From 2d5a55e11176452e0cbe2f74ba622ec1183f55dc Mon Sep 17 00:00:00 2001 From: Minhyuk Kim Date: Tue, 10 Dec 2024 14:09:54 +0900 Subject: [PATCH 1/3] Check the proof size is a multiple of 60 --- rvsol/src/RISCV.sol | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/rvsol/src/RISCV.sol b/rvsol/src/RISCV.sol index 1bbb681..7f8654e 100644 --- a/rvsol/src/RISCV.sol +++ b/rvsol/src/RISCV.sol @@ -346,6 +346,13 @@ contract RISCV is IBigStepper { } if iszero(eq(_proof.offset, proofContentOffset())) { revert(0, 0) } + if mod(calldataload(sub(proofContentOffset(), 32)), 60) { + // proof offset must be stateContentOffset+paddedStateSize+32 + // proof size: 64-5+1=60 * 32 byte leaf, + // so the proofSize must be a multiple of 60 + revert(0, 0) + } + // // State loading // From b9189bb6225defb4c6a89e44a4dd86b7d1a6a323 Mon Sep 17 00:00:00 2001 From: Minhyuk Kim Date: Tue, 10 Dec 2024 23:48:39 +0900 Subject: [PATCH 2/3] Add test for testing invalid proof size on rvsol --- rvsol/test/RISCV.t.sol | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/rvsol/test/RISCV.t.sol b/rvsol/test/RISCV.t.sol index 79849ff..3b89c1d 100644 --- a/rvsol/test/RISCV.t.sol +++ b/rvsol/test/RISCV.t.sol @@ -2371,11 +2371,22 @@ contract RISCV_Test is CommonTest { riscv.step(encodedState, proof, 0); } + function test_invalid_proof_size() public { + uint32 insn = encodeRType(0xff, 0, 0, 0, 0, 0); + (State memory state, bytes memory proof) = constructRISCVState(0, insn); + bytes memory encodedState = encodeState(state); + proof = hex"00"; // Invalid memory proof size + + vm.expectRevert(); + riscv.step(encodedState, proof, 0); + } + function test_invalid_proof() public { uint32 insn = encodeRType(0xff, 0, 0, 0, 0, 0); (State memory state, bytes memory proof) = constructRISCVState(0, insn); bytes memory encodedState = encodeState(state); - proof = hex"00"; // Invalid memory proof + // Invalid memory proof + proof = hex"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; vm.expectRevert(hex"00000000000000000000000000000000000000000000000000000000badf00d1"); riscv.step(encodedState, proof, 0); From b4d5cf667d2e27d09bdfc2c347ee7409d32fff89 Mon Sep 17 00:00:00 2001 From: Minhyuk Kim Date: Sun, 15 Dec 2024 17:30:05 +0900 Subject: [PATCH 3/3] Fix formatting --- rvsol/test/RISCV.t.sol | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rvsol/test/RISCV.t.sol b/rvsol/test/RISCV.t.sol index 3b89c1d..cada354 100644 --- a/rvsol/test/RISCV.t.sol +++ b/rvsol/test/RISCV.t.sol @@ -2386,7 +2386,8 @@ contract RISCV_Test is CommonTest { (State memory state, bytes memory proof) = constructRISCVState(0, insn); bytes memory encodedState = encodeState(state); // Invalid memory proof - proof = hex"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; + proof = + hex"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"; vm.expectRevert(hex"00000000000000000000000000000000000000000000000000000000badf00d1"); riscv.step(encodedState, proof, 0);