Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Singleton unsecure due to owner #4174

Closed
Tracked by #4128
LHerskind opened this issue Jan 22, 2024 · 0 comments · Fixed by #4186
Closed
Tracked by #4128

refactor: Singleton unsecure due to owner #4174

LHerskind opened this issue Jan 22, 2024 · 0 comments · Fixed by #4186
Assignees
@LHerskind
Labels
A-security Area: Relates to security. Something is insecure. T-bug Type: Bug. Something is broken.
Milestone
Execution Environ...

Comments

@LHerskind
Copy link
Contributor

The current singleton implementations are broken as they rely on a user-provided owner value for the initial nullifier to signify that the value have been initialized, but as this value is never needed later on so you can insert two notes on the same storage slot (totally ignoring it being a singleton or immutable).

To insert more, simply pass a different owner to the singleton than to the note. Nullifiers then differ but the storage slots are the same. So it is not possible to use the PXE to feed whichever note matches the circumstances best instead of the single value that was intended.
@LHerskind LHerskind added this to the Execution Environment milestone Jan 22, 2024
@github-project-automation github-project-automation bot moved this to Todo in A3 Jan 22, 2024
@LHerskind LHerskind added T-bug Type: Bug. Something is broken. A-security Area: Relates to security. Something is insecure. labels Jan 22, 2024
@LHerskind LHerskind mentioned this issue Jan 22, 2024
Merged
@LHerskind LHerskind self-assigned this Jan 22, 2024
@rahul-kothari rahul-kothari mentioned this issue Jan 23, 2024
Closed
@LHerskind LHerskind mentioned this issue Jan 23, 2024
Merged
@LHerskind LHerskind moved this from Todo to In Review in A3 Jan 23, 2024
LHerskind added a commit that referenced this issue Jan 24, 2024
@LHerskind
feat!: Updates singleton usage (#4186)
301f0e6 
Fixes #4174 by making the singletons leaky. 

- Updates the docs
- Adds more tests to the singleton e2e.
@github-project-automation github-project-automation bot moved this from In Review to Done in A3 Jan 24, 2024
michaelelliot pushed a commit to Swoir/noir_rs that referenced this issue Feb 28, 2024
@LHerskind
feat!: Updates singleton usage (AztecProtocol#4186)
1c8fdf0 
Fixes AztecProtocol#4174 by making the singletons leaky. 

- Updates the docs
- Adds more tests to the singleton e2e.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LHerskind LHerskind

Labels
A-security Area: Relates to security. Something is insecure. T-bug Type: Bug. Something is broken.
Projects
A3
Archived in project
Milestone
Execution Environment pre offsite
Development

Successfully merging a pull request may close this issue.

feat!: Updates singleton usage AztecProtocol/aztec-packages
1 participant
@LHerskind