Skip to content

[DRAFT] More rewrites for array/map clash #765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[DRAFT] More rewrites for array/map clash #765

wants to merge 1 commit into from

Conversation

msooseth
Copy link
Collaborator

@msooseth msooseth commented Jun 16, 2025
edited
Loading

Description

More rewrites so we don't give up in case of map vs array in readStorage, but know that they cannot clash. Here is how we know they cannot clash:

  • Maps and Arrays hash a different SIZE input: 64B vs 32B. Hence, you'd need a collision of Keccak for them to collide
  • HOWEVER, when there is an offset, then the offset could be set by the attacker to be keccak(a)-keccak(b). So when an offset is allowed, it must be limited. We limited the offset to 256 is other places:
      -- Finding two Keccaks that are < 256 away from each other should be VERY hard
      -- This simplification allows us to deal with maps of structs
      (Add (Lit a2) (Keccak _), Add (Lit b2) (Keccak _)) | a2 /= b2, abs (a2-b2) < 256 -> go slot prev
      (Add (Lit a2) (Keccak _), (Keccak _)) | a2 > 0, a2 < 256 -> go slot prev
      ((Keccak _), Add (Lit b2) (Keccak _)) | b2 > 0, b2 < 256 -> go slot prev

so I'm limiting it here to the same offset. Which means it's impossible to find a collision that are within 256 of each other. This is accepted to be impossible.

Checklist

  • tested locally
  • added automated tests
  • updated the docs
  • updated the changelog

@msooseth msooseth changed the title More rewrites for array/map clash [DRAFT] More rewrites for array/map clash Jun 16, 2025
@msooseth msooseth force-pushed the more-lookup-rewrites branch 2 times, most recently from 3c0adbb to df4f938 Compare June 23, 2025 10:28
@msooseth msooseth marked this pull request as ready for review June 23, 2025 10:28
@msooseth msooseth requested a review from blishko June 23, 2025 10:28
@msooseth msooseth changed the title [DRAFT] More rewrites for array/map clash More rewrites for array/map clash Jun 23, 2025
@msooseth msooseth force-pushed the more-lookup-rewrites branch 3 times, most recently from 0b2285c to ee1a291 Compare June 30, 2025 11:02
@msooseth msooseth force-pushed the more-lookup-rewrites branch from ae514aa to d0e39dc Compare June 30, 2025 11:43
blishko
blishko reviewed Jul 1, 2025
View reviewed changes
src/EVM/Expr.hs
Comment on lines +686 to +687
-- DANGEROUS: offset could possibly be VERY large and SPECIFIC in order to make them clash
-- This would constitute a hack, and would require a specifically badly written code
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are we sure we want to do these rewrites?

@msooseth msooseth added the enhancement New feature or request label Jul 31, 2025
@msooseth msooseth changed the title More rewrites for array/map clash [DRAFT] More rewrites for array/map clash Aug 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blishko blishko blishko left review comments

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@msooseth @blishko