apollo_starknet_os_program: address audit comments, part 2

Author: Yoni-Starkware

crates/apollo_starknet_os_program/src/cairo/starkware/starknet/core/os/constants.cairo

@@ -66,7 +66,7 @@ const STORED_BLOCK_HASH_BUFFER = 10;
 
 // Allowed virtual OS program hashes for client-side proving.
 const ALLOWED_VIRTUAL_OS_PROGRAM_HASHES_0 = (
-    0x0391095dffec88985e40bfa640aa05fd05ed050fcee5b79c27f492de3a68b77f
+    0x09743416d2d92b680d47338cb89f3def2e77ba772bbc2e568aeb48425e6c450
 );
 const ALLOWED_VIRTUAL_OS_PROGRAM_HASHES_LEN = 1;
 

crates/apollo_starknet_os_program/src/cairo/starkware/starknet/core/os/execution/execution_constraints.cairo

@@ -13,6 +13,7 @@ from starkware.starknet.core.os.virtual_os_output import (
     PROOF_VERSION,
     VIRTUAL_OS_OUTPUT_VERSION,
     VIRTUAL_SNOS,
+    ProofHeader,
     VirtualOsOutputHeader,
 )
 
@@ -39,15 +40,21 @@ func check_proof_facts{range_check_ptr, contract_state_changes: DictAccess*}(
     if (proof_facts_size == 0) {
         return ();
     }
-    alloc_locals;
-    assert_le(VirtualOsOutputHeader.SIZE + 3, proof_facts_size);
-    let proof_version = proof_facts[0];
-    assert proof_version = PROOF_VERSION;
-    let proof_type = proof_facts[1];
-    assert proof_type = VIRTUAL_SNOS;
-    let program_hash = proof_facts[2];
-    assert is_program_hash_allowed(program_hash) = TRUE;
-    let os_output_header = cast(&proof_facts[3], VirtualOsOutputHeader*);
+
+    assert_le(ProofHeader.SIZE + VirtualOsOutputHeader.SIZE, proof_facts_size);
+
+    // Validate the proof header.
+    let proof_header = cast(proof_facts, ProofHeader*);
+    assert is_program_hash_allowed(proof_header.program_hash) = TRUE;
+    // Proof version and variant are for future compatibility.
+    assert [proof_header] = ProofHeader(
+        proof_version=PROOF_VERSION,
+        proof_variant=VIRTUAL_SNOS,
+        program_hash=proof_header.program_hash,
+    );
+
+    // Validate the virtual OS output header.
+    let os_output_header = cast(&proof_facts[ProofHeader.SIZE], VirtualOsOutputHeader*);
 
     with_attr error_message("Virtual OS output version is not supported") {
         assert os_output_header.output_version = VIRTUAL_OS_OUTPUT_VERSION;

crates/apollo_starknet_os_program/src/cairo/starkware/starknet/core/os/os_utils__virtual.cairo

@@ -11,37 +11,27 @@ from starkware.starknet.core.os.virtual_os_output import (
     VirtualOsOutputHeader,
 )
 
-// Recursively hashes each L2-to-L1 message separately and writes them.
-func hash_messages_to_l1_recursive{output_ptr: felt*, poseidon_ptr: PoseidonBuiltin*}(
-    messages_ptr_start: MessageToL1Header*, messages_ptr_end: MessageToL1Header*
+// Hashes each L2-to-L1 message separately and writes the hash to the output.
+func output_message_to_l1_hashes{output_ptr: felt*, poseidon_ptr: PoseidonBuiltin*}(
+    messages_ptr_start: felt*, messages_ptr_end: felt*
 ) {
-    alloc_locals;
-
     if (messages_ptr_start == messages_ptr_end) {
         return ();
     }
 
     // Read the message header.
-    let message_header = [messages_ptr_start];
-    let payload_size = message_header.payload_size;
+    let message_header = cast(messages_ptr_start, MessageToL1Header*);
 
     // Hash the message (header + payload).
-    // The message consists of: from_address, to_address, payload_size, ...payload.
-    local message_size = MessageToL1Header.SIZE + payload_size;
-    let (message_hash) = poseidon_hash_many(
-        n=message_size, elements=cast(messages_ptr_start, felt*)
-    );
+    let message_size = MessageToL1Header.SIZE + message_header.payload_size;
+    let (message_hash) = poseidon_hash_many(n=message_size, elements=messages_ptr_start);
 
     // Store the hash and advance output_ptr.
     assert output_ptr[0] = message_hash;
     let output_ptr = &output_ptr[1];
 
-    // Move to the next message.
-    let next_message_ptr = cast(messages_ptr_start + message_size, MessageToL1Header*);
-
-    // Recursively process the remaining messages.
-    return hash_messages_to_l1_recursive(
-        messages_ptr_start=next_message_ptr, messages_ptr_end=messages_ptr_end
+    return output_message_to_l1_hashes(
+        messages_ptr_start=&messages_ptr_start[message_size], messages_ptr_end=messages_ptr_end
     );
 }
 
@@ -102,7 +92,7 @@ func process_os_output{
     let output_ptr = output_ptr + VirtualOsOutputHeader.SIZE;
     let messages_to_l1_hashes_ptr_start: felt* = output_ptr;
 
-    hash_messages_to_l1_recursive(
+    output_message_to_l1_hashes(
         messages_ptr_start=os_output.initial_carried_outputs.messages_to_l1,
         messages_ptr_end=os_output.final_carried_outputs.messages_to_l1,
     );

crates/apollo_starknet_os_program/src/cairo/starkware/starknet/core/os/virtual_os_output.cairo

@@ -7,6 +7,13 @@ const PROOF_VERSION = 'PROOF0';
 // The version of the virtual OS output.
 const VIRTUAL_OS_OUTPUT_VERSION = 'VIRTUAL_SNOS0';
 
+// The header of the proof facts, preceding the virtual OS output.
+struct ProofHeader {
+    proof_version: felt,
+    proof_variant: felt,
+    program_hash: felt,
+}
+
 // The header of the virtual OS output.
 struct VirtualOsOutputHeader {
     output_version: felt,

crates/apollo_starknet_os_program/src/program_hash.json

@@ -1,6 +1,6 @@
 {
-  "os": "0x2784c2ff1846d5949f32d0af52b285a9dbe84224c1e0f24324aabc196fca674",
-  "virtual_os": "0x391095dffec88985e40bfa640aa05fd05ed050fcee5b79c27f492de3a68b77f",
+  "os": "0x7c5db5bc9e55d9027353a9daae7cbbd546dd10bada122ccfd2adb3cd3d67ac0",
+  "virtual_os": "0x9743416d2d92b680d47338cb89f3def2e77ba772bbc2e568aeb48425e6c450",
   "aggregator": "0x4a50066445fdceb87b7ed1211dbff1f544ad4fa879a678a79355ed812dea346",
   "aggregator_with_prefix": "0x5af6c0904619be30798f335358f96ba742a8f23c7b0df1080d0c24e2224c6f6"
 }

crates/blockifier/resources/blockifier_versioned_constants_0_14_2.json

@@ -67,7 +67,7 @@
     "segment_arena_cells": false,
     "os_constants": {
         "allowed_virtual_os_program_hashes": [
-            "0x391095dffec88985e40bfa640aa05fd05ed050fcee5b79c27f492de3a68b77f"
+            "0x9743416d2d92b680d47338cb89f3def2e77ba772bbc2e568aeb48425e6c450"
         ],
         "constructor_entry_point_selector": "0x28ffe4ff0f226a9107253e17a904099aa4f63a02a5621de0576e5aa71bc5194",
         "default_entry_point_selector": "0x0",

crates/blockifier/resources/versioned_constants_diff_regression/0.14.1_0.14.2.txt

@@ -1,5 +1,5 @@
 ~ /archival_data_gas_costs/gas_per_proof/0: 1000000000
 ~ /enable_casm_hash_migration: false
 ~ /gateway/max_proof_size: 600000
-+ /os_constants/allowed_virtual_os_program_hashes/0: "0x391095dffec88985e40bfa640aa05fd05ed050fcee5b79c27f492de3a68b77f"
++ /os_constants/allowed_virtual_os_program_hashes/0: "0x9743416d2d92b680d47338cb89f3def2e77ba772bbc2e568aeb48425e6c450"
 ~ /os_constants/builtin_gas_costs/blake: 3334