test: add test to showcase kernel exploit

[LHerskind]

Figured that the msg_sender that can be passed in during simulation is actually not constrained and blindly used. So if you bypass the account contract (where it does not really matter in most cases) and instead call private functions directly, you can use them as an entry point, but at the same time convince them that you called from some other contract.

This essentially allow you to set msg_sender at will, and is extremely dangerous, since you can use to to impersonate whoever you want.

In my case, I use it to impersonate a minter and mint some nice tokens for the attacker. In there, I'm minting 10K tokens to him, but he could really do whatever he want.

I don't think we are able to impersonate on public calls right now, but might just be because it is a little impractical to do atm. Nevertheless, this have to be fixed.

[LHerskind]

[!WARNING] This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite. Learn more

• #7190 👈
• #7184
• master

This stack of pull requests is managed by Graphite. Learn more about stacking.

Join @LHerskind and the rest of your teammates on Graphite

[AztecBot]

Benchmark results

Metrics with a significant change:

• proof_construction_time_poseidon_hash_ms (4): 45.0 (+32%)
• avm_simulation_time_ms (Token:mint_public): 608 (+868%)
• avm_simulation_time_ms (Token:assert_minter_and_mint): 71.6 (-65%)
• avm_simulation_time_ms (Token:transfer_public): 34.7 (-47%)
• protocol_circuit_witness_generation_time_in_ms (private-kernel-tail-to-public): 9,203 (+34%)

Detailed results

All benchmarks are run on txs on the `Benchmarking` contract on the repository. Each tx consists of a batch call to `create_note` and `increment_balance`, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write. This benchmark source data is available in JSON format on S3 [here](https://aztec-ci-artifacts.s3.us-east-2.amazonaws.com/benchmarks-v1/pulls/7190.json). ### Proof generation Each column represents the number of threads used in proof generation. | Metric | 1 threads | 4 threads | 16 threads | 32 threads | 64 threads | | - | - | - | - | - | - | proof_construction_time_sha256_30_ms | 11,774 | 3,174 (+1%) | 1,493 (+3%) | 1,644 (-1%) | 1,555 (-1%) | proof_construction_time_sha256_100_ms | 43,960 (-2%) | 11,839 (+1%) | 5,500 (+1%) | 5,510 (+1%) | 5,399 (+1%) | proof_construction_time_poseidon_hash_ms | 78.0 | :warning: 45.0 (**+32%**) | 34.0 | 57.0 | 89.0 (+2%) | proof_construction_time_poseidon_hash_30_ms | 1,517 | 416 | 201 (+1%) | 230 (+4%) | 266 | proof_construction_time_poseidon_hash_100_ms | 5,758 (+1%) | 1,576 | 725 | 777 (-1%) | 792 | ### L2 block published to L1 Each column represents the number of txs on an L2 block published to L1. | Metric | 4 txs | 8 txs | 16 txs | | - | - | - | - | l1_rollup_calldata_size_in_bytes | 1,412 | 1,412 | 1,412 | l1_rollup_calldata_gas | 9,476 | 9,466 | 9,476 | l1_rollup_execution_gas | 610,297 | 610,287 | 610,297 | l2_block_processing_time_in_ms | 753 | 1,414 | 2,695 (-2%) | l2_block_building_time_in_ms | 25,532 | 51,534 (-1%) | 100,337 | l2_block_rollup_simulation_time_in_ms | 25,437 | 51,231 (-1%) | 99,982 | l2_block_public_tx_process_time_in_ms | 21,865 | 47,439 (-1%) | 96,247 | ### L2 chain processing Each column represents the number of blocks on the L2 chain where each block has 8 txs. | Metric | 3 blocks | 5 blocks | | - | - | - | node_history_sync_time_in_ms | 7,044 (+1%) | 9,905 | node_database_size_in_bytes | 12,128,336 | 16,035,920 | pxe_database_size_in_bytes | 16,254 | 26,813 | ### Circuits stats Stats on running time and I/O sizes collected for every kernel circuit run across all benchmarks. | Circuit | simulation_time_in_ms | witness_generation_time_in_ms | proving_time_in_ms | input_size_in_bytes | output_size_in_bytes | proof_size_in_bytes | num_public_inputs | size_in_gates | | - | - | - | - | - | - | - | - | - | private-kernel-init | 130 | 467 (-3%) | 12,993 (+3%) | 20,634 | 67,190 | 92,352 | 2,819 | 524,288 | private-kernel-inner | 394 | 970 (+2%) | 48,894 (-3%) | 94,902 | 67,190 | 92,352 | 2,819 | 2,097,152 | private-kernel-tail | 373 | 1,820 (+3%) | 51,549 (+3%) | 99,121 | 71,733 | 14,912 | 399 | 2,097,152 | base-parity | 6.16 (-1%) | 1,891 (+1%) | 2,705 | 128 | 64.0 | 2,208 | 2.00 | 131,072 | root-parity | 48.8 | 76.1 (+1%) | 40,209 | 27,100 | 64.0 | 2,720 | 18.0 | 2,097,152 | base-rollup | 7,952 | 4,796 (-3%) | 85,050 (-1%) | 170,330 | 756 | 3,648 | 47.0 | 4,194,304 | root-rollup | 110 (+1%) | 88.4 (+3%) | 23,160 (+1%) | 25,309 | 620 | 3,456 | 41.0 | 1,048,576 | public-kernel-setup | 717 (+1%) | 3,659 (+1%) | 45,778 (+2%) | 116,905 | 93,334 | 125,344 | 3,850 | 2,097,152 | public-kernel-app-logic | 617 | 4,740 (+3%) | 44,803 (-1%) | 116,905 | 93,334 | 125,344 | 3,850 | 2,097,152 | public-kernel-tail | 1,417 | 37,322 (-5%) | 186,416 (-2%) | 511,910 | 10,014 | 14,912 | 399 | 8,388,608 | private-kernel-reset-small | 598 | 1,966 (-5%) | 46,085 (+1%) | 123,313 | 67,190 | 92,352 | 2,819 | 2,097,152 | public-kernel-teardown | 614 (+1%) | 4,654 (-1%) | 47,264 (+6%) | 116,905 | 93,334 | 125,344 | 3,850 | 2,097,152 | merge-rollup | 29.0 (+1%) | N/A | N/A | 16,542 | 756 | N/A | N/A | N/A | private-kernel-tail-to-public | N/A | :warning: 9,203 (**+34%**) | 99,077 (+3%) | N/A | N/A | 125,344 | 3,850 | 4,194,304 | Stats on running time collected for app circuits | Function | input_size_in_bytes | output_size_in_bytes | witness_generation_time_in_ms | proof_size_in_bytes | proving_time_in_ms | size_in_gates | num_public_inputs | | - | - | - | - | - | - | - | - | ContractClassRegisterer:register | 1,344 | 9,944 | 418 (-1%) | N/A | N/A | N/A | N/A | ContractInstanceDeployer:deploy | 1,408 | 9,944 | 39.5 | N/A | N/A | N/A | N/A | MultiCallEntrypoint:entrypoint | 1,920 | 9,944 | 1,767 (-1%) | N/A | N/A | N/A | N/A | GasToken:deploy | 1,376 | 9,944 | 976 (+2%) | N/A | N/A | N/A | N/A | SchnorrAccount:constructor | 1,312 | 9,944 | 1,409 (+1%) | N/A | N/A | N/A | N/A | SchnorrAccount:entrypoint | 2,304 | 9,944 | 2,846 (+1%) | 16,768 | 54,259 (-2%) | 2,097,152 | 457 | Token:privately_mint_private_note | 1,280 | 9,944 | 1,742 (+7%) | N/A | N/A | N/A | N/A | FPC:fee_entrypoint_public | 1,344 | 9,944 | 349 | 16,768 | 11,196 (-1%) | 524,288 | 457 | Token:transfer | 1,312 | 9,944 | 4,529 (+2%) | 16,768 | 46,910 (-4%) | 2,097,152 | 457 | AuthRegistry:set_authorized (avm) | 21,043 | N/A | N/A | 87,200 | 1,330 | N/A | N/A | FPC:prepare_fee (avm) | 28,841 | N/A | N/A | 88,032 | 5,828 (+5%) | N/A | N/A | Token:transfer_public (avm) | 44,971 | N/A | N/A | 87,865 | 4,692 | N/A | N/A | AuthRegistry:consume (avm) | 34,973 | N/A | N/A | 87,616 | 2,949 (-1%) | N/A | N/A | FPC:pay_refund (avm) | 33,573 | N/A | N/A | 88,448 | 11,061 (-3%) | N/A | N/A | Benchmarking:create_note | 1,344 | 9,944 | 1,419 (+1%) | N/A | N/A | N/A | N/A | SchnorrAccount:verify_private_authwit | 1,280 | 9,944 | 75.7 (-2%) | N/A | N/A | N/A | N/A | Token:unshield | 1,376 | 9,944 | 3,901 (+6%) | N/A | N/A | N/A | N/A | FPC:fee_entrypoint_private | 1,376 | 9,944 | 4,859 (+5%) | N/A | N/A | N/A | N/A | ### AVM Simulation Time to simulate various public functions in the AVM. | Function | time_ms | bytecode_size_in_bytes | | - | - | - | GasToken:_increase_public_balance | 69.8 (+2%) | 13,873 | GasToken:set_portal | 16.6 (-2%) | 3,495 | Token:constructor | 91.2 (-1%) | 24,207 | FPC:constructor | 61.6 (-2%) | 13,893 | GasToken:mint_public | 51.4 (+1%) | 10,241 | Token:mint_public | :warning: 608 (**+868%**) | 19,216 | Token:assert_minter_and_mint | :warning: 71.6 (**-65%**) | 13,034 | AuthRegistry:set_authorized | 32.0 (+7%) | 7,869 | FPC:prepare_fee | 189 (-1%) | 15,187 | Token:transfer_public | :warning: 34.7 (**-47%**) | 31,425 | FPC:pay_refund | 128 (+13%) | 20,080 | Benchmarking:increment_balance | 2,705 | 15,465 | Token:_increase_public_balance | 60.7 (+9%) | 15,089 | FPC:pay_refund_with_shielded_rebate | 154 (+8%) | 21,167 | ### Public DB Access Time to access various public DBs. | Function | time_ms | | - | - | get-nullifier-index | 0.154 (+1%) | ### Tree insertion stats The duration to insert a fixed batch of leaves into each tree type. | Metric | 1 leaves | 16 leaves | 64 leaves | 128 leaves | 256 leaves | 512 leaves | 1024 leaves | | - | - | - | - | - | - | - | - | batch_insert_into_append_only_tree_16_depth_ms | 10.3 (-5%) | 16.6 (-4%) | N/A | N/A | N/A | N/A | N/A | batch_insert_into_append_only_tree_16_depth_hash_count | 16.8 | 31.7 | N/A | N/A | N/A | N/A | N/A | batch_insert_into_append_only_tree_16_depth_hash_ms | 0.595 (-6%) | 0.511 (-4%) | N/A | N/A | N/A | N/A | N/A | batch_insert_into_append_only_tree_32_depth_ms | N/A | N/A | 47.8 (-1%) | 76.0 (-12%) | 131 | 244 (-1%) | 469 (-10%) | batch_insert_into_append_only_tree_32_depth_hash_count | N/A | N/A | 95.9 | 159 | 287 | 543 | 1,055 | batch_insert_into_append_only_tree_32_depth_hash_ms | N/A | N/A | 0.489 (-1%) | 0.467 (-12%) | 0.449 | 0.442 (-1%) | 0.438 (-10%) | batch_insert_into_indexed_tree_20_depth_ms | N/A | N/A | 59.1 (-1%) | 111 (-11%) | 182 (-2%) | 352 (-1%) | 692 | batch_insert_into_indexed_tree_20_depth_hash_count | N/A | N/A | 109 | 207 | 355 | 691 | 1,363 | batch_insert_into_indexed_tree_20_depth_hash_ms | N/A | N/A | 0.499 (-1%) | 0.500 (-11%) | 0.482 (-2%) | 0.476 (-1%) | 0.475 | batch_insert_into_indexed_tree_40_depth_ms | N/A | N/A | 72.4 (-2%) | N/A | N/A | N/A | N/A | batch_insert_into_indexed_tree_40_depth_hash_count | N/A | N/A | 133 | N/A | N/A | N/A | N/A | batch_insert_into_indexed_tree_40_depth_hash_ms | N/A | N/A | 0.515 (-3%) | N/A | N/A | N/A | N/A | ### Miscellaneous Transaction sizes based on how many contract classes are registered in the tx. | Metric | 0 registered classes | 1 registered classes | | - | - | - | tx_size_in_bytes | 85,672 | 670,983 | Transaction size based on fee payment method | Metric | | | - | |

[LHerskind]

A fix is fairly easy, simply need to assert that the msg_sender == max_value in the first call. We want to use max_value instead of 0, to avoid cases of using Address(0).

However, some of the tests gets kinda rekt with it, because many of the private_execution tests are calling functions directly and abusing the msg_sender in there.

[LHerskind]

@sirasistant or @LeilaWang, might make sense for one of you to look at this? Not fully sure what you guys think is the best way to do it and update all of the tests that it will break.

[LHerskind]

This should be fixed in #7404 so closing this.