Skip to content

feat: guard BoundedVec oracle returns against dirty trailing storage#21589

Merged
benesjan merged 2 commits intomerge-train/fairiesfrom
jan/f-348-guard-bounded-vec-oracle-returns
Mar 17, 2026
Merged

feat: guard BoundedVec oracle returns against dirty trailing storage#21589
benesjan merged 2 commits intomerge-train/fairiesfrom
jan/f-348-guard-bounded-vec-oracle-returns

Conversation

@benesjan
Copy link
Contributor

@benesjan benesjan commented Mar 16, 2026
edited
Loading

Since it will take a while for Noir to check that there are no dirty trailing elements after bvec.len() in the BVec storage array I am implementing a manual unconstrained check for this.

Summary

  • Adds assert_bounded_vec_trimmed unconstrained utility in aztec-nr that asserts all elements past len() in a BoundedVec are zeroed
  • Wraps aes128_decrypt and get_notes oracle calls with this guard
  • Includes 6 unit tests for the new utility

Fixes https://linear.app/aztec-labs/issue/F-455/guard-boundedvec-oracle-returns-against-dirty-trailing-storage

Test plan

  • New unit tests pass (empty vec, full vec, partial vec, dirty trailing elements, array element type)
  • Existing aztec-nr tests still pass
  • CI green

🤖 Generated with Claude Code

@benesjan benesjan requested a review from nventuro as a code owner March 16, 2026 12:08
@benesjan benesjan changed the base branch from next to merge-train/fairies March 16, 2026 12:11
@benesjan benesjan marked this pull request as draft March 16, 2026 12:12
@benesjan benesjan changed the title chore(aztec-nr): guard BoundedVec oracle returns against dirty trailing storage feat: guard BoundedVec oracle returns against dirty trailing storage Mar 16, 2026
@benesjan benesjan marked this pull request as ready for review March 16, 2026 12:19
@benesjan benesjan requested a review from mverzilli March 17, 2026 03:17
benesjan and others added 2 commits March 17, 2026 03:19
@benesjan @claude
chore(aztec-nr): guard BoundedVec oracle returns against dirty traili…
6a568b3 
…ng storage

Add `assert_bounded_vec_trimmed` utility that asserts elements past `len()` are zeroed,
and apply it to `aes128_decrypt` and `get_notes` oracle wrappers. This prevents malformed
BoundedVec values from propagating through unconstrained code.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@benesjan
comp fix
efbb2b4
@benesjan benesjan force-pushed the jan/f-348-guard-bounded-vec-oracle-returns branch from 5d546d6 to efbb2b4 Compare March 17, 2026 03:19
@benesjan Graphite App
Copy link
Contributor Author

benesjan commented Mar 17, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

mverzilli
mverzilli approved these changes Mar 17, 2026
View reviewed changes
Copy link
Contributor

@mverzilli mverzilli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool!

@benesjan benesjan merged commit ee6f51e into merge-train/fairies Mar 17, 2026
12 checks passed
@benesjan benesjan deleted the jan/f-348-guard-bounded-vec-oracle-returns branch March 17, 2026 09:29
@AztecBot AztecBot mentioned this pull request Mar 17, 2026
Merged
AztecBot pushed a commit that referenced this pull request Mar 17, 2026
@benesjan
feat: guard BoundedVec oracle returns against dirty trailing storage (#…
6eab776 
…21589)
@AztecBot AztecBot mentioned this pull request Mar 17, 2026
Open
@AztecBot
Copy link
Collaborator

AztecBot commented Mar 17, 2026

✅ Successfully backported to backport-to-v4-next-staging #21654.

github-merge-queue bot pushed a commit that referenced this pull request Mar 17, 2026
@AztecBot
feat: merge-train/fairies (#21652)
9728486 
BEGIN_COMMIT_OVERRIDE
feat: entrypoint replay protection (#21649)
feat: guard BoundedVec oracle returns against dirty trailing storage
(#21589)
feat: implement manual Packable for structs with sub-Field members
(#21576)
fix: off-by-1 in getBlockHashMembershipWitness archive snapshot (#21648)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mverzilli mverzilli mverzilli approved these changes

@nventuro nventuro Awaiting requested review from nventuro nventuro is a code owner

Assignees

No one assigned

Labels

backport-to-v4-next

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@benesjan @AztecBot @mverzilli