raychu86
commented
1 month ago Added a tweak to minimize change-set and clean up the testing; the logic should be equivalent.
Unfortunately this dismissed the previous reviews.
Closed d0cd closed 1 month ago
raychu86
commented
1 month ago Added a tweak to minimize change-set and clean up the testing; the logic should be equivalent.
Unfortunately this dismissed the previous reviews.
This PR:
Failing Case
This issue was found in a deployed program with a similar structure to:
At a high-level, deployments are verified by randomly generating inputs, executing the program, extracting the assignment, and checking that the associated certificates match the structure of the assignment. Note that the actual values do not matter. Source
The core issue is that RNG used in generating random inputs can differ across different runs of verify_deployment.
The failing case manifests in the following way:
cast r0 into r1 as scalar;creates an invalid scalar field element whenr0is larger than the scalar field modulus.r1.Solution
To fix this issue, this PR deterministically seeds the RNG used in deployment verification with the lower 64 bits of the deployment ID. This ensures that validators will use the same seed for a particular deployment, which ensures that they will always agree on whether the deployment is valid or not.
Testing
This PR includes a test that attempts to deploy a program that loads and stores data types with invalid scalar field elements. The test verifies that the status of the deployment is consistent: always valid or always invalid, independent of the RNG.
CI for this branch is running here.
Considerations
In addition to this PR, additional mitigations can be put in place to ensure that:
Scalar::eject_valuedoes not halteject_value. This is dependent on whether or not the invocations ofeject_valueare intended to serve as a value check or a less strict type check.Related PRs
Use this PR over #2534