Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Truncate BALANCE opcode parameter for witness recording #397

Merged
merged 1 commit into from
Mar 4, 2024
Merged

Truncate BALANCE opcode parameter for witness recording #397

merged 1 commit into from
Mar 4, 2024

Conversation

jsign
Copy link
Collaborator

@jsign jsign commented Mar 4, 2024
edited
Loading

This PR was found by running our replay code in the latest changes.

The run had a panic at this line, since 20-len(addr) was negative which is an illegal index access. For context, we changed this line some days ago in #366.

That PR fix was fine since it fixes cases where addr length is less than 20. If we don't do 20-len(addr), the alignment is wrong. But the situation here is the inverse, if addr is longer than 20 bytes then we have this panic. From where this came from, it was the BALANCE opcode.

The value of BALANCE is a 32-byte value that must be truncated for a correct interpretation of the address (since no address can be 32 bytes anyway). This isn't always a problem since .Bytes() (old code line) truncates the value, removing the left-zeroes. But if the value is, for whatever reason, longer than 20 bytes, it can cause this panic. As in, most of the time the contract BALANCE parameter will be a 20-byte address (or smaller) since it's actually what it's expected semantically, but for weird cases where a potential arbitrary >20 byte value is provided is when this bug is triggered. (This is why this bug hasn't happened before)

@jsign
vm: BALANCE opcode fix
b9244bc 
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
@jsign jsign requested a review from gballet March 4, 2024 11:22
@jsign jsign changed the title Fix BALANCE value use as address for witness recording Do correct truncation of BALANCE opcode parameter for witness recording Mar 4, 2024
@jsign jsign changed the title Do correct truncation of BALANCE opcode parameter for witness recording Truncate of BALANCE opcode parameter for witness recording Mar 4, 2024
@jsign jsign changed the title Truncate of BALANCE opcode parameter for witness recording Truncate BALANCE opcode parameter for witness recording Mar 4, 2024
gballet
gballet approved these changes Mar 4, 2024
View reviewed changes
Copy link
Owner

@gballet gballet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interestingly, I had a similar change in my access witness refactor PR, so if we had waited a couple more weeks we would have fixed this issue without knowing that it existed 😆 LGTM, and good job finding this.

@gballet gballet merged commit fdbf7a6 into kaustinen-with-shapella Mar 4, 2024
2 of 3 checks passed
@jsign jsign mentioned this pull request Mar 5, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gballet gballet gballet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jsign @gballet