Skip to content

Add BLST utility library #1152

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
batconjurer wants to merge 5 commits into
base: bat/validator-set-registry-stubs
Choose a base branch
from
Open

Add BLST utility library #1152

batconjurer wants to merge 5 commits into from
+793 −0

Conversation

@batconjurer
Copy link
Contributor

@batconjurer batconjurer commented Jan 7, 2026

Why this should be merged

This adds a library for verifying BLS signatures in Ethereum contracts. Needed for the AvalancheValidatorSetRegistry

How this works

How this was tested

How is this documented

@batconjurer batconjurer requested a review from a team as a code owner January 7, 2026 10:12
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 7, 2026
View reviewed changes
Copy link

@github-advanced-security github-advanced-security bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep PRO found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

michaelkaplan13
michaelkaplan13 reviewed Jan 7, 2026
View reviewed changes
Copy link
Collaborator

@michaelkaplan13 michaelkaplan13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add a clear comment at the top of all these contracts that they are unaudited code that should not be used in production currently.

@geoff-vball
Copy link
Contributor

geoff-vball commented Jan 7, 2026

I tried to find an example of the disclaimer we had on unaudited contracts, but having trouble finding it. I think we might have moved away from disclaimers in every contract and opted instead for a disclaimer in the README in the folder for ValidatorManager when it was still under development. https://github.com/ava-labs/icm-contracts/blob/60e749e8c3b00e5698b75f2e2bc0fbed5f01b55d/contracts/validator-manager/README.md

Also happy if you think it would be better directly in the contracts @michaelkaplan13

mdelle1
mdelle1 reviewed Jan 7, 2026
View reviewed changes
@mdelle1
Copy link

mdelle1 commented Jan 7, 2026

Curious but how did you generate the signatures, public keys, etc. to check against? i.e. the ground truth values

@batconjurer
Copy link
Contributor Author

batconjurer commented Jan 7, 2026

Curious but how did you generate the signatures, public keys, etc. to check against? i.e. the ground truth values

Great question. I wrote the base version of these tests so long ago, I don't remember. I'll try to run that down for you.

@iansuvak
Copy link
Contributor

iansuvak commented Jan 7, 2026

I tried to find an example of the disclaimer we had on unaudited contracts, but having trouble finding it. I think we might have moved away from disclaimers in every contract and opted instead for a disclaimer in the README in the folder for ValidatorManager when it was still under development. https://github.com/ava-labs/icm-contracts/blob/60e749e8c3b00e5698b75f2e2bc0fbed5f01b55d/contracts/validator-manager/README.md

Also happy if you think it would be better directly in the contracts @michaelkaplan13

For ValidatorSetSig we did have this snippet in the code itself: https://github.com/ava-labs/icm-contracts/blob/14a958431c0bfece6019ed563a264fb2b13e0d66/contracts/governance/ValidatorSetSig.sol#L14 I'm open to either but readers should be able to easily distinguish between audited and non-audited code

@batconjurer
Copy link
Contributor Author

batconjurer commented Jan 9, 2026

We should add a clear comment at the top of all these contracts that they are unaudited code that should not be used in production currently.

I have added the disclaimer in the code itself. Hopefully that suits everyone

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@iansuvak iansuvak Awaiting requested review from iansuvak iansuvak is a code owner automatically assigned from ava-labs/interop

@geoff-vball geoff-vball Awaiting requested review from geoff-vball geoff-vball is a code owner automatically assigned from ava-labs/interop

@ylg-avalabs ylg-avalabs Awaiting requested review from ylg-avalabs ylg-avalabs is a code owner automatically assigned from ava-labs/interop

@mdelle1 mdelle1 Awaiting requested review from mdelle1

@michaelkaplan13 michaelkaplan13 Awaiting requested review from michaelkaplan13

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@batconjurer @geoff-vball @mdelle1 @iansuvak @michaelkaplan13