Handling of Malformed PUSH Operation Causes Invalid Batch

[praetoriansentry]

There seem to be some issues related to the handling and interpretation of invalid PUSH operations. This code would deploy a smart contract that's just 0x60. It's a PUSH1 but it's missing the 1 byte that's meant to be pushed

addr=$(cast wallet address --private-key $private_key)
nonce=$(cast nonce --rpc-url $rpc_url $addr)
test_address=$(cast compute-address --rpc-url $rpc_url --nonce $nonce $addr | sed 's/.*: //')
cast send --legacy --rpc-url $rpc_url --private-key $private_key --create 6300000001630000001560003963000000016000F360

We should be able to validate that:

cast code --rpc-url $rpc_url $test_address

Calling this should just return 0x60.

Now we can call the contract that we deployed and it should be executed and mined successfully in a block.

cast send --legacy --rpc-url $rpc_url --private-key $private_key $test_address

After the tx is mined, the sequencer will halt because of an invalid batch. Here are the logs from the test:

[08-29|16:31:43.501] Generating witness timing                batch=43 blockFrom=189 blockTo=192 taken=10.664202ms
[08-29|16:31:43.501] Sending request to grpc server           grpcUrl=executor001:50071 ourRoot=0x2e3b7090586649932e6852a5eda4de36c71fcd8e5454d1f3611d29be8d2db0ed oldRoot=0xd099be37965bfc5446eb719501d666be99080a7135286332660f7b3f95bfeb2c batch=43 witness-size="8.6 kB" data-stream-size="1.4 kB"
[08-29|16:31:43.729] executor result                          match=false grpcUrl=executor001:50071 batch=43 blocks-count=3 counters="map[A:478 B:666 D:4 K:6 M:0 P:867 S:0 SHA:0]" exec-root=0x0000000000000000000000000000000000000000000000000000000000000000 our-root=0x2e3b7090586649932e6852a5eda4de36c71fcd8e5454d1f3611d29be8d2db0ed exec-old-root=0xd099be37965bfc5446eb719501d666be99080a7135286332660f7b3f95bfeb2c our-old-root=0xd099be37965bfc5446eb719501d666be99080a7135286332660f7b3f95bfeb2c
[WARN] [08-29|16:31:43.729] Counter undershoot                       counter=P erigon=612 legacy=867 batch=43
[WARN] [08-29|16:31:43.729] Counter undershoot                       counter=B erigon=661 legacy=666 batch=43
[EROR] [08-29|16:31:43.729] executor error                           detail="MainExecutor::logError() Found ctx.lastStep=0, so execution was not complete proverRequest.result=ZKR_SM_MAIN_OUT_OF_STEPS step=0 eval=8388607 zkPC=11783 rom.line={ inFREE=1 inFREE0=0 freeInTag={} hashP1=1 offset=0 offsetLabel= ind=1 setRR=1 cmdAfter[0]={ op=functionCall funcName=eventLog params[0]={ op=functionCall funcName=onOpcode params[0]={ op=getReg regName=RR } }} fileName=process-tx.zkasm line=449 lineStr=        $ => RR                         :HASHP1(E)} uuid=41a97891-0850-4121-8fb7-9c04e1f841ef Registers: SR=28cb515b:c0371347:2133c5f1:d40a0707:ee4f2ea:5a78df1d:5a8e6b28:9cb0a9fe CONST=0:0:0:0:0:0:0:0 FREE=0:0:0:0:0:0:0:0 A=0:0:0:1f7ad7ca:a53e35b4:f0d138dc:5cbf91ac:108a2674 B=0:0:0:0:0:0:0:1 C=0:0:0:0:0:0:0:0 D=0:0:0:0:0:0:0:0 E=0:0:0:0:0:0:0:0 CTX=6 SP=0 PC=1 GAS=0 zkPC=0 STEP=0 RR=662 HASHPOS=1 RCX=0 cntArith=1de cntBinary=29a cntMemAlign=0 cntKeccakF=6 cntSha256F=0 cntPoseidonG=363 cntPaddingPG=4"
[EROR] [08-29|16:31:43.729] [Verifier] Error                         err="error in response: MainExecutor::logError() Found ctx.lastStep=0, so execution was not complete proverRequest.result=ZKR_SM_MAIN_OUT_OF_STEPS step=0 eval=8388607 zkPC=11783 rom.line={ inFREE=1 inFREE0=0 freeInTag={} hashP1=1 offset=0 offsetLabel= ind=1 setRR=1 cmdAfter[0]={ op=functionCall funcName=eventLog params[0]={ op=functionCall funcName=onOpcode params[0]={ op=getReg regName=RR } }} fileName=process-tx.zkasm line=449 lineStr=        $ => RR                         :HASHP1(E)} uuid=41a97891-0850-4121-8fb7-9c04e1f841ef Registers: SR=28cb515b:c0371347:2133c5f1:d40a0707:ee4f2ea:5a78df1d:5a8e6b28:9cb0a9fe CONST=0:0:0:0:0:0:0:0 FREE=0:0:0:0:0:0:0:0 A=0:0:0:1f7ad7ca:a53e35b4:f0d138dc:5cbf91ac:108a2674 B=0:0:0:0:0:0:0:1 C=0:0:0:0:0:0:0:0 D=0:0:0:0:0:0:0:0 E=0:0:0:0:0:0:0:0 CTX=6 SP=0 PC=1 GAS=0 zkPC=0 STEP=0 RR=662 HASHPOS=1 RCX=0 cntArith=1de cntBinary=29a cntMemAlign=0 cntKeccakF=6 cntSha256F=0 cntPoseidonG=363 cntPaddingPG=4"
[EROR] [08-29|16:31:43.729] [5/13 Execution] identified an invalid batch with number 43

[ignasirv]

Amazing finding, thanks @praetoriansentry . Indeed, is a bug at the rom, just proposed a fix: 0xPolygonHermez/zkevm-rom#398

[Sharonbc01]

Update from slack thread: @ignasirv confirmed it's a bug in the rom that will need a new verifier release to fix. The new verifier will be available by Wednesday Sept 4th. It was noted that this is not seen as a stopper for Erigon to start the integration with Bali/Banana

[Sharonbc01]

Confirmed this can be closed