Fault Proof Fixes #11503
Merged
Fault Proof Fixes #11503
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FDGs with a split depth below 2 can trigger bugs in clock extension. Since we don't expect to have a split depth anywhere near 0 or 1 this is a low impact bug and doesn't have an impact on production but should be prevented anyway.
Modifies the FDG constructor to correctly check that the splitDepth +1 is gte the max game depth. Means that the splitDepth is now limited to be 1 smaller than it was before. Fine in prod but avoids a bug in the trace ancestor lookup logic.
Updates MIPSInstructions so that it correctly reverts on calls to add, addi, and sub that overflow/underflow. Additionally includes tests that demonstrates that the unchecked versions of the same opcodes allow for overflow/underflow.
Existing implementation of SRAV had a bug where it would perform a shift with all bytes of the rs register when the spec says it should only be using the lower 5 bits of the register. Updates the implementation to reflect this, updates the existing test to use the same test vector as provided in the open mips tests, and adds fuzz tests that shows srav works as expected with rs values that have more than the lower 5 bits set.
Updates DelayedWETH to use call instead of transfer because transfer only sends along 2300 gas which will cause the transfer to fail if the owner contract uses lots of gas in the fallback function. Adds tests that demonstrate that the function now works appropriately under any reasonable amount of gas usage. In theory this means the recovery function can be reentered but this isn't an issue because the function is authenticated and is recovering all of the ETH in the contract anyway.
Modifies the MIPS contracts to enforce that state.exited is either exactly zero or one and cannot have any other value.
Existing step logic wrote the register offset into memory but the compiler should already be doing this when the struct is defined. Instead of writing directly into memory, this change verifies that the memory at that location has the expected value which will catch any cases where the compiler's memory allocation mechanism changes in the future.
* contracts: Add gas input to precompile pre-images (#186) Also update the cannon evm tests to use the new precompile preimage scheme. --------- Co-authored-by: Adrian Sutton <[email protected]> * op-challenger: Support uploading data in new format. (#188) * op-program: Add required gas to precompile oracle key (#176) * op-challenger: Support multiple versions of the preimage oracle contract --------- Co-authored-by: Adrian Sutton <[email protected]> --------- Co-authored-by: inphi <[email protected]> --------- Co-authored-by: Adrian Sutton <[email protected]>
A lot of instructions in the MIPS spec require that certain fields be set to zero. Most of the time this isn't actually a problem but this can cause side-effects in a few cases. A buggy compiler could create an issue if it ever spit out non-compliant instructions. This PR implements those zero value enforcement checks for all instructions that we implement.
* Prevent reiniting preimage uploads. (#190) * fix(ctb): PreimageOracle `loadLocalData` length check * fixes * fix: bump preimage oracle semver * chore: snapshots * fix: gas snapshot * revert: gas snapshot changes --------- Co-authored-by: Adrian Sutton <[email protected]> Co-authored-by: clabby <[email protected]>
* Prevent reiniting preimage uploads. (#190) * fix(ctb): Perform correct clock validation in FDG constructor Fixes the clock extension / max clock duration check in the `FaultDisputeGame` constructor to account for the worst-case clock extension. * fix: add semver-lock * fix: add kontrol * gas snapshot * fix: gas snapshot and semver-lock --------- Co-authored-by: Adrian Sutton <[email protected]> Co-authored-by: refcell <[email protected]>
* fix: no squeezing unfinalized proposals Updates the PreimageOracle to correctly revert if a proposal has not actually been finalized. This fixes a bug because the timestamp is not set until after a proposal is finalized but all other conditions in the squeeze function are met even before addLeaves is called with the finalize boolean set. * fix: ci checks * fix: semver lock --------- Co-authored-by: refcell <[email protected]>
When the FDG is about to execute a step, we must add an additional clock extension equal to the PreimageOracle challenge period. This gives the PreimageOracle time to elapse.
* cannon: Basic memory protections Add memory protections against high memory allocations to the VM. This prevents large allocations from causing the `heap` to overflow and wrap into low memory, which could overwrite code and cause arbitrary code execution. --------- Co-authored-by: inphi <[email protected]>
Creates a deploy script to deploy the implementations for the FaultDisputeGame and PermissionedDisputeGame contracts being updated as part of Granite. Based on the original FPACOPS script with modifications to remove actions that are not necessary for an upgrade.
Allow the `DeputyGuardian` to set the Anchor State for brick prevention. --------- Co-authored-by: clabby <[email protected]> Co-authored-by: refcell <[email protected]>
FPACOPS2 deployed a new AnchorStateRegistry proxy when the actual script needed to just deploy a new implementation.
mslipper
approved these changes
Aug 16, 2024
smartcontracts
approved these changes
Aug 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.