fix(node): restore mainnet validator hash compatibility

[panos-xyz]

Summary

• Restore the mainnet historical validator compatibility gate for height 18409547 that was removed with the BLS signing cleanup.
• Apply the same invalid BLS key handling to both live sequencer set updates and historical validator lookups.
• Bypass the sequencer set cache at the fork boundary so replay computes the expected NextValidatorsHash.

Test plan

• go test ./core -count=1
• go test ./... -short -count=1
• go vet ./...
• git diff --check

Summary by CodeRabbit

• New Features
  • Added BLS key validation for validator sets on mainnet at a designated fork height.
  • Validators with invalid BLS keys are now automatically filtered out during validator set construction.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds historical BLS key validation at a configurable fork height. A mainnet fork constant and config field enable the feature; the executor stores and uses the fork height to filter invalid BLS keys from validator sets via new helper methods that check key validity and cache reuse conditions.

Changes

BLS Key Validation at Fork Height

Layer / File(s)	Summary
Configuration and fork height constant node/core/config.go	Introduces MainnetBlsKeyCheckForkHeight = 18409547 constant and adds BlsKeyCheckForkHeight field to Config struct; CLI initialization sets the value for mainnet mode.
Executor fork height storage and validator filtering node/core/executor.go	Executor stores blsKeyCheckForkHeight from config and applies shouldKeepSequencerAtHeight checks during validator-set construction in getValidatorsAtHeight to filter invalid BLS keys.
BLS key validation helpers and cache reuse logic node/core/sequencers.go	Adds BLS12-381 import; implements isValidBlsKey helper using key decoding; introduces shouldReuseSequencerCache (height-aware cache reuse) and shouldKeepSequencerAtHeight (height-gated key validation); filters sequencer entries during set construction.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• morph-l2/morph#808: Both PRs modify sequencerSetUpdates logic to skip invalid/undecodable sequencer BLS keys instead of aborting.
• morph-l2/morph#828: Directly aligned with BLS key validation at fork height via shared config wiring and height-aware BLS key filtering logic.

Suggested reviewers

• Web3Jumb0
• Kukoomomo

Poem

🐰 A fork in the chain, where validators align,
BLS keys checked at height 18409547 fine.
Invalid ones filtered, caches reused with care,
The sequencer set's trustworthy—history proved fair! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(node): restore mainnet validator hash compatibility' accurately reflects the main objective of this PR, which is to restore mainnet historical validator compatibility at a specific fork height.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/mainnet-validator-set-hash-18409547

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@node/core/config.go`:
- Around line 152-155: The current guard uses
ctx.GlobalIsSet(flags.MainnetFlag.Name) which returns true even when
--mainnet=false; change the condition to check the boolean flag value by using
ctx.GlobalBool(flags.MainnetFlag.Name) instead so that the block setting
c.BlsKeyCheckForkHeight = MainnetBlsKeyCheckForkHeight and the logger.Info call
only run when the mainnet flag is actually true (update the condition where
GlobalIsSet is used, e.g., replace GlobalIsSet with GlobalBool for
flags.MainnetFlag.Name while leaving c.BlsKeyCheckForkHeight and logger.Info
as-is).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f4a46bf0-5a24-47d6-841d-89410fb0aff3

📥 Commits

Reviewing files that changed from the base of the PR and between 319d563 and b19c5ac.

📒 Files selected for processing (3)

• node/core/config.go
• node/core/executor.go
• node/core/sequencers.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

In urfave/cli v1.22.x, when a BoolFlag is invoked as --mainnet=false, does Context.GlobalIsSet("mainnet") return true while Context.GlobalBool("mainnet") returns false?

💡 Result:

Yes, in urfave/cli v1.22.x, if you invoke a BoolFlag as --mainnet=false, Context.GlobalIsSet("mainnet") will return true and Context.GlobalBool("mainnet") will return false [1][2]. This occurs because of how the library handles flag parsing and state tracking: 1. GlobalIsSet: This method determines whether a flag was explicitly provided by the user [1][3]. When you pass --mainnet=false, the underlying standard library flagset registers that the flag was set, causing GlobalIsSet to return true [1][2]. 2. GlobalBool: This method retrieves the current value of the boolean flag [2]. Since the value provided was false, GlobalBool correctly returns false [2]. The IsSet mechanism tracks whether a flag was provided during parsing (or via direct modification methods like Set), regardless of whether the resulting value is true or false [1][3]. Consequently, providing the flag explicitly results in it being marked as "set" even when the assigned value is false [1].

Citations:

• 1: https://github.com/urfave/cli/blob/v1.22.17/context.go
• 2: https://github.com/urfave/cli/blob/v1.22.17/flag_bool.go
• 3: https://github.com/urfave/cli/blob/v1.20.0/context.go

---

Use --mainnet flag value (GlobalBool) instead of “is set” (GlobalIsSet) for compatibility gating.

In urfave/cli v1.22.x, --mainnet=false still makes ctx.GlobalIsSet("mainnet") true, so mainnet compatibility can be enabled incorrectly; the guard should use the boolean value instead.

Suggested fix

-	if ctx.GlobalIsSet(flags.MainnetFlag.Name) {
+	if ctx.GlobalBool(flags.MainnetFlag.Name) {
 		c.BlsKeyCheckForkHeight = MainnetBlsKeyCheckForkHeight
 		logger.Info("mainnet historical validator compatibility enabled", "BlsKeyCheckForkHeight", c.BlsKeyCheckForkHeight)
 	}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if ctx.GlobalIsSet(flags.MainnetFlag.Name) {
	c.BlsKeyCheckForkHeight = MainnetBlsKeyCheckForkHeight
	logger.Info("mainnet historical validator compatibility enabled", "BlsKeyCheckForkHeight", c.BlsKeyCheckForkHeight)
	}
	if ctx.GlobalBool(flags.MainnetFlag.Name) {
	c.BlsKeyCheckForkHeight = MainnetBlsKeyCheckForkHeight
	logger.Info("mainnet historical validator compatibility enabled", "BlsKeyCheckForkHeight", c.BlsKeyCheckForkHeight)
	}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@node/core/config.go` around lines 152 - 155, The current guard uses
ctx.GlobalIsSet(flags.MainnetFlag.Name) which returns true even when
--mainnet=false; change the condition to check the boolean flag value by using
ctx.GlobalBool(flags.MainnetFlag.Name) instead so that the block setting
c.BlsKeyCheckForkHeight = MainnetBlsKeyCheckForkHeight and the logger.Info call
only run when the mainnet flag is actually true (update the condition where
GlobalIsSet is used, e.g., replace GlobalIsSet with GlobalBool for
flags.MainnetFlag.Name while leaving c.BlsKeyCheckForkHeight and logger.Info
as-is).