Add Watchtower Signer Requirement for Verification

[RonTuretzky]

Summary

This PR implements issue #11 by adding a mandatory Watchtower component to the OpacitySDK verification system. The Watchtower acts as a trusted signer that must participate in every verification for it to be considered valid, providing an additional layer of security and trust.

Changes

Core SDK Updates (src/OpacitySDK.sol)

• ✅ Added watchtowerSignature field to VerificationParams struct
• ✅ Implemented ECDSA signature verification for Watchtower
• ✅ Added watchtower state variables (watchtowerAddress, watchtowerEnabled)
• ✅ Added events for watchtower operations (WatchtowerUpdated, WatchtowerStatusChanged, WatchtowerVerification)
• ✅ Modified verify() function to check watchtower signature before operator quorum
• ✅ Added admin functions to manage watchtower (updateWatchtower, setWatchtowerStatus)

Example Contracts Updates

• ✅ Updated SimpleVerificationConsumer constructor to accept watchtower address
• ✅ Updated StorageQueryConsumer constructor and verification result struct
• ✅ Modified events to include watchtower verification status

Deployment Scripts (script/DeployOpacityExamples.s.sol)

• ✅ Added support for configuring watchtower address via environment variable
• ✅ Updated deployment to pass watchtower address to consumer contracts
• ✅ Enhanced deployment summary to show watchtower configuration

Testing (test/OpacitySDKWatchtower.t.sol)

• ✅ Added comprehensive test suite with 8 tests covering:
  • Watchtower signature requirement enforcement
  • Invalid signature rejection
  • Watchtower enable/disable functionality
  • Watchtower address updates
  • Event emissions
  • Zero address validation

How the Watchtower Works

1. Mandatory Participation: When enabled, every verification must include a valid watchtower signature
2. ECDSA Signatures: Uses standard Ethereum ECDSA signatures for compatibility
3. Configurable: Can be enabled/disabled and address can be updated by contract admin
4. Two-Step Verification:
   • First checks watchtower signature (if enabled)
   • Then verifies operator quorum via BLS signatures

Security Benefits

• Prevents Operator Collusion: Watchtower acts as independent oversight
• Audit Trail: All watchtower verifications emit events for monitoring
• Emergency Circuit Breaker: Can halt verifications if anomalies detected
• Key Rotation: Watchtower address can be updated for security

Test Results

Ran 8 tests for test/OpacitySDKWatchtower.t.sol:OpacitySDKWatchtowerTest
[PASS] testCannotUpdateWatchtowerToZeroAddress() (gas: 8808)
[PASS] testInvalidWatchtowerSignature() (gas: 28933)
[PASS] testWatchtowerAddressInitialization() (gas: 14414)
[PASS] testWatchtowerCanBeDisabled() (gas: 16062)
[PASS] testWatchtowerCanBeUpdated() (gas: 21188)
[PASS] testWatchtowerSignatureRequired() (gas: 23590)
[PASS] testWatchtowerSignatureVerification() (gas: 25695)
[PASS] testWatchtowerStatusChange() (gas: 19969)

Suite result: ok. 8 passed; 0 failed; 0 skipped

Breaking Changes

⚠️ This is a breaking change - Existing deployments will need to:

1. Provide a watchtower address when deploying new contracts
2. Update client libraries to include watchtower signatures in verification requests

Deployment Instructions

Set the watchtower address via environment variable:

export WATCHTOWER_ADDRESS=0x... # Your watchtower address
forge script script/DeployOpacityExamples.s.sol --rpc-url $RPC_URL --private-key $PRIVATE_KEY --broadcast

Closes #11

🤖 Generated with Claude Code