diff --git a/artifacts/program_methods/privacy_preserving_circuit.bin b/artifacts/program_methods/privacy_preserving_circuit.bin index d9f6f94d..2d8e902c 100644 Binary files a/artifacts/program_methods/privacy_preserving_circuit.bin and b/artifacts/program_methods/privacy_preserving_circuit.bin differ diff --git a/artifacts/program_methods/vault.bin b/artifacts/program_methods/vault.bin index 58417603..7f7ce6d6 100644 Binary files a/artifacts/program_methods/vault.bin and b/artifacts/program_methods/vault.bin differ diff --git a/artifacts/test_program_methods/auth_asserting_noop.bin b/artifacts/test_program_methods/auth_asserting_noop.bin index 3293d845..80835971 100644 Binary files a/artifacts/test_program_methods/auth_asserting_noop.bin and b/artifacts/test_program_methods/auth_asserting_noop.bin differ diff --git a/artifacts/test_program_methods/auth_transfer_proxy.bin b/artifacts/test_program_methods/auth_transfer_proxy.bin index a3122134..490223a5 100644 Binary files a/artifacts/test_program_methods/auth_transfer_proxy.bin and b/artifacts/test_program_methods/auth_transfer_proxy.bin differ diff --git a/artifacts/test_program_methods/burner.bin b/artifacts/test_program_methods/burner.bin index 3873ab01..57bb3d77 100644 Binary files a/artifacts/test_program_methods/burner.bin and b/artifacts/test_program_methods/burner.bin differ diff --git a/artifacts/test_program_methods/chain_caller.bin b/artifacts/test_program_methods/chain_caller.bin index a6fe86e0..c36220de 100644 Binary files a/artifacts/test_program_methods/chain_caller.bin and b/artifacts/test_program_methods/chain_caller.bin differ diff --git a/artifacts/test_program_methods/changer_claimer.bin b/artifacts/test_program_methods/changer_claimer.bin index d285e4c8..a1c94250 100644 Binary files a/artifacts/test_program_methods/changer_claimer.bin and b/artifacts/test_program_methods/changer_claimer.bin differ diff --git a/artifacts/test_program_methods/claimer.bin b/artifacts/test_program_methods/claimer.bin index 21a5c887..ee9a6276 100644 Binary files a/artifacts/test_program_methods/claimer.bin and b/artifacts/test_program_methods/claimer.bin differ diff --git a/artifacts/test_program_methods/clock_chain_caller.bin b/artifacts/test_program_methods/clock_chain_caller.bin index 10cd6910..ee237e70 100644 Binary files a/artifacts/test_program_methods/clock_chain_caller.bin and b/artifacts/test_program_methods/clock_chain_caller.bin differ diff --git a/artifacts/test_program_methods/data_changer.bin b/artifacts/test_program_methods/data_changer.bin index 1a4dc474..f559654c 100644 Binary files a/artifacts/test_program_methods/data_changer.bin and b/artifacts/test_program_methods/data_changer.bin differ diff --git a/artifacts/test_program_methods/extra_output.bin b/artifacts/test_program_methods/extra_output.bin index 2152e32f..30d44aae 100644 Binary files a/artifacts/test_program_methods/extra_output.bin and b/artifacts/test_program_methods/extra_output.bin differ diff --git a/artifacts/test_program_methods/faucet_chain_caller.bin b/artifacts/test_program_methods/faucet_chain_caller.bin new file mode 100644 index 00000000..d9686f9c Binary files /dev/null and b/artifacts/test_program_methods/faucet_chain_caller.bin differ diff --git a/artifacts/test_program_methods/flash_swap_callback.bin b/artifacts/test_program_methods/flash_swap_callback.bin index 4a725f3e..8705c5ab 100644 Binary files a/artifacts/test_program_methods/flash_swap_callback.bin and b/artifacts/test_program_methods/flash_swap_callback.bin differ diff --git a/artifacts/test_program_methods/flash_swap_initiator.bin b/artifacts/test_program_methods/flash_swap_initiator.bin index e4b303ee..6fa369f6 100644 Binary files a/artifacts/test_program_methods/flash_swap_initiator.bin and b/artifacts/test_program_methods/flash_swap_initiator.bin differ diff --git a/artifacts/test_program_methods/malicious_authorization_changer.bin b/artifacts/test_program_methods/malicious_authorization_changer.bin index 2b41c197..464af668 100644 Binary files a/artifacts/test_program_methods/malicious_authorization_changer.bin and b/artifacts/test_program_methods/malicious_authorization_changer.bin differ diff --git a/artifacts/test_program_methods/malicious_caller_program_id.bin b/artifacts/test_program_methods/malicious_caller_program_id.bin index 20c03dfa..4c402914 100644 Binary files a/artifacts/test_program_methods/malicious_caller_program_id.bin and b/artifacts/test_program_methods/malicious_caller_program_id.bin differ diff --git a/artifacts/test_program_methods/malicious_self_program_id.bin b/artifacts/test_program_methods/malicious_self_program_id.bin index 0aef2bd7..2ca1fe2d 100644 Binary files a/artifacts/test_program_methods/malicious_self_program_id.bin and b/artifacts/test_program_methods/malicious_self_program_id.bin differ diff --git a/artifacts/test_program_methods/minter.bin b/artifacts/test_program_methods/minter.bin index d6ca6b99..88435296 100644 Binary files a/artifacts/test_program_methods/minter.bin and b/artifacts/test_program_methods/minter.bin differ diff --git a/artifacts/test_program_methods/missing_output.bin b/artifacts/test_program_methods/missing_output.bin index 1c9f6914..2bad082d 100644 Binary files a/artifacts/test_program_methods/missing_output.bin and b/artifacts/test_program_methods/missing_output.bin differ diff --git a/artifacts/test_program_methods/modified_transfer.bin b/artifacts/test_program_methods/modified_transfer.bin index a8a87da8..286c9028 100644 Binary files a/artifacts/test_program_methods/modified_transfer.bin and b/artifacts/test_program_methods/modified_transfer.bin differ diff --git a/artifacts/test_program_methods/nonce_changer.bin b/artifacts/test_program_methods/nonce_changer.bin index e5659b80..f11876de 100644 Binary files a/artifacts/test_program_methods/nonce_changer.bin and b/artifacts/test_program_methods/nonce_changer.bin differ diff --git a/artifacts/test_program_methods/noop.bin b/artifacts/test_program_methods/noop.bin index 023f2e21..e4024958 100644 Binary files a/artifacts/test_program_methods/noop.bin and b/artifacts/test_program_methods/noop.bin differ diff --git a/artifacts/test_program_methods/pda_claimer.bin b/artifacts/test_program_methods/pda_claimer.bin index e1bea8f8..7bf306ea 100644 Binary files a/artifacts/test_program_methods/pda_claimer.bin and b/artifacts/test_program_methods/pda_claimer.bin differ diff --git a/artifacts/test_program_methods/pda_fund_spend_proxy.bin b/artifacts/test_program_methods/pda_fund_spend_proxy.bin index 7cd0839a..e167ecc6 100644 Binary files a/artifacts/test_program_methods/pda_fund_spend_proxy.bin and b/artifacts/test_program_methods/pda_fund_spend_proxy.bin differ diff --git a/artifacts/test_program_methods/pinata_cooldown.bin b/artifacts/test_program_methods/pinata_cooldown.bin index 8e3b97c5..fcc0f3fc 100644 Binary files a/artifacts/test_program_methods/pinata_cooldown.bin and b/artifacts/test_program_methods/pinata_cooldown.bin differ diff --git a/artifacts/test_program_methods/private_pda_delegator.bin b/artifacts/test_program_methods/private_pda_delegator.bin index 44d566ec..1c4dd672 100644 Binary files a/artifacts/test_program_methods/private_pda_delegator.bin and b/artifacts/test_program_methods/private_pda_delegator.bin differ diff --git a/artifacts/test_program_methods/private_pda_spender.bin b/artifacts/test_program_methods/private_pda_spender.bin index 70e4c5a0..2db36680 100644 Binary files a/artifacts/test_program_methods/private_pda_spender.bin and b/artifacts/test_program_methods/private_pda_spender.bin differ diff --git a/artifacts/test_program_methods/program_owner_changer.bin b/artifacts/test_program_methods/program_owner_changer.bin index 4a47211b..75425bc5 100644 Binary files a/artifacts/test_program_methods/program_owner_changer.bin and b/artifacts/test_program_methods/program_owner_changer.bin differ diff --git a/artifacts/test_program_methods/simple_balance_transfer.bin b/artifacts/test_program_methods/simple_balance_transfer.bin index 647f86fa..6c98cdf2 100644 Binary files a/artifacts/test_program_methods/simple_balance_transfer.bin and b/artifacts/test_program_methods/simple_balance_transfer.bin differ diff --git a/artifacts/test_program_methods/time_locked_transfer.bin b/artifacts/test_program_methods/time_locked_transfer.bin index 8f423fa7..bfa226fb 100644 Binary files a/artifacts/test_program_methods/time_locked_transfer.bin and b/artifacts/test_program_methods/time_locked_transfer.bin differ diff --git a/artifacts/test_program_methods/two_pda_claimer.bin b/artifacts/test_program_methods/two_pda_claimer.bin index 9d5001f9..8833afb0 100644 Binary files a/artifacts/test_program_methods/two_pda_claimer.bin and b/artifacts/test_program_methods/two_pda_claimer.bin differ diff --git a/artifacts/test_program_methods/validity_window.bin b/artifacts/test_program_methods/validity_window.bin index a0a578e1..37afac43 100644 Binary files a/artifacts/test_program_methods/validity_window.bin and b/artifacts/test_program_methods/validity_window.bin differ diff --git a/artifacts/test_program_methods/validity_window_chain_caller.bin b/artifacts/test_program_methods/validity_window_chain_caller.bin index 326ed7a1..42ef3906 100644 Binary files a/artifacts/test_program_methods/validity_window_chain_caller.bin and b/artifacts/test_program_methods/validity_window_chain_caller.bin differ diff --git a/nssa/src/state.rs b/nssa/src/state.rs index e9f2058f..eea5fa85 100644 --- a/nssa/src/state.rs +++ b/nssa/src/state.rs @@ -3646,6 +3646,7 @@ pub mod tests { ); // Assert - should fail because the malicious program tries to manipulate is_authorized + println!("result: {:?}", result); assert!(matches!(result, Err(NssaError::CircuitProvingError(_)))); } diff --git a/program_methods/guest/src/bin/privacy_preserving_circuit/execution_state.rs b/program_methods/guest/src/bin/privacy_preserving_circuit/execution_state.rs index aad1bc1c..c65b1d29 100644 --- a/program_methods/guest/src/bin/privacy_preserving_circuit/execution_state.rs +++ b/program_methods/guest/src/bin/privacy_preserving_circuit/execution_state.rs @@ -1,5 +1,5 @@ use std::{ - collections::{HashMap, VecDeque, hash_map::Entry}, + collections::{HashMap, HashSet, VecDeque, hash_map::Entry}, convert::Infallible, }; @@ -49,6 +49,7 @@ pub struct ExecutionState { /// caller-seeds authorization paths to verify /// `AccountId::for_private_pda(program_id, seed, npk, identifier) == pre_state.account_id`. private_pda_npk_by_position: HashMap, + authorized_accounts: HashSet, } impl ExecutionState { @@ -107,6 +108,7 @@ impl ExecutionState { private_pda_bound_positions: HashMap::new(), pda_family_binding: HashMap::new(), private_pda_npk_by_position, + authorized_accounts: HashSet::new(), }; let Some(first_output) = program_outputs.first() else { @@ -246,10 +248,10 @@ impl ExecutionState { program_id: ProgramId, caller_program_id: Option, caller_pda_seeds: &[PdaSeed], - pre_states: Vec, - post_states: Vec, + output_pre_states: Vec, + output_post_states: Vec, ) { - for (pre, mut post) in pre_states.into_iter().zip(post_states) { + for (pre, mut post) in output_pre_states.into_iter().zip(output_post_states) { let pre_account_id = pre.account_id; let pre_is_authorized = pre.is_authorized; let post_states_entry = self.post_states.entry(pre.account_id); @@ -288,6 +290,7 @@ impl ExecutionState { &mut self.pda_family_binding, &mut self.private_pda_bound_positions, &self.private_pda_npk_by_position, + &mut self.authorized_accounts, pre_account_id, pre_state_position, caller_program_id, @@ -491,6 +494,7 @@ fn resolve_authorization_and_record_bindings( pda_family_binding: &mut HashMap<(ProgramId, PdaSeed), AccountId>, private_pda_bound_positions: &mut HashMap, private_pda_npk_by_position: &HashMap, + authorized_accounts: &mut HashSet, pre_account_id: AccountId, pre_state_position: usize, caller_program_id: Option, @@ -525,5 +529,13 @@ fn resolve_authorization_and_record_bindings( } } - previous_is_authorized || matched_caller_seed.is_some() + if authorized_accounts.contains(&pre_account_id) { + return true; + } + + let authorized = previous_is_authorized || matched_caller_seed.is_some(); + if authorized { + authorized_accounts.insert(pre_account_id); + } + authorized } diff --git a/sequencer/core/src/lib.rs b/sequencer/core/src/lib.rs index 054c8731..cb0802b4 100644 --- a/sequencer/core/src/lib.rs +++ b/sequencer/core/src/lib.rs @@ -1084,7 +1084,7 @@ mod tests { let vault_program_id = nssa::program::Program::vault().id(); let attacker_vault_id = vault_core::compute_vault_account_id(vault_program_id, attacker_id); - let amount: u128 = 1_000; + let amount: u128 = 1; let faucet_chain_caller_id = nssa::program::Program::new(test_program_methods::FAUCET_CHAIN_CALLER_ELF.to_vec()) @@ -1109,21 +1109,9 @@ mod tests { mempool_handle.push(attack_tx).await.unwrap(); sequencer.produce_new_block().await.unwrap(); - let block = sequencer - .store - .get_block_at_id(sequencer.chain_height) - .unwrap() - .unwrap(); let faucet_balance_after = sequencer.state.get_account_by_id(faucet_account_id).balance; let vault_balance_after = sequencer.state.get_account_by_id(attacker_vault_id).balance; - // The attack tx must be dropped; only the mandatory clock invocation remains. - assert_eq!( - block.body.transactions, - vec![NSSATransaction::Public(clock_invocation( - block.header.timestamp - ))] - ); assert_eq!(faucet_balance_after, faucet_balance_before); assert_eq!(vault_balance_after, vault_balance_before); }