Signature checks do not require arrays of signers
The requestWithdrawal
, modifyLocker
, and emergencyUnlock
functions accept a signers
array. This is passed into checkValidatorSignatures
to verify that the action is authorized:
function checkValidatorSignatures(
bytes32 message,
ValidatorSet memory activeValidatorSet, // Active set of all L1 validators
address[] memory signers, // Subsequence of the active L1 validators that signed the message
Signature[] memory signatures,
bytes32 validatorSetHash
) private view {
The array of signers is not necessary for performing the validator check. Instead, checkValidatorSignatures
could simply recover the array of signers and check that it is a sufficiently weighted subsequence of the chosen validator set. Omitting this argument from these external functions would simplify the interface and save gas.
Note: this issue was addressed in commit ; the signers array is no longer required to be provided by the user, and the signer's address recovered from the individual signatures is used instead.