era-contracts feat: 2FA MultisigVerifier

What ❔

MultisigVerifier contract for 2FA.

Why ❔

2FA want to mitigate issues caused by sequencer compromise by requiring all commit operations to be signed by select ENs confirming they can reproduce the associated batch. Thus we require a call to commitBatchesMultisig instead of commitBatchesSharedBridge with additional signatures argument.

TODO

[x] Should this be a separate contract? I'm inclined to integrate this funcionality with ValidatorTimelock
[ ] Tests

Checklist

[x] PR title corresponds to the body of PR (we generate changelog entries from PRs).
[ ] Tests for the changes have been added / updated.
[x] Documentation comments have been added / updated.

Sep 11 '25 10:09 cytadela8

@codex security review

Oct 30 '25 17:10 vladbochok

Codex Review: Didn't find any major issues. Bravo.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Oct 30 '25 17:10 chatgpt-codex-connector[bot]

@codex security review

Nov 06 '25 15:11 cytadela8

Codex Review: Didn't find any major issues. Another round soon, please!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

Open a pull request for review
Mark a draft as ready
Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Nov 06 '25 15:11 chatgpt-codex-connector[bot]

Coverage after merging multisig-verifier into zksync-os-stable will be

80.13%

Coverage Report

File	Stmts	Branches	Funcs	Lines	Uncovered Lines
contracts/bridge
BridgeHelper.sol	85.71%	100%	100%	85%	31, 36, 41
BridgedStandardERC20.sol	82.14%	100%	92.31%	80.28%	120–121, 126–127, 139–140, 164, 205, 212, 219, 229–230, 63, 91
L1ERC20Bridge.sol	94%	100%	100%	93.02%	189, 208, 270
L1Nullifier.sol	83.33%	100%	86.21%	82.89%	115, 129–131, 161, 222, 225, 235, 238, 248, 251, 419–421, 425–426, 453, 519, 603, 615, 653, 655, 699, 711, 714, 716, 729, 742–743, 747–748, 768
contracts/bridge/asset-router
AssetRouterBase.sol	97.14%	100%	100%	96.55%	67
L1AssetRouter.sol	88.17%	100%	89.29%	87.97%	106, 232, 270, 286, 373, 384, 415, 454–455, 469, 500, 572, 661, 672, 686, 691, 74, 90, 98
contracts/bridge/interfaces
AssetHandlerModifiers.sol	75%	100%	100%	66.67%	13
contracts/bridge/ntv
L1NativeTokenVault.sol	86.72%	100%	90.48%	85.98%	172–178, 180, 248–249, 251, 262, 264, 270, 94
NativeTokenVaultBase.sol	89.08%	100%	91.67%	88.67%	222, 227, 244, 262, 267, 283, 302, 310, 479, 494, 522, 555–556, 560–561, 74, 90
UpgradeableBeaconDeployer.sol	0%	100%	0%	0%	15–16, 18, 20–21
contracts/bridgehub
BridgehubBase.sol	79.41%	100%	80.56%	79.17%	128, 133, 135–136, 141–143, 150, 168, 208–209, 218, 233, 272, 275, 294, 310, 341, 459, 463, 467–468, 487, 490, 546, 550, 553, 588–589, 593–594, 602–603, 607–608
CTMDeploymentTracker.sol	73.47%	100%	81.82%	71.05%	107, 111, 115, 140, 144–145, 33, 41, 66, 79–80
ChainAssetHandlerBase.sol	69.39%	100%	66.67%	69.77%	116, 133, 136, 148–149, 194, 211–212, 216–217, 76, 83–84
L1Bridgehub.sol	88.14%	100%	92.31%	87.62%	101, 111, 123, 240, 313, 317–318, 321, 63–64, 87, 91–92
L1ChainAssetHandler.sol	81.82%	100%	75%	84%	39–40, 48–49
L1MessageRoot.sol	78.57%	100%	75%	80%	36–37
L2Bridgehub.sol	80.56%	100%	75%	82.14%	106, 63, 79–80, 91
L2ChainAssetHandler.sol	80.65%	100%	75%	82.61%	47–48, 70, 94
L2MessageRoot.sol	34.38%	100%	50%	30.77%	39–40, 43–44, 50, 68, 74–75, 79, 81, 83, 86–87, 89, 93–96
L2MessageVerification.sol	100%	100%	100%	100%
MessageRootBase.sol	58.18%	100%	70%	55.56%	100–102, 108–110, 119, 131, 141, 146–151, 153–157
contracts/common
ReentrancyGuard.sol	95%	100%	100%	94.12%	79
contracts/common/l2-helpers
L2ContractHelper.sol	84.91%	100%	100%	82.22%	102, 108, 112, 129, 134, 73, 79, 83
SystemContractsCaller.sol	0%	100%	0%	0%	102, 114, 122–125, 128, 135–139, 141–142, 32–34, 37, 44–45, 47, 49, 51, 53, 66, 69, 72, 75, 78, 83, 89, 91, 93, 96, 98
contracts/common/libraries
DataEncoding.sol	85.11%	100%	100%	81.58%	109–110, 117–118, 163, 177, 45
DynamicIncrementalMerkle.sol	73.91%	100%	80%	73.17%	66–70, 72–74, 76–78
FullMerkle.sol	100%	100%	100%	100%
Merkle.sol	98.15%	100%	100%	97.96%	83
MessageHashing.sol	95.16%	100%	100%	94.64%	113, 77, 94
SemVer.sol	100%	100%	100%	100%
UncheckedMath.sol	100%	100%	100%	100%
UnsafeBytes.sol	100%	100%	100%	100%
ZKSyncOSBytecodeInfo.sol	50%	100%	50%	50%	30, 33
contracts/governance
AccessControlRestriction.sol	100%	100%	100%	100%
ChainAdmin.sol	97.87%	100%	100%	97.30%	39
ChainAdminOwnable.sol	44.83%	100%	40%	45.83%	28, 38–40, 46–48, 57, 66, 77–79, 81
Governance.sol	100%	100%	100%	100%
L2ProxyAdminDeployer.sol	0%	100%	0%	0%	16–18, 20
PermanentRestriction.sol	88.80%	100%	100%	87.39%	104, 111–112, 200–201, 204–205, 208, 210–211, 240, 288, 310, 341
ServerNotifier.sol	93.10%	100%	100%	90.91%	55, 65
TransitionaryOwner.sol	0%	100%	0%	0%	16–17, 21–23
contracts/governance/restriction
Restriction.sol	100%	100%	100%	100%
RestrictionValidator.sol	100%	100%	100%	100%
contracts/l2-upgrades
L2ComplexUpgrader.sol	0%	100%	0%	0%	23–25, 39, 44, 46, 56, 62–63, 70, 79–81, 84, 86–87
L2GenesisForceDeploymentsHelper.sol	0%	100%	0%	0%	100, 102–103, 108–110, 114, 124, 129–134, 136, 148, 156, 160, 165, 174–175, 178, 185–186, 189, 194–195, 201, 209, 213, 218, 220, 230, 239, 242, 247, 257, 263–264, 267, 270, 276, 280, 284, 295, 304, 309, 311, 319, 330, 344, 350, 370, 378–379, 38, 382–383, 385, 39, 392, 399, 40–41, 49, 52–53, 58, 64–66, 70–72, 78–79, 82–83, 85, 87–88, 94, 96
L2GenesisUpgrade.sol	0%	100%	0%	0%	24, 31–32, 37–38, 42, 50

Dec 05 '25 11:12 github-actions[bot]