Skip to content

feat: change external sign method#908

Open
riccckyluo wants to merge 6 commits intomainfrom
gas-price-oracle-ext-sign
Open

feat: change external sign method#908
riccckyluo wants to merge 6 commits intomainfrom
gas-price-oracle-ext-sign

Conversation

@riccckyluo
Copy link

@riccckyluo riccckyluo commented Mar 11, 2026
edited by coderabbitai bot
Loading

update gas price oracle sign method

Summary by CodeRabbit

  • New Features

    • Added configurable blob base fee buffer to fine-tune base-fee updates.

  • Chores

    • Consolidated signing to a unified remote signer client for all signing paths.
    • Standardized transaction submission to use a call-based signing flow.
    • Refactored internal signer infrastructure for consistency and reliability.

@riccckyluo riccckyluo requested a review from a team as a code owner March 11, 2026 08:06
@riccckyluo riccckyluo requested review from r3aker86 and removed request for a team March 11, 2026 08:06
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 11, 2026
edited
Loading

Warning

Rate limit exceeded

@riccckyluo has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 9 minutes and 3 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e14ee7fd-eab3-44ad-8f9f-415421c50582

📥 Commits

Reviewing files that changed from the base of the PR and between f7177b3 and 4db18e6.

📒 Files selected for processing (3)
  • gas-oracle/app/src/da_scalar/l1_scalar.rs
  • gas-oracle/app/src/gas_price_oracle.rs
  • gas-oracle/app/src/signer.rs
📝 Walkthrough

Walkthrough

Replaces local RSA/crypto signing and related deps with a git-based remote-signer-client; refactors signing surface to accept ContractCall<M, D> and forwards method signatures to the remote signer, removing the old external_sign module.

Changes

Cohort / File(s) Summary
Dependency Migration
gas-oracle/app/Cargo.toml		 Removed rsa, sha2, uuid, base64, pem; added git-based remote-signer-client dependency.
Module Removal
gas-oracle/app/src/lib.rs		 Removed mod external_sign; declaration and associated internal module.
Signer Core API
gas-oracle/app/src/signer.rs		 Changed send_transaction to accept ContractCall<M, D> generics; extract contract address, method signature, and calldata from the call; updated sign_tx to accept method_sig; switched external signer type to SignerClient and forward method signature for remote signing.
Integration Points
gas-oracle/app/src/gas_price_oracle.rs, gas-oracle/app/src/l1_base_fee.rs, gas-oracle/app/src/da_scalar/l1_scalar.rs		 Replaced Option<ExternalSign> with Option<SignerClient> in structs/constructors; switched from address+calldata send pattern to passing ContractCall (call object) into send_transaction; added l1_blob_base_fee_buffer: u64 field and constructor param in BaseFeeUpdater.
Removed Module
gas-oracle/app/src/external_sign.rs		 Entire external_sign.rs (RSA-based remote signing implementation and tests) deleted and replaced by remote signer client integration.

Sequence Diagram

sequenceDiagram
    participant Caller as Oracle Update Method
    participant Signer as send_transaction(call)
    participant LocalSigner as LocalWallet Signer
    participant RemoteSigner as SignerClient
    participant L2Provider as L2 Provider

    Caller->>Signer: call: ContractCall<M,D>
    activate Signer
    Signer->>Signer: extract to, method_sig, calldata
    alt ext_signer present
        Signer->>RemoteSigner: sign(tx, method_sig)
        activate RemoteSigner
        RemoteSigner-->>Signer: signed_tx_bytes
        deactivate RemoteSigner
    else local signer
        Signer->>LocalSigner: sign_transaction(tx)
        activate LocalSigner
        LocalSigner-->>Signer: signed_tx_bytes
        deactivate LocalSigner
    end
    Signer->>L2Provider: send_raw_transaction(signed_tx)
    activate L2Provider
    L2Provider-->>Signer: tx_hash
    deactivate L2Provider
    Signer-->>Caller: Result<H256>
    deactivate Signer
Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐰 I swapped old keys for a remote friend,
Calls carry methods from start to end,
No PEM, no RSA to comb—
A SignerClient hops us home,
The rabbit cheers: compact, signed, and penned!

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: replacing the external sign implementation with a new SignerClient-based approach across the gas oracle codebase.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch gas-price-oracle-ext-sign

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 11, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
gas-oracle/app/src/da_scalar/l1_scalar.rs (1)

46-50: ⚠️ Potential issue | 🟠 Major

Fix the test to use SignerClient instead of ExternalSign.

Line 50 changes the constructor parameter to ext_signer: Option<SignerClient>, but the ignored test at lines 467-468 still instantiates ExternalSign and passes it to ScalarUpdater::new(). Since ExternalSign is undefined in this file and cargo test compiles ignored tests, this will cause a compilation failure.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@gas-oracle/app/src/da_scalar/l1_scalar.rs` around lines 46 - 50, The ignored
test still constructs an ExternalSign and passes it to ScalarUpdater::new, but
the constructor now expects ext_signer: Option<SignerClient>; update the test to
construct (or mock) a SignerClient and pass Some(signer_client) (or None if you
want no external signer) to ScalarUpdater::new, replace all uses/imports of
ExternalSign with SignerClient, and add any needed imports or helper creation
code so the test compiles.
🧹 Nitpick comments (1)
gas-oracle/app/Cargo.toml (1)

26-26: Pin remote-signer-client to an immutable revision.

Leaving the signer client on a floating git HEAD means a lockfile refresh can silently pull different signing code. For a signing dependency, pinning rev or tag keeps builds reproducible.

Suggested manifest change 
-remote-signer-client = { git = "https://github.com/morph-l2/remote-signer-client", package = "remote-signer-client" }
+remote-signer-client = { git = "https://github.com/morph-l2/remote-signer-client", rev = "<commit-sha>", package = "remote-signer-client" }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@gas-oracle/app/Cargo.toml` at line 26, The dependency declaration for
remote-signer-client should be pinned to a specific git revision or tag instead
of floating to HEAD; update the Cargo.toml entry for remote-signer-client (the
dependency line referencing git =
"https://github.com/morph-l2/remote-signer-client", package =
"remote-signer-client") to include either rev = "<commit-sha>" or tag =
"<tag-name>" so the crate resolves reproducibly and repeatably during builds.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@gas-oracle/app/src/gas_price_oracle.rs`:
- Around line 191-199: The code currently calls
SignerClient::new(...).map_err(...).unwrap(), causing a panic on failure; change
this to propagate the error from prepare_updater() by replacing unwrap() with
the ? operator (or returning the mapped anyhow! error via ?). Specifically,
update the call to SignerClient::new in prepare_updater to return its Result
(use ? after map_err or drop map_err and use .context(...) then ?), so failures
from SignerClient::new propagate instead of crashing.

In `@gas-oracle/app/src/signer.rs`:
- Around line 31-34: The current match on call.tx.to() falls back to
Address::zero(), which silently sends to the zero address; instead, detect
non-address targets and return an explicit error (or propagate one) when
call.tx.to() is None or NameOrAddress::Name. Replace the fallback in the code
that sets contract (the match on call.tx.to() producing Address::zero()) with
logic that returns a descriptive error (e.g., MissingCallTarget or
InvalidCallTarget) so the remote-sign path fails fast and lets callers/policy
checks handle missing/Name targets.

---

Outside diff comments:
In `@gas-oracle/app/src/da_scalar/l1_scalar.rs`:
- Around line 46-50: The ignored test still constructs an ExternalSign and
passes it to ScalarUpdater::new, but the constructor now expects ext_signer:
Option<SignerClient>; update the test to construct (or mock) a SignerClient and
pass Some(signer_client) (or None if you want no external signer) to
ScalarUpdater::new, replace all uses/imports of ExternalSign with SignerClient,
and add any needed imports or helper creation code so the test compiles.

---

Nitpick comments:
In `@gas-oracle/app/Cargo.toml`:
- Line 26: The dependency declaration for remote-signer-client should be pinned
to a specific git revision or tag instead of floating to HEAD; update the
Cargo.toml entry for remote-signer-client (the dependency line referencing git =
"https://github.com/morph-l2/remote-signer-client", package =
"remote-signer-client") to include either rev = "<commit-sha>" or tag =
"<tag-name>" so the crate resolves reproducibly and repeatably during builds.
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f7e5e2a2-ee1b-4975-a9fa-9c269ba74b1d

📥 Commits

Reviewing files that changed from the base of the PR and between 31059df and da46d9f.

⛔ Files ignored due to path filters (1)
  • gas-oracle/app/Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (6)
  • gas-oracle/app/Cargo.toml
  • gas-oracle/app/src/da_scalar/l1_scalar.rs
  • gas-oracle/app/src/gas_price_oracle.rs
  • gas-oracle/app/src/l1_base_fee.rs
  • gas-oracle/app/src/lib.rs
  • gas-oracle/app/src/signer.rs
💤 Files with no reviewable changes (1)
  • gas-oracle/app/src/lib.rs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@r3aker86 r3aker86 Awaiting requested review from r3aker86 r3aker86 is a code owner automatically assigned from morph-l2/security

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@riccckyluo