Update to use Guardians

[QuentinI]

Closes #<ISSUE_NUMBER>

This PR:

• Updates Espresso Tee repository to Add Guardian contract espresso-tee-contracts#44
• Updates BatchAuthenticator to inherit from OwnableWithGuardiansUpgradeable contract
• Batcher switching can now be done by guardians
• Not directly related drive-by: we had an issue with BatchInbox where it had non-empty ABI surface (owner() function by inheriting from Ownable and batchAuthenticator getter). This meant that an attacker could bypass validation by sending a batch that has first bytes colliding with one of these functions' selectors. This PR fixes this by reducing BatchInbox to the thinnest contract possible. All validation logic is also delegated to BatchAuthenticator, as it is now upgradable, BatchInbox only serves as an entrypoint.

This PR does not:

Key places to review:

[gemini-code-assist]

Summary of Changes

Hello @QuentinI, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces significant architectural improvements to the batch processing system by refactoring the BatchInbox and BatchAuthenticator contracts. The BatchInbox is now a thinner, more secure entry point, delegating all validation to the BatchAuthenticator. The BatchAuthenticator itself has been upgraded to be upgradeable, incorporates a new guardian mechanism for enhanced control over batcher switching, and now fully supports EIP-4844 blob transactions, ensuring robust and flexible batch validation.

Highlights

• Upgradeability and Guardian Control for BatchAuthenticator: The BatchAuthenticator contract now inherits from OwnableWithGuardiansUpgradeable, enabling a multi-party guardian system for critical operations like switching batchers. This also makes the contract upgradeable via an ERC1967Proxy.
• Streamlined BatchInbox for Enhanced Security: The BatchInbox contract has been significantly refactored to have a minimal ABI surface, removing owner() and batchAuthenticator() getters. This change mitigates potential attack vectors arising from function selector collisions, ensuring all calls are routed through its fallback function.
• Centralized Batch Validation Logic: All batch validation logic, previously distributed, is now consolidated within the BatchAuthenticator contract. The BatchInbox now solely delegates validation to BatchAuthenticator.validateBatch().
• EIP-4844 Blob Transaction Support: The BatchAuthenticator has been updated to support validation of EIP-4844 blob transactions, allowing it to process both calldata and blob-based batches.
• Espresso TEE Contracts Subproject Update: The underlying espresso-tee-contracts subproject has been updated, bringing in new interfaces and functionalities, including ServiceType for TEE verifier interactions.
• Deployment Script Modernization: Deployment scripts for BatchAuthenticator and EspressoTEEVerifier now utilize ERC1967Proxy for deploying upgradeable contract instances, improving future maintainability and flexibility.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces significant architectural improvements by refactoring BatchAuthenticator and EspressoTEEVerifier to be upgradeable contracts using the UUPS proxy pattern. The BatchInbox contract has been streamlined to delegate all batch validation logic to the BatchAuthenticator, effectively reducing its attack surface and centralizing complex validation. The switchBatcher functionality in BatchAuthenticator now includes guardian control, providing an emergency response mechanism. Additionally, the changes incorporate handling for EIP-4844 blob transactions. The test suite has been comprehensively updated to reflect these new patterns and functionalities. Overall, these changes enhance the system's security, maintainability, and upgradeability.