C: clamping of `budget` in `elements_simplicity_execSimplicity` is incorrect

BlockstreamResearch / simplicity

Simplicity is a blockchain programming language designed as an alternative to Bitcoin script.

MIT License

305 stars 45 forks source link

C: clamping of `budget` in `elements_simplicity_execSimplicity` is incorrect #234

Closed apoelstra closed 4 months ago

apoelstra commented 5 months ago

In elements_simplicity_execSimplicity we clamp the passed budget value to ensure it does not exceed BUDGET_MAX. But we do not check for negative values. If you pass a negative value, it will be casted to a ubounded that exceeds BUDGET_MAX, eventually triggering an assertion failure in eval.c.

There are three ways we might handle negative values:

clamping to 0
returning an error
asserting in execSimplicity

I have no preference about which.

roconnor-blockstream commented 5 months ago

I'm leaning towards making the budget non-negative a precondition and adding an assertion in execSimplicity.

roconnor-blockstream commented 4 months ago

Fixed in 'staging'.