Open rakita opened 2 years ago
birchmd
commented
2 years ago Thanks for the detailed information @rakita . I'm sorry our library is not mature enough yet for external consumption. We will certainly work to incorporate the Ethereum tests and fix our precompiles to be 100% compatible with the Ethereum implementations.
rakita
commented
2 years ago @birchmd, It is what it is. Hope it helps.
rakita
commented
2 years ago btw, you probably need to set up a 'security@' email so that this kind of stuff can be reported there in future. I searched and didn't know where to report and I asked Arto on Twitter but he didn't respond, either way, it is good practice having something like this.
birchmd
commented
2 years ago Cc @frankbraun RE security email and procedures for accepting external vulnerability reports
joshuajbouw
commented
2 years ago I have @mrLSD assigned to this for now as he is working on implementing the precompile tests from ETH now. Once that is done, I will be able to be fix everything with finer greater detail.
rakita
commented
2 years ago @joshuajbouw @mrLSD maybe this can help: https://crates.io/crates/revm_precompiles
mrLSD
commented
2 years ago @rakita could you explain please how the issue related to Aurora? The description and tests runner about REVM. REVM - really awesome library! But I need clarification on what you propose in the Aurora context.
I investigated REVM, and am I'm not clear that you propose running for Auorara (SputnikVM) same tests logic for Ethereum like REVM?
I see, that REVM tests include only GeneralStateTests:
https://github.com/ethereum/tests/tree/fbff6fee061ade2358280a8d6f98f67b4ae2b60e/GeneralStateTests
Your proposal run same tests for SpuntikVM in the Aurora?
rakita
commented
2 years ago @mrLSD all these problems are found on aurora precompiles, some are bugs or edge cases and some are inconsistent with Ethereum. I didn't debug it because there are no bug bounties and I had better things to do, but they are all failing eth state tests. GeneralStateTests are tests related to EVM. in REVM, precompiles are fixed and all those tests are passing, you can do whatever you want with that information.
To be blunt, assuming that I didn't mess up, if I take blake2 problem and send that tx to the current aurora engine, precompile will crash the program. For me, this would be big code red, but maybe I am missing something crucial.
birchmd
commented
2 years ago if I take blake2 problem and send that tx to the current aurora engine, precompile will crash the program. For me, this would be big code red, but maybe I am missing something crucial.
A panic during a transaction on Aurora has no impact on the functioning of other Aurora transactions because the engine is simply a smart contract on NEAR (therefore any panic is simply translated into a transaction failure). This issue is important because we must be 100% equivalent to other EVM implementations to ensure anyone migrating a contract from another network sees the same behaviour.
However, as I understand it, an edge case causes the panic so it is unlikely to impact any projects deploying on Aurora in production in the short term. For this reason I do not think the issue is code red. Though again, the issue is important and we are working to get it resolved.
In general I wanted to take precompiles, don't bother with reimplementing them and just integrate them in REVM, but it seems that this lead me into a big rabbit hole.
Here is the list of changes or just replacements that I did so that eth/tests would pass:
unwrapI dont have name of exact test that crashed. reimplementing algo was very straightforwardAll new libs are apache2/MIT or similar, all changes can be found here: https://github.com/bluealloy/revm/tree/main/src/precompiles If needed, eth test runner can be found here: https://github.com/bluealloy/revm/tree/main/bin/revm-ethereum-tests I am running only Berlin tests and I check state root for verification.