fix: correct the numRound passing to plonk verifier

scroll-tech · Jul 19, 2024 · 79bc0f9 · 79bc0f9
1 parent 240069d
commit 79bc0f9
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 6 deletions.
diff --git a/hardhat-test/ZkEvmVerifierV2.spec.ts b/hardhat-test/ZkEvmVerifierV2.spec.ts
@@ -22,9 +22,11 @@ describe("ZkEvmVerifierV2", async () => {
     for (let i = 0; i < 8; ++i) {
       publicInputs[i] = instances[0x140 - (8 - i)];
     }
-    // numBatches, last 4 bytes of instances[0x180:0x1a0]
-    for (let i = 0; i < 4; ++i) {
-      publicInputs[8 + i] = instances[0x1a0 - (4 - i)];
+    // numBatches, last 4 bytes of instances[0x180:0x1a0] + 1
+    let numBatches = Number(hexlify(instances.subarray(0x180, 0x1a0))) + 1;
+    for (let i = 3; i >= 0; --i) {
+      publicInputs[8 + i] = numBatches % 256;
+      numBatches = Math.floor(numBatches / 256);
     }
     // prevStateRoot, concat(last 16 bytes of instances[0x20:0x40], last 16 bytes of instances[0x40:0x60])
     for (let i = 0; i < 16; ++i) {
@@ -147,7 +149,7 @@ describe("ZkEvmVerifierV2", async () => {
     });
   };
 
-  for (const version of ["v0.12.0-rc.2"]) {
+  for (const version of ["v0.12.0-rc.2", "v0.12.0-rc.3"]) {
     await doTest(version);
   }
 });
diff --git a/hardhat-test/testdata/plonk-verifier/v0.12.0-rc.3_pi.data b/hardhat-test/testdata/plonk-verifier/v0.12.0-rc.3_pi.data
diff --git a/hardhat-test/testdata/plonk-verifier/v0.12.0-rc.3_proof.data b/hardhat-test/testdata/plonk-verifier/v0.12.0-rc.3_proof.data
diff --git a/src/libraries/verifier/ZkEvmVerifierV2.sol b/src/libraries/verifier/ZkEvmVerifierV2.sol
@@ -68,7 +68,7 @@ contract ZkEvmVerifierV2 is IZkEvmVerifierV2 {
         //    | 0x180 + 0x120 | 0x180 + 0x140 | layer2ChainId           |
         //    | 0x180 + 0x140 | 0x180 + 0x160 | withdrawRoot_hi         |
         //    | 0x180 + 0x160 | 0x180 + 0x180 | withdrawRoot_lo         |
-        //    | 0x180 + 0x180 | 0x180 + 0x1a0 | numBatches              |
+        //    | 0x180 + 0x180 | 0x180 + 0x1a0 | numRound                |
         //    | 0x180 + 0x1a0 | dynamic       | bundleProof[0x180:]     |
         assembly {
             let p := mload(0x40)
@@ -94,7 +94,7 @@ contract ZkEvmVerifierV2 is IZkEvmVerifierV2 {
             mstore(add(p, 0x2c0), shr(128, value)) // withdrawRoot_hi
             mstore(add(p, 0x2e0), and(value, 0xffffffffffffffffffffffffffffffff)) // withdrawRoot_lo
             value := shr(224, calldataload(add(publicInput.offset, 0x08)))
-            mstore(add(p, 0x300), value) // numBatches
+            mstore(add(p, 0x300), sub(value, 1)) // numRound, which is numBatches - 1
             // 3. copy all remaining bytes from bundleProof
             calldatacopy(add(p, 0x320), add(bundleProof.offset, 0x180), sub(bundleProof.length, 0x180))
             // 4. call plonk verifier

diff --git a/src/libraries/verifier/plonk-verifier/plonk_verifier_v0.12.0-rc.3.bin b/src/libraries/verifier/plonk-verifier/plonk_verifier_v0.12.0-rc.3.bin