In the current design, every mailbox has an associated domainHash(), used as a domain separator to ensure that validator signatures cannot be replayed on different mailboxes.
Right now, this domainHash() is stored in the [Out|In]boxValidatorManager contracts. This works because there is a 1:1 mapping between mailboxes and ValidatorManagers; each Mailbox can look to its ValidatorManager for its domainHash.
With the replacement of ValidatorManagers with sovereign ValidatorManagers, this 1:1 mapping will no longer exist; each Mailboxes will not have a single ValidatorManager at which it can query its domainHash().
To address this, we should move domainHash() from the ValidatorManager contracts to the Inbox contracts.
In the current design, every mailbox has an associated
domainHash()
, used as a domain separator to ensure that validator signatures cannot be replayed on different mailboxes.Right now, this
domainHash()
is stored in the[Out|In]boxValidatorManager
contracts. This works because there is a 1:1 mapping between mailboxes andValidatorManagers
; eachMailbox
can look to itsValidatorManager
for itsdomainHash
.With the replacement of
ValidatorManagers
with sovereign ValidatorManagers, this 1:1 mapping will no longer exist; eachMailboxes
will not have a singleValidatorManager
at which it can query itsdomainHash()
.To address this, we should move
domainHash()
from theValidatorManager
contracts to theInbox
contracts.