soundness: begin_tx tx_id should be read?
lispc opened this issue · comments
What command(s) is the bug in?
No response
Describe the bug
here
the tx_id is written into CallContext, but this cell is not constrained. I know in EndTxGadget, tx_id is increased by one. I think in begin_tx, an evil attacker can still assign an invalid value to BeginTxHelperGadget.tx_id? The call_context_lookup_write of TxId inside EndTx, and the call_context_lookup_write of TxId inside BeginTx, are 2 different rws, so the former cannot constrain the latter? Unless we modify codes and deliberately make them share same rwc so they can be same identical rw?Concrete steps to reproduce the bug. If it's able reproduce via testool, please share test_id from jenkins report
No response
We had an open issue about missing constraints in BeginTx #1475 (it could be unrelated though, but a main point of that issue is to sync the specs and implementation of BeginTx)
Hi, Just have a quick look, In end_tx.rs
zkevm-circuits/zkevm-circuits/src/evm_circuit/util/tx.rs
Lines 127 to 131 in 66788d7
it constrain next TxId should be current TxId + 1 with under next state (cb.next.state) rw_counter cb.next.state.rw_counter. So end_tx and next begin_tx already share the same rwc ?
Besides, rw_counter should be unique under same tag
zkevm-circuits/zkevm-circuits/src/state_circuit/lexicographic_ordering.rs
Lines 128 to 134 in ef14352
It seems to me there is no soundness issue, cmiiw :)
Hi, Just have a quick look, In end_tx.rs
zkevm-circuits/zkevm-circuits/src/evm_circuit/util/tx.rs
Lines 127 to 131 in 66788d7
it constrain next TxId should be current TxId + 1 with under next state (cb.next.state) rw_counter
cb.next.state.rw_counter. So end_tx and next begin_tx already share the same rwc ?Besides, rw_counter should be unique under same tag
zkevm-circuits/zkevm-circuits/src/state_circuit/lexicographic_ordering.rs
Lines 128 to 134 in ef14352
It seems to me there is no soundness issue, cmiiw :)
I think line128, the rwc is used as call_id. Rwc is automatically maintained inside constrain builder. So ithink they don't share same rwc
zkevm-circuits/zkevm-circuits/src/evm_circuit/util/tx.rs
Lines 127 to 131 in 66788d7
I think line128, the rwc is used as call_id. Rwc is automatically maintained inside constrain builder. So ithink they don't share same rwc
Yeah you're right, just notice it was used as call_id. So yes there is soundness due to mismatch rwc. One quick fix I can imagine is we need to use rw_lookup_with_counter
zkevm-circuits/zkevm-circuits/src/evm_circuit/util/constraint_builder.rs
Lines 767 to 773 in ef14352
And pass exactly same (rwc, call_id) to assure consistent rwc and only one entry is there
seems good!