diff --git a/.changeset/orange-penguins-sneeze.md b/.changeset/orange-penguins-sneeze.md new file mode 100644 index 000000000..fddd03027 --- /dev/null +++ b/.changeset/orange-penguins-sneeze.md @@ -0,0 +1,5 @@ +--- +'@celo/celocli': minor +--- + +Removes L2 BLS keys support for account:authorize diff --git a/packages/cli/src/commands/account/authorize-l2.test.ts b/packages/cli/src/commands/account/authorize-l2.test.ts index b024593d7..01de9a477 100644 --- a/packages/cli/src/commands/account/authorize-l2.test.ts +++ b/packages/cli/src/commands/account/authorize-l2.test.ts @@ -28,6 +28,8 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { await testLocallyWithWeb3Node(Register, ['--from', notRegisteredAccount], web3) + logMock.mockClear() + await testLocallyWithWeb3Node( Authorize, [ @@ -42,23 +44,9 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { ], web3 ) + expect(stripAnsiCodesFromNestedArray(logMock.mock.calls)).toMatchInlineSnapshot(` [ - [ - "Running Checks:", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered Account ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: register", - ], - [ - "txHash: 0xtxhash", - ], [ "Running Checks:", ], @@ -84,6 +72,9 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { const signerNotRegisteredAccount = accounts[1] await testLocallyWithWeb3Node(Register, ['--from', notRegisteredAccount], web3) + + logMock.mockClear() + await testLocallyWithWeb3Node( Authorize, [ @@ -98,23 +89,9 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { ], web3 ) + expect(stripAnsiCodesFromNestedArray(logMock.mock.calls)).toMatchInlineSnapshot(` [ - [ - "Running Checks:", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered Account ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: register", - ], - [ - "txHash: 0xtxhash", - ], [ "Running Checks:", ], @@ -140,6 +117,9 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { const signerNotRegisteredAccount = accounts[1] await testLocallyWithWeb3Node(Register, ['--from', notRegisteredAccount], web3) + + logMock.mockClear() + await testLocallyWithWeb3Node( Authorize, [ @@ -154,32 +134,15 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { ], web3 ) + expect(stripAnsiCodesFromNestedArray(logMock.mock.calls)).toMatchInlineSnapshot(` [ - [ - "Running Checks:", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered Account ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: register", - ], - [ - "txHash: 0xtxhash", - ], [ "Running Checks:", ], [ " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is a registered Account ", ], - [ - " ✔ undefined is not a registered Validator ", - ], [ "All checks passed", ], @@ -194,13 +157,10 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { expect(stripAnsiCodesFromNestedArray(errorMock.mock.calls)).toMatchInlineSnapshot(`[]`) }) - // TODO figure out how we tackle this failure - test.failing('can authorize validator signer after validator is registered', async () => { + it('can authorize validator signer after validator is registered', async () => { const accounts = await web3.eth.getAccounts() const notRegisteredAccount = accounts[0] const signerNotRegisteredAccount = accounts[1] - const newBlsPublicKey = web3.utils.randomHex(96) - const newBlsPoP = web3.utils.randomHex(48) const ecdsaPublicKey = await addressToPublicKey(notRegisteredAccount, web3.eth.sign) await testLocallyWithWeb3Node(Register, ['--from', notRegisteredAccount], web3) await testLocallyWithWeb3Node( @@ -210,20 +170,12 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { ) await testLocallyWithWeb3Node( ValidatorRegister, - [ - '--from', - notRegisteredAccount, - '--ecdsaKey', - ecdsaPublicKey, - '--blsKey', - '0x4fa3f67fc913878b068d1fa1cdddc54913d3bf988dbe5a36a20fa888f20d4894c408a6773f3d7bde11154f2a3076b700d345a42fd25a0e5e83f4db5586ac7979ac2053cd95d8f2efd3e959571ceccaa743e02cf4be3f5d7aaddb0b06fc9aff00', - '--blsSignature', - '0xcdb77255037eb68897cd487fdd85388cbda448f617f874449d4b11588b0b7ad8ddc20d9bb450b513bb35664ea3923900', - '--yes', - ], + ['--from', notRegisteredAccount, '--ecdsaKey', ecdsaPublicKey, '--yes'], web3 ) + logMock.mockClear() + await testLocallyWithWeb3Node( Authorize, [ @@ -235,17 +187,32 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { signerNotRegisteredAccount, '--signature', PROOF_OF_POSSESSION_SIGNATURE, - '--blsKey', - newBlsPublicKey, - '--blsPop', - newBlsPoP, ], web3 ) - expect(stripAnsiCodesFromNestedArray(logMock.mock.calls)).toMatchInlineSnapshot() + + expect(stripAnsiCodesFromNestedArray(logMock.mock.calls)).toMatchInlineSnapshot(` + [ + [ + "Running Checks:", + ], + [ + " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is a registered Account ", + ], + [ + "All checks passed", + ], + [ + "SendTransaction: authorizeTx", + ], + [ + "txHash: 0xtxhash", + ], + ] + `) }) - test('cannot authorize validator signer without BLS after validator is registered', async () => { + it('fails when using BLS keys on L2', async () => { const accounts = await web3.eth.getAccounts() const notRegisteredAccount = accounts[0] const signerNotRegisteredAccount = accounts[1] @@ -258,19 +225,12 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { ) await testLocallyWithWeb3Node( ValidatorRegister, - [ - '--from', - notRegisteredAccount, - '--ecdsaKey', - ecdsaPublicKey, - '--blsKey', - '0x4fa3f67fc913878b068d1fa1cdddc54913d3bf988dbe5a36a20fa888f20d4894c408a6773f3d7bde11154f2a3076b700d345a42fd25a0e5e83f4db5586ac7979ac2053cd95d8f2efd3e959571ceccaa743e02cf4be3f5d7aaddb0b06fc9aff00', - '--blsSignature', - '0xcdb77255037eb68897cd487fdd85388cbda448f617f874449d4b11588b0b7ad8ddc20d9bb450b513bb35664ea3923900', - '--yes', - ], + ['--from', notRegisteredAccount, '--ecdsaKey', ecdsaPublicKey, '--yes'], web3 ) + + logMock.mockClear() + await expect( testLocallyWithWeb3Node( Authorize, @@ -283,97 +243,17 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { signerNotRegisteredAccount, '--signature', PROOF_OF_POSSESSION_SIGNATURE, + '--blsKey', + '0x4fa3f67fc913878b068d1fa1cdddc54913d3bf988dbe5a36a20fa888f20d4894c408a6773f3d7bde11154f2a3076b700d345a42fd25a0e5e83f4db5586ac7979ac2053cd95d8f2efd3e959571ceccaa743e02cf4be3f5d7aaddb0b06fc9aff00', + '--blsPop', + '0xcdb77255037eb68897cd487fdd85388cbda448f617f874449d4b11588b0b7ad8ddc20d9bb450b513bb35664ea3923900', ], web3 ) - ).rejects.toThrowErrorMatchingInlineSnapshot(`"Some checks didn't pass!"`) - expect(stripAnsiCodesFromNestedArray(errorMock.mock.calls)).toMatchInlineSnapshot(`[]`) - expect(stripAnsiCodesFromNestedArray(logMock.mock.calls)).toMatchInlineSnapshot(` - [ - [ - "Running Checks:", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered Account ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: register", - ], - [ - "txHash: 0xtxhash", - ], - [ - "Running Checks:", - ], - [ - " ✔ Value [10000000000000000000000] is > 0 ", - ], - [ - "All checks passed", - ], - [ - "Running Checks:", - ], - [ - " ✔ Account has at least 10000 CELO ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: lock", - ], - [ - "txHash: 0xtxhash", - ], - [ - "Running Checks:", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is Signer or registered Account ", - ], - [ - " ✔ Signer can sign Validator Txs ", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered Validator ", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered ValidatorGroup ", - ], - [ - " ✔ Signer's account has enough locked celo for registration ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: registerValidator", - ], - [ - "txHash: 0xtxhash", - ], - [ - "SendTransaction: Set encryption key", - ], - [ - "txHash: 0xtxhash", - ], - [ - "Running Checks:", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is a registered Account ", - ], - [ - " ✘ undefined is not a registered Validator ", - ], - ] - `) + ).rejects.toMatchInlineSnapshot(`[Error: BLS keys are not supported on L2]`) + + expect(stripAnsiCodesFromNestedArray(logMock.mock.calls)).toMatchInlineSnapshot(`[]`) }) test('can force authorize validator signer without BLS after validator is registered', async () => { @@ -389,19 +269,12 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { ) await testLocallyWithWeb3Node( ValidatorRegister, - [ - '--from', - notRegisteredAccount, - '--ecdsaKey', - ecdsaPublicKey, - '--blsKey', - '0x4fa3f67fc913878b068d1fa1cdddc54913d3bf988dbe5a36a20fa888f20d4894c408a6773f3d7bde11154f2a3076b700d345a42fd25a0e5e83f4db5586ac7979ac2053cd95d8f2efd3e959571ceccaa743e02cf4be3f5d7aaddb0b06fc9aff00', - '--blsSignature', - '0xcdb77255037eb68897cd487fdd85388cbda448f617f874449d4b11588b0b7ad8ddc20d9bb450b513bb35664ea3923900', - '--yes', - ], + ['--from', notRegisteredAccount, '--ecdsaKey', ecdsaPublicKey, '--yes'], web3 ) + + logMock.mockClear() + await testLocallyWithWeb3Node( Authorize, [ @@ -420,78 +293,6 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { expect(stripAnsiCodesFromNestedArray(errorMock.mock.calls)).toMatchInlineSnapshot(`[]`) expect(stripAnsiCodesFromNestedArray(logMock.mock.calls)).toMatchInlineSnapshot(` [ - [ - "Running Checks:", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered Account ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: register", - ], - [ - "txHash: 0xtxhash", - ], - [ - "Running Checks:", - ], - [ - " ✔ Value [10000000000000000000000] is > 0 ", - ], - [ - "All checks passed", - ], - [ - "Running Checks:", - ], - [ - " ✔ Account has at least 10000 CELO ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: lock", - ], - [ - "txHash: 0xtxhash", - ], - [ - "Running Checks:", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is Signer or registered Account ", - ], - [ - " ✔ Signer can sign Validator Txs ", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered Validator ", - ], - [ - " ✔ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not a registered ValidatorGroup ", - ], - [ - " ✔ Signer's account has enough locked celo for registration ", - ], - [ - "All checks passed", - ], - [ - "SendTransaction: registerValidator", - ], - [ - "txHash: 0xtxhash", - ], - [ - "SendTransaction: Set encryption key", - ], - [ - "txHash: 0xtxhash", - ], [ "Running Checks:", ], @@ -515,6 +316,9 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { const accounts = await web3.eth.getAccounts() const notRegisteredAccount = accounts[0] const signerNotRegisteredAccount = accounts[1] + + logMock.mockClear() + await expect( testLocallyWithWeb3Node( Authorize, @@ -541,9 +345,6 @@ testWithAnvilL2('account:authorize cmd', (web3: Web3) => { [ " ✘ 0x5409ED021D9299bf6814279A6A1411A7e866A631 is a registered Account 0x5409ED021D9299bf6814279A6A1411A7e866A631 is not registered as an account. Try running account:register", ], - [ - " ✔ undefined is not a registered Validator ", - ], ] `) }) diff --git a/packages/cli/src/commands/account/authorize.ts b/packages/cli/src/commands/account/authorize.ts index 96f3ae1bf..0be84faf0 100644 --- a/packages/cli/src/commands/account/authorize.ts +++ b/packages/cli/src/commands/account/authorize.ts @@ -26,11 +26,13 @@ export default class Authorize extends BaseCommand { description: 'The BLS public key that the validator is using for consensus, should pass proof of possession. 96 bytes.', dependsOn: ['blsPop'], + required: false, }), blsPop: CustomFlags.blsProofOfPossession({ description: 'The BLS public key proof-of-possession, which consists of a signature on the account address. 48 bytes.', dependsOn: ['blsKey'], + required: false, }), force: Flags.boolean({ description: @@ -56,6 +58,15 @@ export default class Authorize extends BaseCommand { res.flags.signer, res.flags.signature ) + const isCel2 = await this.isCel2() + + if (res.flags.role === 'validator') { + if (isCel2) { + if (res.flags.blsKey || res.flags.blsPop) { + this.error('BLS keys are not supported on L2', { exit: 1 }) + } + } + } // Check that the account is registered on-chain. // Additionally, if the authorization is for a validator, the BLS key must be provided when the @@ -63,7 +74,7 @@ export default class Authorize extends BaseCommand { // (Because the BLS key is stored on the validator entry, which would not exist yet) // Using the --force flag allows setting the ECDSA key on the validator without the BLS key. const checker = newCheckBuilder(this).isAccount(res.flags.from) - if (res.flags.role === 'validator' && !res.flags.force) { + if (res.flags.role === 'validator' && !res.flags.force && !isCel2) { if (res.flags.blsKey && res.flags.blsPop) { checker.isValidator(res.flags.from) } else { @@ -75,7 +86,8 @@ export default class Authorize extends BaseCommand { let tx: any if (res.flags.role === 'vote') { tx = await accounts.authorizeVoteSigner(res.flags.signer, sig) - } else if (res.flags.role === 'validator' && res.flags.blsKey && res.flags.blsPop) { + } else if (res.flags.role === 'validator' && res.flags.blsKey && res.flags.blsPop && !isCel2) { + // TODO(L2): this is deprecated and not supported in L2 tx = await accounts.authorizeValidatorSignerAndBls( res.flags.signer, sig,