Proposals

Proposals

/

Proposal

Quorum not reached

Enclave Proposal

User profile image

by

by

0x447bF33F7c7C925eb7674bCF590AeD4Aa...

0x447b...656b

ID 585597...6296

ID 585597...6296

Proposed on: Oct 6th, 2023

Proposed on: Oct 6th, 2023

Votes

Actions

Type

Address

Details

Custom

0xc711...1AC6

changeVerificationAddress(..)

Custom

Account

0xc711...1AC6

Method

changeVerificationAddress(..)

Proposal

Enclave Code Update Proposal

Proposal Purpose:

The primary purpose of this proposal is to seek approval for setting up a new Settlement Verification Address (SVA) in the contract. This new SVA is generated using the below mentioned CMK ID. We believe this will bolster the security and efficiency of our validation processes. Every Settlement message will be signed with SVA privately.

Approval Parameters:

  • New CMK ID: 904a6b92-711d-4289-a010-0039266de333
  • New Settlement Verification Address (SVA): 0xa52cdb5227545d447d3d77501971934ae546b036

Below is a detailed summary of the changes we have made regarding the newer enclave build, as reflected in our recent git commits:

Git Commits Summary:

  1. Feat: Token addresses for zKEVM mainnet 56ff00cbe83bb8206ff360f44b99b40802fe8434 - Address map of tokens aligned with their contract addresses

    • More Details

  2. Feat: Add user subscription d887670f3d9b9f396e7148e376f795efd50f4d41 - For handling balances for newly added subscriptions and expiring subscriptions

    • More Details.

Note: Commits are in descending order of date of their creation.

Validator Onboarding:

For new validators, we've refined our onboarding process to ensure a smooth and seamless onboading. The process now includes:

  1. Setting up Amazon EC2 Enclave compatible instance:

    • We have setup this Dev Doc containing walkthrough for seamless private EC2 instance setup used for verification process
    • Validators can reach out to our dedicated Discord channel for further guidance on onboarding.

  2. Script Setup:

  3. Voting Account Setup and Walkthrough:

    • TBD

What the Script Does:

  1. System and Tool Preparation:

    • Logs into the your newly created/existing EC2 instance.
    • Updates and installs essential packages.
    • Replaces AWS CLI v1 with v2 if found or keeps v2 intact if already installed.
    • Installs Git, Docker, and Nitro CLI.

  2. Repository Management: Clones a Nume Enclave P2P GitHub repository into EC2 workspace.

  3. Verification Tasks:

    • Verifies file SHA from the Docker image in the ECR against the local files of latest commit on the EC2 instance. Git commited file hash and docker image file hashes should essentially MATCH
    • Builds an enclave and checks its PCR0 value against AWS KMS Key policy. It verifies that Attestation PCR value matches with policy

  4. Address Generation: From the given AWS Asymmetric KMS Key it gets the public key and generates a settlement verification address (SVA). Each validator can verify that SVA generated here should match the one defined in custom action of Tally Proposal.

  5. Output Display: Compares verification values and displays test outcomes along with the generated address.

How to Run the Script:

To run the script, you need to use the following command, providing appropriate values for your setup:

sh enclave-script.sh <HOST> <PEM> <KEY_ID>

Replace <HOST>, <PEM>, and <KEY_ID> with the EC2 instance's address, the path to your private key file, and the AWS KMS Key ID respectively.

For example:

sh enclave-script.sh ec2-18-212-141-78.compute-1.amazonaws.com nitro-uat.pem

Votes
Status