Skip to content

Commit c5b5cb2

Browse files
murisimurisi
committed
Harden the MASP client against malformed conversion tree entries. Test the precision changes work as expected.
1 parent 766aaf3 commit c5b5cb2

File tree

6 files changed

+636
-27
lines changed

6 files changed

+636
-27
lines changed

Cargo.lock

+6-6
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

+2-2
Original file line numberDiff line numberDiff line change
@@ -189,8 +189,8 @@ libfuzzer-sys = "0.4"
189189
libloading = "0.8"
190190
linkme = "0.3"
191191
madato = "0.7"
192-
masp_primitives = { version = "1.2" }
193-
masp_proofs = { version = "1.2", default-features = false, features = ["local-prover"] }
192+
masp_primitives = { version = "1.4" }
193+
masp_proofs = { version = "1.4", default-features = false, features = ["local-prover"] }
194194
num256 = "0.6"
195195
num_cpus = "1.13"
196196
num_enum = "0.7"

crates/shielded_token/src/masp/shielded_wallet.rs

+19-6
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ use masp_primitives::transaction::fees::fixed::FeeRule;
2525
use masp_primitives::transaction::{builder, Transaction};
2626
use masp_primitives::zip32::{ExtendedKey, PseudoExtendedKey};
2727
use namada_core::address::Address;
28-
use namada_core::arith::checked;
28+
use namada_core::arith::{checked, CheckedAdd, CheckedSub};
2929
use namada_core::borsh::{BorshDeserialize, BorshSerialize};
3030
use namada_core::chain::BlockHeight;
3131
use namada_core::collections::{HashMap, HashSet};
@@ -367,11 +367,24 @@ impl<U: ShieldedUtils + MaybeSend + MaybeSync> ShieldedWallet<U> {
367367
// Forget about the trace amount left over because we cannot
368368
// realize its value
369369
let trace = I128Sum::from_pair(asset_type, value % threshold);
370-
// Record how much more of the given conversion has been used
371-
*usage += required;
372-
// Apply the conversions to input and move the trace amount to output
373-
*input += conv * required - trace.clone();
374-
*output += trace;
370+
match checked!(input + &(conv * required) - &trace) {
371+
// If applying the conversion does not overflow or result in
372+
// negative input
373+
Ok(new_input) if new_input >= I128Sum::zero() => {
374+
// Record how much more of the given conversion has been used
375+
*usage += required;
376+
// Apply conversions to input and move trace amount to output
377+
*input = new_input;
378+
*output += trace;
379+
}
380+
_ => {
381+
// Otherwise don't apply the conversion and simply move value
382+
// over to output
383+
let comp = I128Sum::from_pair(asset_type, value);
384+
*output += comp.clone();
385+
*input -= comp;
386+
}
387+
}
375388
Ok(())
376389
}
377390

0 commit comments

Comments
 (0)