[Don't Merge] feat: add param to skip system config signer check

[yiweichi]

1. Purpose or design rationale of this PR

This PR adds param to skip system config signer check.
To use: add --skipsignercheck

This PR is tailored for l2reth testing architecture, we probably don't want to merge it.

2. PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

• build: Changes that affect the build system or external dependencies (example scopes: yarn, eslint, typescript)
• ci: Changes to our CI configuration files and scripts (example scopes: vercel, github, cypress)
• docs: Documentation-only changes
• feat: A new feature
• fix: A bug fix
• perf: A code change that improves performance
• refactor: A code change that doesn't fix a bug, or add a feature, or improves performance
• style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
• test: Adding missing tests or correcting existing tests

3. Deployment tag versioning

Has the version in params/version.go been updated?

• This PR doesn't involve a new deployment, git tag, docker image tag, and it doesn't affect traces
• Yes

4. Breaking change label

Does this PR have the breaking-change label?

• This PR is not a breaking change
• Yes

Summary by CodeRabbit

• New Features

  • Added a CLI flag to skip signer verification for the SystemContract engine; help/usage now shows the flag under the Rollup section.

• Chores

  • Version patch bumped from 3 to 4.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new boolean CLI flag skipsignercheck, threads it through configuration and engine creation, stores it on the SystemContract instance, and conditionally bypasses signer verification during consensus header and cascading-field checks when enabled.

Changes

Cohort / File(s)	Summary
CLI Flag Definition & Registration cmd/utils/flags.go, cmd/geth/main.go, cmd/geth/usage.go	New skipsignercheck boolean CLI flag defined, added to nodeFlags, and included in ROLLUP help group.
Configuration & Engine Initialization eth/ethconfig/config.go, eth/backend.go, les/client.go	ethconfig.Config receives SkipSignerCheck field; CreateConsensusEngine signature extended to accept skipSignerCheck and passed through from Ethereum and LES client initializers.
SystemContract Engine & Logic consensus/system_contract/system_contract.go, consensus/system_contract/consensus.go	SystemContract gains skipSignerCheck field; constructor updated to accept it; verification paths (verifyHeader, verifyCascadingFields) short-circuit or skip signature checks when set.
Tests & Callsites Updated consensus/system_contract/system_contract_test.go, miner/scroll_worker_test.go	Call sites and tests updated to pass the new boolean argument to SystemContract.New (explicit false in existing tests).
Version Bump params/version.go	VersionPatch incremented from 3 to 4.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant CLI as CLI Parser
    participant SetCfg as SetEthConfig
    participant Config as ETH Config
    participant Engine as Consensus Engine Creator
    participant SC as SystemContract
    participant Verify as Verification Logic

    User->>CLI: supply --skipsignercheck
    CLI->>SetCfg: parse flag
    SetCfg->>Config: cfg.SkipSignerCheck = true
    Config->>Engine: CreateConsensusEngine(..., skipSignerCheck)
    Engine->>SC: New(ctx, cfg, client, skipSignerCheck)
    SC->>SC: s.skipSignerCheck = skipSignerCheck

    rect rgba(100, 200, 150, 0.5)
    Note over SC,Verify: During block verification
    SC->>Verify: verifyHeader / verifyCascadingFields
    Verify->>Verify: if s.skipSignerCheck == true
    Verify->>Verify: bypass signature presence & authorization checks
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: address system contract consensus issues and comments #1126: Modifies SystemContract consensus implementation and signer handling in overlapping files (consensus/system_contract/*).

Suggested reviewers

• jonastheis
• georgehao
• colinlyguo

Poem

🐰 A little flag hops in with cheer,
It skips the signer, nothing to fear.
Through CLI, config, engine we prance,
Consensus skips checks, giving it a chance.
Version nudged onward — code takes a leap! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: adding a parameter to skip system config signer check. It follows conventional commits (feat:) and is specific enough to understand the primary change.
Description check	✅ Passed	The description adequately covers the purpose (adding param to skip signer check with usage example), follows the template structure, and correctly identifies the commit type as 'feat'. The author notes this is for testing only.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[frisitano]

Do we need to add some tests for this, or have you already tested it ad hoc?

[yiweichi]

Do we need to add some tests for this, or have you already tested it ad hoc?

Not tested yet, planing to do it in a minute.

[yiweichi]

Tested in my local environment, found an issue and fixed, should works well now.

[yiweichi]

I overwrote the original image, so the image scrolltech/l2geth:scroll-v5.10.2-skip-signer-check should still work.
https://github.com/scroll-tech/go-ethereum/actions/runs/21393839481

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@cmd/utils/flags.go`:
- Around line 1855-1858: The SkipSignerCheckFlag handling must be guarded:
modify the block that reads ctx.GlobalIsSet(SkipSignerCheckFlag.Name) /
ctx.GlobalBool(...) and cfg.SkipSignerCheck so that it emits a WARN (use
log.Warn) whenever the flag is used, and refuse to enable it when the active
network is mainnet or Scroll mainnet (detect network via your existing
network/env/config API); alternatively require an explicit unsafe
acknowledgement flag (e.g., UnsafeAllowSkipSignerCheck) before setting
cfg.SkipSignerCheck. Ensure the change references SkipSignerCheckFlag,
cfg.SkipSignerCheck, ctx.GlobalIsSet/GlobalBool, and log.* so callers cannot
accidentally enable signer skipping in production.

🧹 Nitpick comments (2)

cmd/utils/flags.go (1)

922-925: Make the help text explicitly warn about insecurity.

This flag disables signer verification; the usage string should clearly mark it as unsafe/testing-only.

♻️ Suggested wording tweak

-		Usage: "Skip signer check for the SystemContract engine",
+		Usage: "INSECURE (testing only): skip signer check for the SystemContract engine",

consensus/system_contract/system_contract.go (1)

36-55: Add a loud warning when skipSignerCheck is enabled.

Since this bypasses signer verification, emit a warning so operators can’t enable it silently.

♻️ Proposed change

 func New(ctx context.Context, config *params.SystemContractConfig, client sync_service.EthClient, skipSignerCheck bool) *SystemContract {
 	log.Info("Initializing system_contract consensus engine", "config", config)
+	if skipSignerCheck {
+		log.Warn("SystemContract signer check disabled; consensus verification bypassed")
+	}
 
 	ctx, cancel := context.WithCancel(ctx)