Skip to content

v0.34.0
Compare
Choose a tag to compare
@xgreenx xgreenx released this 13 Jun 09:31
· 221 commits to master since this release
v0.34.0
ae96189
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release v0.34.0

This release contains fixes for critical issues that we found before the audit. Mainly, these changes pertain to the Sparse Merkle Tree (SMT) and related code. The SMT API was extended to provide more flexibility and to allow users to select the most appropriate method their performance needs. Where possible, sequential SMT updates were replaced with constructors that take in a complete data set.

Added

  • #476: The fuel_vm::Call supports From<[u8; Self::LEN]> and Into<[u8; Self::LEN]>.

  • #484: The sparse::in_memory::MerkleTree got new methods from_set, root_from_set, and nodes_from_set methods. These methods allow a more optimal way to build and calculate the SMT when you know all leaves. The Contract::initial_state_root is much faster now (by ~15 times).

Removed

  • #478: The CheckedMemRange is replaced by the MemoryRange.

Changed

  • #477: The PanicReason::UnknownPanicReason is 0x00. The PanicReason now implements From<u8> instead of TryFrom<u8> and can't return an error anymore.

  • #478: The memcopy method is updated and returns MemoryWriteOverlap instead of MemoryOverflow.

Fixed

  • #482: This PR address a security issue where updates to a Sparse Merkle Tree could deliberately overwrite existing leaves by setting the leaf key to the hash of an existing leaf or node. This is done by removing the insertion of the leaf using the leaf key.

  • #484: Fixed bug with not-working CreateMetadata.

Breaking

  • #473: CFS and CFSI were not validating
    that the new $sp value isn't below $ssp, allowing write access to non-owned
    memory. This is now fixed, and attempting to set an incorrect $sp value panics.

  • #485: This PR addresses a security
    issue where the user may manipulate the structure of the Sparse Merkle Tree.
    SMT expects hashed storage key wrapped into a MerkleTreeKey structure.
    The change is breaking because it changes the state_root generated by the SMT
    and may change the ContractId if the Create transaction has non-empty StoargeSlots.

All changes:

  • Disallow setting $sp < $ssp using CFS and CFSI instructions by @Dentosal in #473
  • MemoryRange rework by @Dentosal in #478
  • Return the previous behavior of the data length GTF by @xgreenx in #481
  • chore: optimize smt common prefix count by @bvrooman in #475
  • refactor: SMT path iter uses leaf key by @bvrooman in #482
  • Added a test to show a problem with leaf overriding by @xgreenx in #469
  • Minor readibility improvements by @Dentosal in #476
  • feat: SMT update set by @bvrooman in #467
  • Added more detailed descriptions to README files by @xgreenx in #487
  • Use a new sparse::MerkleTree::from_set function to calculate state root by @xgreenx in #484
  • Changed the API of the SparseMerkleTree to accept MerkleStorageKey by @xgreenx in #485
  • PanicReason rework by @Dentosal in #477
  • Use nightly rustfmt with .rustfmt.toml from fuel-core by @xgreenx in #489
  • Bump version to 0.34.0 and finilized the CHANGELOG.md by @xgreenx in #488
  • dev-deps on local crate must use path by @Voxelot in #490

Full Changelog: v0.33.0...v0.34.0

Contributors

Voxelot, Dentosal, and 2 other contributors
Assets 2
Loading