EspressoSystems · Sneh1999 · Jan 9, 2025 · Jan 8, 2025
@@ -14,11 +14,8 @@ import {
     ENCLAVE_REPORT_LENGTH
 } from "@automata-network/dcap-attestation/contracts/types/Constants.sol";
 import {EnclaveReport} from "@automata-network/dcap-attestation/contracts/types/V3Structs.sol";
-import {
-    V3QuoteVerifier
-} from "@automata-network/dcap-attestation/contracts/verifiers/V3QuoteVerifier.sol";
 import {BytesUtils} from "@automata-network/dcap-attestation/contracts/utils/BytesUtils.sol";
-import {Ownable} from "solady/auth/Ownable.sol";
+import "@openzeppelin/contracts/access/Ownable2Step.sol";
 import {IEspressoTEEVerifier} from "./IEspressoTEEVerifier.sol";
 
 /**
@@ -27,7 +24,10 @@ import {IEspressoTEEVerifier} from "./IEspressoTEEVerifier.sol";
  * @notice Contains the logic to verify a quote from the TEE and attest on-chain. It uses the V3QuoteVerifier contract
  *         from automata to verify the quote. Along with some additional verification logic.
  */
-contract EspressoTEEVerifier is IEspressoTEEVerifier, Ownable {
+contract EspressoTEEVerifier is IEspressoTEEVerifier, Ownable2Step {
+    event MREnclaveSet(bytes32 indexed mrEnclave);
+    event MRSignerSet(bytes32 indexed mrSigner);
+
     using BytesUtils for bytes;
 
     // V3QuoteVerififer contract from automata to verify the quote
@@ -39,7 +39,6 @@ contract EspressoTEEVerifier is IEspressoTEEVerifier, Ownable {
         quoteVerifier = V3QuoteVerifier(_quoteVerifier);
         mrEnclave = _mrEnclave;
         mrSigner = _mrSigner;
-        _initializeOwner(msg.sender);
     }
 
     /*
@@ -63,10 +62,10 @@ contract EspressoTEEVerifier is IEspressoTEEVerifier, Ownable {
             revert InvalidQuote();
         }
 
-        // // Parse enclave quote
-        uint256 offset = HEADER_LENGTH + ENCLAVE_REPORT_LENGTH;
+        // Parse enclave quote
+        uint256 lastIndex = HEADER_LENGTH + ENCLAVE_REPORT_LENGTH;
         EnclaveReport memory localReport;
-        (success, localReport) = parseEnclaveReport(rawQuote[HEADER_LENGTH:offset]);
+        (success, localReport) = parseEnclaveReport(rawQuote[HEADER_LENGTH:lastIndex]);
         if (!success) {
             revert FailedToParseEnclaveReport();
         }
@@ -89,18 +88,13 @@ contract EspressoTEEVerifier is IEspressoTEEVerifier, Ownable {
         @return header The parsed header
     */
     function parseQuoteHeader(bytes calldata rawQuote) public pure returns (Header memory header) {
-        bytes2 attestationKeyType = bytes2(rawQuote[2:4]);
-        bytes2 qeSvn = bytes2(rawQuote[8:10]);
-        bytes2 pceSvn = bytes2(rawQuote[10:12]);
-        bytes16 qeVendorId = bytes16(rawQuote[12:28]);
-
         header = Header({
             version: uint16(BELE.leBytesToBeUint(rawQuote[0:2])),
-            attestationKeyType: attestationKeyType,
+            attestationKeyType: bytes2(rawQuote[2:4]),
             teeType: bytes4(uint32(BELE.leBytesToBeUint(rawQuote[4:8]))),
-            qeSvn: qeSvn,
-            pceSvn: pceSvn,
-            qeVendorId: qeVendorId,
+            qeSvn: bytes2(rawQuote[8:10]),
+            pceSvn: bytes2(rawQuote[10:12]),
+            qeVendorId: bytes16(rawQuote[12:28]),
             userData: bytes20(rawQuote[28:48])
         });
     }
@@ -136,13 +130,15 @@ contract EspressoTEEVerifier is IEspressoTEEVerifier, Ownable {
      * @dev Set the mrEnclave of the contract
      */
     function setMrEnclave(bytes32 _mrEnclave) external onlyOwner {
+        emit MREnclaveSet(_mrEnclave);
         mrEnclave = _mrEnclave;
     }
 
     /*
      * @dev Set the mrSigner of the contract
      */
     function setMrSigner(bytes32 _mrSigner) external onlyOwner {
+        emit MRSignerSet(_mrSigner);
         mrSigner = _mrSigner;
     }
 }
@@ -111,4 +111,16 @@ contract EspressoTEEVerifierTest is Test {
         assertEq(espressoTEEVerifier.mrSigner(), newMrSigner);
         vm.stopPrank();
     }
+
+    // Test Ownership transfer using Ownable2Step contract
+    function testOwnershipTransfer() public {
+        vm.startPrank(adminTEE);
+        assertEq(address(espressoTEEVerifier.owner()), adminTEE);
+        espressoTEEVerifier.transferOwnership(fakeAddress);
+        vm.stopPrank();
+        vm.startPrank(fakeAddress);
+        espressoTEEVerifier.acceptOwnership();
+        assertEq(address(espressoTEEVerifier.owner()), fakeAddress);
+        vm.stopPrank();
+    }
 }