Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix MayUseToken vulnerability in AccountUpdates #1716

Closed
wants to merge 10 commits into from
Closed

Fix MayUseToken vulnerability in AccountUpdates #1716

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b2a06fa
fix(account-update): validate that parentsOwnToken and inheritFromPar…
MartinMinkov Jul 2, 2024
26dc9c2
feat(account-update.unit-test.ts): add unit tests for AccountUpdate.M…
MartinMinkov Jul 2, 2024
32ba4cc
feat(changelog): prevent incorrect token inheritance handling in Acco…
MartinMinkov Jul 2, 2024
b3c972b
chore(bindings): update bindings submodule to 7263ff6f75e395c06ed1b67…
MartinMinkov Jul 10, 2024
df603bc
refactor(account-update.ts): simplify isParentsOwnToken and remove ch…
MartinMinkov Jul 10, 2024
5a27a22
refactor(account-update.ts): move MayUseToken type and related functi…
MartinMinkov Jul 10, 2024
6101789
fix(account-update.ts): add check for mayUseToken field in AccountUpd…
MartinMinkov Jul 10, 2024
bfc0735
Merge branch 'main' into audit/may-use-token
MartinMinkov Jul 10, 2024
ded6b4f
chore(bindings): update bindings submodule to 9c9c2051a
MartinMinkov Jul 10, 2024
c177ddf
fix(account-update.ts): remove provablePure from MayUseToken type def…
MartinMinkov Jul 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,12 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm

## [Unreleased](https://github.com/o1-labs/o1js/compare/ed198f305...HEAD)

### Fixed

- Address potential incorrect token inheritance handling with `MayUseToken` in AccountUpdates https://github.com/o1-labs/o1js/pull/1716
- Modified isParentsOwnToken() to return false when inheritFromParent is true, preventing potential misuse of token inheritance.
- Added check() method to ensure parentsOwnToken and inheritFromParent flags are not both set to true simultaneously.

## [1.4.0](https://github.com/o1-labs/o1js/compare/40c597775...ed198f305) - 2024-06-25

### Added
Expand Down
13 changes: 12 additions & 1 deletion src/lib/mina/account-update.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1193,11 +1193,22 @@ class AccountUpdate implements Types.AccountUpdate {
return parentsOwnToken.or(inheritFromParent).not();
},
isParentsOwnToken(a: AccountUpdate) {
return a.body.mayUseToken.parentsOwnToken;
// Check that inheritFromParent is not true when validating if an account update is for a parent's own token
return a.body.mayUseToken.parentsOwnToken.and(
a.body.mayUseToken.inheritFromParent.not()
);
},
isInheritFromParent(a: AccountUpdate) {
return a.body.mayUseToken.inheritFromParent;
},
check(mayUseToken: { parentsOwnToken: Bool; inheritFromParent: Bool }) {
// Ensure the flags are not both set to true
mayUseToken.parentsOwnToken
.and(mayUseToken.inheritFromParent)
.assertFalse(
'MayUseToken: parentsOwnToken and inheritFromParent cannot both be true'
);
},
Copy link
Collaborator

@mitschabaude mitschabaude Jul 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there are a couple of issues with this check() method:

  • it's not in the right place, so wouldn't be called automatically to constrain a MayUseToken type when we witness it
    • it needs to go into the provable type definition that lives on .type: { ...provablePure(...), check() { ... } }
  • MayUseToken.type is not even the provable type that the auto-derived account update type will use -- it treats the mayUseToken property as an anonymous object of two bools, see gen/transactions.ts and js-layout.ts. So, when witnessing entire account updates, nothing prevents mayUseToken from having both props = true
  • Even if we modified the account update type, there are many places where we skip all checks on witnessed account updates, on purpose, because of the assumption that well-formedness of them is asserted by the transaction snark on the Mina node. (see AccountUpdate.witness() with the skipCheck parameter). From the finding, it wasn't clear to me if the OCaml mayUseToken field really includes such a wellformedness check. If not, I think we should add it in the necessary places in o1js somehow, for example in the token contract where it walks child account updates.

Copy link
Contributor Author

@MartinMinkov MartinMinkov Jul 10, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it! Do these changes make sense then?
Constructing the check method properly and changing the AccountUpdate.check method to also check for mayUseToken?

EDIT: Had to add this change as well c177ddf

Doesn't seem to like my check method! https://github.com/o1-labs/o1js/actions/runs/9882602168/job/27295800852?pr=1716#step:4:201

};
}

Expand Down
60 changes: 60 additions & 0 deletions src/lib/mina/account-update.unit-test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import {
Mina,
Int64,
Types,
Bool,
} from '../../index.js';
import { Test } from '../../snarky.js';
import { expect } from 'expect';
Expand All @@ -20,6 +21,14 @@ function createAccountUpdate() {
return accountUpdate;
}

function createAccountUpdateWithMayUseToken(
mayUseToken: AccountUpdate['body']['mayUseToken']
) {
let accountUpdate = AccountUpdate.defaultAccountUpdate(address);
accountUpdate.body.mayUseToken = mayUseToken;
return accountUpdate;
}

// can convert account update to fields consistently
{
let accountUpdate = createAccountUpdate();
Expand Down Expand Up @@ -122,3 +131,54 @@ function createAccountUpdate() {
'Check signature: Invalid signature on fee payer for key'
);
}

// correctly identifies parentsOwnToken and not inheritFromParent
{
let accountUpdate = createAccountUpdateWithMayUseToken({
parentsOwnToken: Bool(true),
inheritFromParent: Bool(false),
});
expect(
AccountUpdate.MayUseToken.isParentsOwnToken(accountUpdate).toBoolean()
).toEqual(true);
expect(
AccountUpdate.MayUseToken.isInheritFromParent(accountUpdate).toBoolean()
).toEqual(false);
}

// correctly identifies inheritFromParent and not parentsOwnToken
{
let accountUpdate = createAccountUpdateWithMayUseToken({
parentsOwnToken: Bool(false),
inheritFromParent: Bool(true),
});
expect(
AccountUpdate.MayUseToken.isParentsOwnToken(accountUpdate).toBoolean()
).toEqual(false);
expect(
AccountUpdate.MayUseToken.isInheritFromParent(accountUpdate).toBoolean()
).toEqual(true);
}

// throws an error when both flags are true in check method
{
expect(() => {
AccountUpdate.MayUseToken.check({
parentsOwnToken: Bool(true),
inheritFromParent: Bool(true),
});
}).toThrowError(
'MayUseToken: parentsOwnToken and inheritFromParent cannot both be true'
);
}

// correctly identifies when neither flag is set
{
let accountUpdate = createAccountUpdateWithMayUseToken({
parentsOwnToken: Bool(false),
inheritFromParent: Bool(false),
});
expect(AccountUpdate.MayUseToken.isNo(accountUpdate).toBoolean()).toEqual(
true
);
}
Loading