order, reverts with SignersNotInAscendingOrder if not
+    /// @dev signatures beyond the threshold are ignored
+    function isValidSignature(bytes32 digest, bytes[] memory signatures) public view returns (bool) {
+        StorageForSigVerifier storage $ = getSigVerifierStorage();
+        uint256 threshold = $.threshold;
+        uint256 signaturesLength = signatures.length;
+
+        // if threshold is 0, we can't accept any signatures yet
+        if (threshold == 0 || signaturesLength < threshold) {
+            return false;
+        }
+
+        address lastSigner = address(0);
+        uint256 correctSignaturesCount = 0;
+        uint256 i = 0;
+
+        while (correctSignaturesCount < threshold && i < signaturesLength) {
+            address currentSigner = digest.recover(signatures[i]);
+
+            // Ensure signers are in ascending order to prevent duplicates
+            // Revert is used instead of return false to signal the user/developer an error (call malformed) is on his side
+            require(currentSigner > lastSigner, SignersNotInAscendingOrder(currentSigner, lastSigner));
+            lastSigner = currentSigner;
+
+            if (isSigner(currentSigner)) {
+                correctSignaturesCount++;
+            }
+            i++;
+        }
+
+        return correctSignaturesCount >= threshold;
+    }
+
 }

package/src/lightning-parts/primitives/VerifierAddressGetter.sol

@@ -5,9 +5,12 @@ import {IIncoVerifier} from "../../interfaces/IIncoVerifier.sol";
 import {IVerifierAddressGetter} from "./interfaces/IVerifierAddressGetter.sol";
 
 abstract contract VerifierAddressGetter is IVerifierAddressGetter {
+
+    // forge-lint: disable-next-line(screaming-snake-case-immutable)
     IIncoVerifier public immutable incoVerifier;
 
     constructor(address _incoVerifier) {
         incoVerifier = IIncoVerifier(_incoVerifier);
     }
+
 }

package/src/lightning-parts/primitives/interfaces/IEventCounter.sol

@@ -2,7 +2,9 @@
 pragma solidity ^0.8;
 
 interface IEventCounter {
+
     function getNextEventId() external view returns (uint256);
 
     function getEventCounter() external view returns (uint256);
+
 }

package/src/lightning-parts/primitives/interfaces/IHandleGeneration.sol

@@ -4,7 +4,15 @@ pragma solidity ^0.8;
 import {ETypes, EOps} from "../../../Types.sol";
 
 interface IHandleGeneration {
-    function getTrivialEncryptHandle(bytes32 plaintextBytes, ETypes handleType) external view returns (bytes32 generatedHandle);
 
-    function getOpResultHandle(EOps op, ETypes returnType, bytes memory packedInputs) external pure returns (bytes32 generatedHandle);
+    function getTrivialEncryptHandle(bytes32 plaintextBytes, ETypes handleType)
+        external
+        view
+        returns (bytes32 generatedHandle);
+
+    function getOpResultHandle(EOps op, ETypes returnType, bytes memory packedInputs)
+        external
+        pure
+        returns (bytes32 generatedHandle);
+
 }

package/src/lightning-parts/primitives/interfaces/ISignatureVerifier.sol

@@ -2,8 +2,10 @@
 pragma solidity ^0.8;
 
 interface ISignatureVerifier {
-    function addSigner(address signerAddress) external;
+
     function removeSigner(address signerAddress) external;
     function isSigner(address signerAddress) external view returns (bool);
-    function isValidSignature(bytes32 hash, bytes memory signature) external view returns (bool);
+    function isValidSignature(bytes32 hash, bytes[] memory signatures) external view returns (bool);
+    function setThreshold(uint256 newThreshold) external;
+
 }

package/src/lightning-parts/primitives/interfaces/IVerifierAddressGetter.sol

@@ -4,5 +4,7 @@ pragma solidity ^0.8;
 import {IIncoVerifier} from "../../../interfaces/IIncoVerifier.sol";
 
 interface IVerifierAddressGetter {
+
     function incoVerifier() external view returns (IIncoVerifier);
+
 }