fix: disallow contract registration in pxe of contract with duplicate private function selectors #9773
Conversation
|
This stack of pull requests is managed by Graphite. Learn more about stacking. |
sklppy88
force-pushed
the
ek/fix/4433/ensure-no-duplicate-private-function-selectors
branch
from
71afebc
to
62ad893
Compare
There was a problem hiding this comment.
The check looks good, but could you add a unit test?
That said, I'm still wondering if there's anywhere else where we should add this check. Eg should the class registerer require the caller to provide all leafs to ensure there are no duplicates? Still, a private contract can be used without going through the registerer. Do we need to make this check on every private kernel iteration? Seems wasteful. Anyway, my point is: I'd merge this PR (once it has a test) but not close the related issue until we've made a decision around this.
Also, regarding the "partial artifacts", I'm seeing that we have a (partially implemented) flow where the registerer can broadcast some private or unconstrained functions of a contract, just to make them more easily available. We can kill that flow if we find no use case for it.
Thoughts @nventuro ?
I don't see an issue with a private contract having repeated selectors - you're free to do whatever. The real issue seems to be when this is a registered contract, i.e. a contract you intend other people to use. Notably I'm not considering scenarios in which you distribute the code without registration, but I'm not sure that's a problem. So yeah in that case it does sound like it'd be good for the registerer to prevent this. But would we be able to provide all of the leaves in one go? I thought partial registration existed so that you could do it in smaller batches. Which relates to this:
If we're unable to do full registration in a single call, then I'd consider introducing some intermediate 'partially registered' state. |
Yep, that's the case. Private bytecode is pretty much unbounded, so it could be the case that you need multiple events across multiple txs to "post" all your contracts' private bytecode on-chain. But I'm still unsure if that's worth the effort.
That's my point: are you? I cannot think of a scenario where you could grief other users by setting up such a contract. It feels odd because it's just the PXE preventing duplicate selectors, but not the protocol, so a malicious user could have a tweaked PXE that can execute that contract but others can't. But I don't see how that's different from just not sharing the private bytecode for your contract. |
It's not just that - it's also that they could execute an alternative hidden function instead of the one they were supposed to call. But it does sound like the same as not fully shared code - if I can't see the entire thing, I can't trust it, and if I can't trust it then why do I care what it is you're running? (because I'm definitely not running it myself) |
sklppy88
force-pushed
the
ek/fix/4433/ensure-no-duplicate-private-function-selectors
branch
from
62ad893
to
08cb345
Compare
|
Have wrote a comment in the original issue here splitting it into three issues. This PR tackles one of them. |
sklppy88
force-pushed
the
ek/fix/4433/ensure-no-duplicate-private-function-selectors
branch
from
08cb345
to
3d0a9e2
Compare
sklppy88
changed the title
sklppy88
force-pushed
the
ek/fix/4433/ensure-no-duplicate-private-function-selectors
branch
from
3d0a9e2
to
e0bcc0f
Compare
Related to #4433
This PR adds pretty naive validation when adding a contract artifact to the pxe database. Specifically it rejects adding contract artifacts to the PXE with duplicate private function selectors.
This also assumes the absence of partial artifacts.