Fix: sig circuit's capacity checker does not take account of ecrecover precompile (#725)

* sig circuit capacity checker does not take account of ecrecover precompile

* fmt

* clippy

Author: kunxian-xia

zkevm-circuits/src/sig_circuit.rs

@@ -220,9 +220,10 @@ impl<F: Field> SubCircuit<F> for SigCircuit<F> {
     type Config = SigCircuitConfig<F>;
 
     fn new_from_block(block: &crate::witness::Block<F>) -> Self {
+        assert!(block.circuits_params.max_txs <= MAX_NUM_SIG);
+
         SigCircuit {
-            // TODO: seperate max_verif with max_txs?
-            max_verif: block.circuits_params.max_txs,
+            max_verif: MAX_NUM_SIG,
             signatures: block.get_sign_data(true),
             _marker: Default::default(),
         }
@@ -257,13 +258,22 @@ impl<F: Field> SubCircuit<F> for SigCircuit<F> {
     fn min_num_rows_block(block: &crate::witness::Block<F>) -> (usize, usize) {
         let row_num = Self::min_num_rows();
 
-        let tx_count = block.txs.len();
-        let max_tx_count = block.circuits_params.max_txs;
+        let ecdsa_verif_count = block
+            .txs
+            .iter()
+            .filter(|tx| !tx.tx_type.is_l1_msg())
+            .count()
+            + block.precompile_events.get_ecrecover_events().len();
+        // Reserve one ecdsa verification for padding tx such that the bad case in which some tx
+        // calls MAX_NUM_SIG - 1 ecrecover precompile won't happen. If that case happens, the sig
+        // circuit won't have more space for the padding tx's ECDSA verification. Then the
+        // prover won't be able to produce any valid proof.
+        let max_num_verif = MAX_NUM_SIG - 1;
 
         // Instead of showing actual minimum row usage,
         // halo2-lib based circuits use min_row_num to represent a percentage of total-used capacity
         // This functionality allows l2geth to decide if additional ops can be added.
-        let min_row_num = (row_num / max_tx_count) * tx_count;
+        let min_row_num = (row_num / max_num_verif) * ecdsa_verif_count;
 
         (min_row_num, row_num)
     }

zkevm-circuits/src/witness/block.rs

@@ -96,23 +96,15 @@ impl<F: Field> Block<F> {
         let mut signatures: Vec<SignData> = self
             .txs
             .iter()
-            .map(|tx| {
-                if tx.tx_type.is_l1_msg() {
-                    // dummy signature
-                    Ok(SignData::default())
-                } else {
-                    tx.sign_data()
-                }
-            })
+            // Since L1Msg tx does not have signature, it do not need to do lookup into sig table
+            .filter(|tx| !tx.tx_type.is_l1_msg())
+            .map(|tx| tx.sign_data())
             .filter_map(|res| res.ok())
             .collect::<Vec<SignData>>();
         signatures.extend_from_slice(&self.precompile_events.get_ecrecover_events());
-        if padding {
-            let max_verif = self.circuits_params.max_txs;
-            signatures.resize(
-                max_verif,
-                Transaction::dummy(self.chain_id).sign_data().unwrap(),
-            )
+        if padding && self.txs.len() < self.circuits_params.max_txs {
+            // padding tx's sign data
+            signatures.push(Transaction::dummy(self.chain_id).sign_data().unwrap());
         }
         signatures
     }