feat: tee_verifier_input_producer (#1860)

## What ❔

Extract all data needed to re-execute and verify an L1Batch without
accessing the DB and/or the object store.

For testing purposes, the L1 batch is re-executed immediately for now.
Eventually, this component will only extract the inputs and send them to
another machine over a "to be defined" channel, e.g., save them to an
object store.

## Why ❔

Have an additional proof 2F verification running inside a TEE

## Checklist

<!-- Check your PR fulfills the following items. -->
<!-- For draft PRs check the boxes as you complete them. -->

- [x] PR title corresponds to the body of PR (we generate changelog
entries from PRs).
- [x] Tests for the changes have been added / updated.
- [x] Documentation comments have been added / updated.
- [x] Code has been formatted via `zk fmt` and `zk lint`.
- [x] Spellcheck has been run via `zk spellcheck`.
- [ ] Linkcheck has been run via `zk linkcheck`.

---------

Signed-off-by: Harald Hoyer <[email protected]>
Co-authored-by: Thomas Knauth <[email protected]>
Co-authored-by: Patrick Bęza <[email protected]>

Cargo.toml

@@ -46,6 +46,7 @@ members = [
     "core/lib/queued_job_processor",
     "core/lib/state",
     "core/lib/storage",
+    "core/lib/tee_verifier",
     "core/lib/types",
     "core/lib/protobuf_config",
     "core/lib/utils",
@@ -221,6 +222,7 @@ zksync_snapshots_applier = { path = "core/lib/snapshots_applier" }
 zksync_state = { path = "core/lib/state" }
 zksync_storage = { path = "core/lib/storage" }
 zksync_system_constants = { path = "core/lib/constants" }
+zksync_tee_verifier = { path = "core/lib/tee_verifier" }
 zksync_test_account = { path = "core/tests/test_account" }
 zksync_types = { path = "core/lib/types" }
 zksync_utils = { path = "core/lib/utils" }

checks-config/era.dic

@@ -957,3 +957,6 @@ RECURSION_TIP_ARITY
 empty_proof
 hyperchain
 storages
+vec
+zksync_merkle_tree
+TreeMetadata

core/bin/zksync_server/src/main.rs

@@ -45,7 +45,7 @@ struct Cli {
     /// Comma-separated list of components to launch.
     #[arg(
         long,
-        default_value = "api,tree,eth,state_keeper,housekeeper,commitment_generator"
+        default_value = "api,tree,eth,state_keeper,housekeeper,tee_verifier_input_producer,commitment_generator"
     )]
     components: ComponentsToRun,
     /// Path to the yaml config. If set, it will be used instead of env vars.

core/lib/contracts/src/lib.rs

@@ -250,13 +250,13 @@ fn read_zbin_bytecode_from_path(bytecode_path: PathBuf) -> Vec<u8> {
         .unwrap_or_else(|err| panic!("Can't read .zbin bytecode at {:?}: {}", bytecode_path, err))
 }
 /// Hash of code and code which consists of 32 bytes words
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct SystemContractCode {
     pub code: Vec<U256>,
     pub hash: H256,
 }
 
-#[derive(Debug, Clone)]
+#[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct BaseSystemContracts {
     pub bootloader: SystemContractCode,
     pub default_aa: SystemContractCode,

core/lib/dal/migrations/20240325133100_add_tee_verifier_input_producer_jobs_table.down.sql

@@ -0,0 +1,5 @@
+DROP INDEX IF EXISTS idx_tee_verifier_input_producer_jobs_status_processing_attempts;
+
+DROP TABLE IF EXISTS tee_verifier_input_producer_jobs;
+
+DROP TYPE IF EXISTS tee_verifier_input_producer_job_status;

core/lib/dal/migrations/20240325143100_add_tee_verifier_input_producer_jobs_table.up.sql

@@ -0,0 +1,18 @@
+CREATE TYPE tee_verifier_input_producer_job_status AS ENUM ('Queued', 'ManuallySkipped', 'InProgress', 'Successful', 'Failed');
+
+CREATE TABLE IF NOT EXISTS tee_verifier_input_producer_jobs
+(
+    l1_batch_number       BIGINT    NOT NULL PRIMARY KEY,
+    attempts              SMALLINT  NOT NULL DEFAULT 0,
+    status                tee_verifier_input_producer_job_status,
+    picked_by             TEXT,
+    input_blob_url        TEXT,
+    error                 TEXT,
+    created_at            TIMESTAMP NOT NULL,
+    updated_at            TIMESTAMP NOT NULL,
+    processing_started_at TIMESTAMP,
+    time_taken            TIME
+);
+
+CREATE INDEX IF NOT EXISTS idx_tee_verifier_input_producer_jobs_status_processing_attempts
+    ON tee_verifier_input_producer_jobs (status, processing_started_at, attempts);

core/lib/dal/src/lib.rs

@@ -20,7 +20,8 @@ use crate::{
     snapshot_recovery_dal::SnapshotRecoveryDal, snapshots_creator_dal::SnapshotsCreatorDal,
     snapshots_dal::SnapshotsDal, storage_logs_dal::StorageLogsDal,
     storage_logs_dedup_dal::StorageLogsDedupDal, storage_web3_dal::StorageWeb3Dal,
-    sync_dal::SyncDal, system_dal::SystemDal, tokens_dal::TokensDal,
+    sync_dal::SyncDal, system_dal::SystemDal,
+    tee_verifier_input_producer_dal::TeeVerifierInputProducerDal, tokens_dal::TokensDal,
     tokens_web3_dal::TokensWeb3Dal, transactions_dal::TransactionsDal,
     transactions_web3_dal::TransactionsWeb3Dal,
 };
@@ -48,6 +49,7 @@ pub mod storage_logs_dedup_dal;
 pub mod storage_web3_dal;
 pub mod sync_dal;
 pub mod system_dal;
+pub mod tee_verifier_input_producer_dal;
 pub mod tokens_dal;
 pub mod tokens_web3_dal;
 pub mod transactions_dal;
@@ -71,6 +73,8 @@ where
 
     fn transactions_web3_dal(&mut self) -> TransactionsWeb3Dal<'_, 'a>;
 
+    fn tee_verifier_input_producer_dal(&mut self) -> TeeVerifierInputProducerDal<'_, 'a>;
+
     fn blocks_dal(&mut self) -> BlocksDal<'_, 'a>;
 
     fn blocks_web3_dal(&mut self) -> BlocksWeb3Dal<'_, 'a>;
@@ -133,6 +137,10 @@ impl<'a> CoreDal<'a> for Connection<'a, Core> {
         TransactionsWeb3Dal { storage: self }
     }
 
+    fn tee_verifier_input_producer_dal(&mut self) -> TeeVerifierInputProducerDal<'_, 'a> {
+        TeeVerifierInputProducerDal { storage: self }
+    }
+
     fn blocks_dal(&mut self) -> BlocksDal<'_, 'a> {
         BlocksDal { storage: self }
     }