Fix L2 Output Timestamps

[trianglesphere]

Description
There was an off by one error in the L2 Output Oracle contract in the timestamp to
block number conversion. In addition, the L2 Output Submitter (op proposer) did
not recognize that there was a mismatch between the timestamp/block number in
the header and the timestamp/block number from the contract.

This bug causes problems when trying to do withdrawals.

Metadata

• Fixes ENG-2128

[protolambda]

Why not change the outputRootAtBlock RPC in the rollup-node to serve the L2 block header. That way it's always consistent. The l2 output root submitter shouldn't even need to directly talk to a L2 geth node I think

[trianglesphere]

That wouldn't solve the original issue nor a race condition on the proof. Original is that the timestamp -> block number conversion was wrong. The race condition is that we get by block number but don't check the proof against the header - the only way to do this is by checking the state root.

[protolambda]

FWIW, the server of the output root already does get a header and verifies the proof against the state root:

optimistic-specs/opnode/node/api.go

Line 73 in 5189b9a

if err := proof.Verify(head.Root); err != nil {

It would be nice to serve the header in the same RPC response, and then the timestamp / block number can be used without extra calls with a separate RPC client to L2 geth.

[trianglesphere]

It's a good idea and you should make an issue for it.

[codecov-commenter]

Codecov Report

Merging #416 (e56e6ca) into main (55db896) will decrease coverage by 0.86%.
The diff coverage is 25.00%.

@@            Coverage Diff             @@
##             main     #416      +/-   ##
==========================================
- Coverage   53.12%   52.26%   -0.87%     
==========================================
  Files          62       63       +1     
  Lines        6500     6703     +203     
==========================================
+ Hits         3453     3503      +50     
- Misses       2608     2764     +156     
+ Partials      439      436       -3     

Impacted Files	Coverage Δ
l2os/bindings/l2oo/l2_output_oracle.go	8.60% <ø> (ø)
l2os/drivers/l2output/driver.go	65.19% <14.28%> (-2.05%)	⬇️
opnode/rollup/driver/step.go	61.37% <100.00%> (ø)
opnode/cmd/main.go	7.89% <0.00%> (-0.56%)	⬇️
opnode/service.go	0.00% <0.00%> (ø)
opnode/cmd/stateviz/main.go	0.00% <0.00%> (ø)
opnode/node/node.go	60.15% <0.00%> (+0.15%)	⬆️
opnode/p2p/gossip.go	67.36% <0.00%> (+1.04%)	⬆️
l2os/txmgr/txmgr.go	93.78% <0.00%> (+2.48%)	⬆️
opnode/rollup/driver/state.go	75.24% <0.00%> (+4.00%)	⬆️
... and 2 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 55db896...e56e6ca. Read the comment docs.

[trianglesphere]

This is ready for a re-review. The test is failing because the sequencer is reorging on the L1 Info transaction between when it sequences it and when it verifies it

[tynes]

I'd really like to know why this is happening

[trianglesphere]

I'm assuming that it starts block production prior to having a full up to date view of the L1 chain.