From 27a067ea0f6e7402649ba584b2cdcdc469ba8928 Mon Sep 17 00:00:00 2001 From: moana Date: Sun, 22 Dec 2024 16:32:13 +0100 Subject: [PATCH] vm: Move contract bytecode hash verification from `dusk-core` --- vm/Cargo.toml | 1 + vm/src/execute.rs | 13 +++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/vm/Cargo.toml b/vm/Cargo.toml index b5fb1ab8f..cab154ef5 100644 --- a/vm/Cargo.toml +++ b/vm/Cargo.toml @@ -14,6 +14,7 @@ dusk-bytes = { workspace = true } piecrust = { workspace = true } lru = { workspace = true } blake2b_simd = { workspace = true } +blake3 = { workspace = true } dusk-poseidon = { workspace = true } rkyv = { workspace = true, features = ["size_32"] } diff --git a/vm/src/execute.rs b/vm/src/execute.rs index c47f60cf6..6d6900e06 100644 --- a/vm/src/execute.rs +++ b/vm/src/execute.rs @@ -6,7 +6,9 @@ use blake2b_simd::Params; use dusk_core::abi::{ContractError, ContractId, CONTRACT_ID_BYTES}; -use dusk_core::transfer::{Transaction, TRANSFER_CONTRACT}; +use dusk_core::transfer::{ + data::ContractBytecode, Transaction, TRANSFER_CONTRACT, +}; use piecrust::{CallReceipt, Error, Session}; /// Executes a transaction, returning the receipt of the call and the gas spent. @@ -138,7 +140,7 @@ fn contract_deploy( let min_gas_limit = receipt.gas_spent + deploy_charge; if gas_left < min_gas_limit { receipt.data = Err(ContractError::OutOfGas); - } else if !deploy.bytecode.verify_hash() { + } else if !verify_bytecode_hash(&deploy.bytecode) { receipt.data = Err(ContractError::Panic( "failed bytecode hash check".into(), )) @@ -167,6 +169,13 @@ fn contract_deploy( } } +// Verifies that the stored contract bytecode hash is correct. +fn verify_bytecode_hash(bytecode: &ContractBytecode) -> bool { + let computed: [u8; 32] = blake3::hash(bytecode.bytes.as_slice()).into(); + + bytecode.hash == computed +} + /// Generate a [`ContractId`] address from: /// - slice of bytes, /// - nonce