Merge branch 'grarco/masp-checked-ops' (#2476)

* origin/grarco/masp-checked-ops:
  Changelog #2476
  Checked operations on `I128Sum` in masp vp
  Bumps `masp` version

.changelog/unreleased/improvements/2476-masp-checked-ops.md

@@ -0,0 +1,2 @@
+- Removed possible over/under-flow of `I128Sum` operations in the masp vp.
+  ([\#2476](https://github.com/anoma/namada/pull/2476))

Cargo.toml

@@ -114,8 +114,8 @@ ledger-transport-hid = "0.10.0"
 libc = "0.2.97"
 libloading = "0.7.2"
 # branch = "murisi/namada-integration"
-masp_primitives = { git = "https://github.com/anoma/masp", tag = "v1.0.0" }
-masp_proofs = { git = "https://github.com/anoma/masp", tag = "v1.0.0", default-features = false, features = ["local-prover"] }
+masp_primitives = { git = "https://github.com/anoma/masp", tag = "v1.1.0" }
+masp_proofs = { git = "https://github.com/anoma/masp", tag = "v1.1.0", default-features = false, features = ["local-prover"] }
 num256 = "0.3.5"
 num_cpus = "1.13.0"
 num-derive = "0.3.3"

crates/namada/Cargo.toml

@@ -109,6 +109,7 @@ loupe = { version = "0.1.3", optional = true }
 masp_primitives.workspace = true
 masp_proofs.workspace = true
 num256.workspace = true
+num-traits.workspace = true
 orion.workspace = true
 owo-colors = "3.5.0"
 parity-wasm = { version = "0.45.0", features = ["sign_ext"], optional = true }

crates/namada/src/ledger/native_vp/masp.rs

@@ -19,6 +19,7 @@ use namada_state::{OptionExt, ResultExt};
 use namada_token::read_denom;
 use namada_tx::Tx;
 use namada_vp_env::VpEnv;
+use num_traits::ops::checked::{CheckedAdd, CheckedSub};
 use ripemd::Digest as RipemdDigest;
 use sha2::Digest as Sha2Digest;
 use thiserror::Error;
@@ -462,12 +463,18 @@ where
             // 3. Public key must be the hash of the source
             for vin in &transp_bundle.vin {
                 // Non-masp sources add to the transparent tx pool
-                transparent_tx_pool += I128Sum::from_nonnegative(
-                    vin.asset_type,
-                    vin.value as i128,
-                )
-                .ok()
-                .ok_or_err_msg("invalid value or asset type for amount")?;
+                transparent_tx_pool = transparent_tx_pool
+                    .checked_add(
+                        &I128Sum::from_nonnegative(
+                            vin.asset_type,
+                            vin.value as i128,
+                        )
+                        .ok()
+                        .ok_or_err_msg(
+                            "invalid value or asset type for amount",
+                        )?,
+                    )
+                    .ok_or_err_msg("Overflow in input sum")?;
 
                 // Satisfies 3.
                 if <[u8; 20]>::from(hash) != vin.address.0 {
@@ -608,12 +615,18 @@ where
             for out in &transp_bundle.vout {
                 // Non-masp destinations subtract from transparent tx
                 // pool
-                transparent_tx_pool -= I128Sum::from_nonnegative(
-                    out.asset_type,
-                    out.value as i128,
-                )
-                .ok()
-                .ok_or_err_msg("invalid value or asset type for amount")?;
+                transparent_tx_pool = transparent_tx_pool
+                    .checked_sub(
+                        &I128Sum::from_nonnegative(
+                            out.asset_type,
+                            out.value as i128,
+                        )
+                        .ok()
+                        .ok_or_err_msg(
+                            "invalid value or asset type for amount",
+                        )?,
+                    )
+                    .ok_or_err_msg("Underflow in output subtraction")?;
 
                 // Satisfies 3.
                 if <[u8; 20]>::from(hash) != out.address.0 {